Tripwire Enterprise and ServiceNow

Companies need to expand their visibility into their organization’s security and compliance status. Unfortunately they are often stuck with multiple tools and system that makes things too complex. The integration between Tripwire Enterprise and ServiceNow creates a workflow for the smooth exchange of system change and security configuration state information with a wide variety of compliance, operations and reporting/analytics solutions. This combination enables organizations to validate authorized change and immediately determine the efficacy of the change management process.

Solution

The integration between Tripwire Enterprise and ServiceNow benefits the customers in two main areas: Systems & Service Management and Policy Management.

Systems & Service Management 

Organizations want to have a “single source of truth” in their configuration management database (CMDB) for the inventory of the systems in the infrastructure, the applications present on those systems, and the systems and applications owners and other associated metadata. While CMDBs may launch with accurate information, over time the information drifts or becomes stale, and system administrators often can’t definitively state what systems they have, who owns them, what’s on them, and even what data center they’re in.

With an inaccurate CMDB, a system administrator would be hard-pressed to quickly list the applications installed on a system or the systems on which a particular application is installed. Tripwire Enterprise automatically harvests a list of every application installed on a system along with detailed system configuration information. By feeding that data into a CMDB, you can quickly produce an applications list for a system and ensure that your CMDB contains the most current information about the systems in your environment.

CMDBs typically organize and categorize assets using a structure that reflects how the business operates. The integration also lets you feed this type of CMDB information into Tripwire Enterprise and use it in the solution to automatically assign asset tags, node (asset) groupings and naming schemes. As a result, Tripwire Enterprise’s home pages, reports and alerts consistently and accurately represent your assets from your business perspective. Plus, when you bring new systems online, retire older systems or update applications in the CMDB, Tripwire Enterprise reflects those changes. This helps identify situations that warrant investigation—for example, when Tripwire Enterprise detects that a retired system that should be offline is actually still recording changes.

The Change Management system in ServiceNow helps verify that changes made to a system were authorized and performed properly. The integration enables Tripwire to query the Change Management system to verify that the changes that were detected were properly planned for and authorized—that is, the right changes were made to the right system, at the right time, and by the right person.

Additionally, unexpected changes found by Tripwire Enterprise generate incident tickets in the Change Management system to notify the proper channels of a change management process violation or a possible security event. For example, Tripwire Enterprise detects a system change that has no ticket in the Change Management system or finds that more changes were made than authorized on the ticket.

Image
Fig 1. Tripwire Enterprise and ServiceNow change management workflow
Fig.1 Tripwire Enterprise and ServiceNow change management workflow

 

 

 

 

 

 

 

 

Policy Management 

For Compliance

Tripwire Enterprise’s integration with governance, risk and compliance (GRC) tools lets you extract high-level information from Tripwire Enterprise and feed it into GRC solutions like those found in ServiceNow applications. That lets you keep track of important trends in security and compliance, such as whether the organization is experiencing an increase in unauthorized changes, is failing more compliance tests, or has worse or better compliance scores in some regions compared to others.

For System Hardening 

Tripwire Enterprise has a library of over 600 combinations of compliance policies and platforms supported for regulations and standards. Plus, its detailed step-by-step remediation instructions are accessible from ServiceNow, providing your system administrators the directions to manually or automatically operationalize security and harden systems against industry standard best practices and your own organization’s guidelines.

For Operational Excellence

With policy tests for Microsoft Exchange, Oracle Database and Microsoft IIS, as well as easily customizable policy content, Tripwire Enterprise’s detailed policy content in ServiceNow will also ensure systems are maintained for optimum performance and reliability.

Image
Fig 2 Tripwire Enterprise and ServiceNow policy analysis workflow
Fig. 2 Tripwire Enterprise and ServiceNow policy analysis workflow.