- Ensuring compliance and minimizing
- Automating manual tasks and enhancing breach detection
- Monitoring critical assets in the public cloud
Tripwire understands the security demands faced by federal government agencies. Security decision makers at these agencies aren’t only tasked with securing operations in a complex threat landscape—they also have to prove regulatory compliance at the same time.
Several stakeholders at a wide range of government agencies rely on Tripwire for industry-leading security and compliance:
- Department of Defense (U.S. Army, Air Force, Navy, Marine Corps and Coast Guard)
- Federal system integrators
- Federal departments and independent agencies
- Components of the congressional and judicial branches
In this case study, we’ll explore how three U.S. federal government agencies leverage Tripwire to overcome their challenges in FISMA compliance, breach detection, and security in the cloud.
Use Case #1: Ensuring Compliance & Minimizing Risk
US Federal Agency
Customer Since 2014
Federal agencies must establish and maintain regulatory compliance in order to keep their systems hardened against threats and pass audits. With the most comprehensive library of policy tests for all major standards like DISA STIG, NSA, FISMA and CIS, Tripwire bakes in foundational controls to align with all government security or compliance frameworks.
A Tripwire customer since 2014, this agency needed to fulfill a compliance requirement for File Integrity Monitoring (FIM), or System Integrity Monitoring (SIM), after having recently failed an audit. It had a large footprint of assets associated with virtualization. To make matters more complex, these assets included NetApp, EMC and VMWare as opposed to the more commonly-found Windows and Linux OSes. Lastly, it also struggled with inaccurate reporting due to the use of legacy vulnerability and compliance tools.
The agency implemented Tripwire Enterprise with Tripwire IP360 and Tripwire Log Center for system integrity monitoring and change validation, accurately identifying assets and vulnerabilities, and for creating workflows that supported their information system security officer’s audit review requirements for changes and logs. The agency installed Tripwire’s entire solution suite on multiple classified and unclassified networks as well as its DMZ.
Integrating these Tripwire solutions proved extremely valuable for this federal agency. With the help of Tripwire, it was able to scan the infrastructure in its virtualized environments and monitor for high-risk vulnerabilities, including the agency’s uncommon assets. As a result, it was able to meet their specific compliance objective (FISMA SI-7) and even closed 95 percent of its audit findings.
Use Case #2: Task Automation & Early Breach Detection
Independent U.S. Federal Agency
Customer Since 2015
Solutions: Tripwire LogCenter
Automating security tasks keeps systems continually updates and reduces the risk of human error while making more efficient use of agency time and resources. Tripwire solutions readily interact with other solutions, providing value asset information into a wide range of security and operations tools for enhanced overall performance and reduced total cost of ownership.
This independent U.S. federal agency deployed Splunk Enterprise Security to monitor and defend against malicious activities across its large, global environment. However, an influx of data related to security events began to impact the timely identification and resolution of threats. This also led to an increase in the cost and complexity of managing its SIEM. It needed a solution to prescreen information, remove extraneous alerts and maximize the effectiveness of its current solution while improving the quality and speed of threat detection.
Tripwire LogCenter was deployed to make its existing security measures more efficient and cost-effective, reducing workload and revenue use while enabling real-time intelligence and enhancing early breach detection. With Tripwire LogCenter, this agency is also able to filter out non-verified event-related data and identify anomalies or patterns known to be threats or early indicators of breaches.
With Tripwire, this agency’s security team lowered the volume of data requiring analysis by 80 percent. With more actionable, relevant data, the team was able to set advanced rules and spend more time addressing validated alerts. As a result, it also expects to save millions in overhead costs.
Use Case #3: Monitoring Critical Assets in the Government Cloud
Major U.S. Defense Program
Customer Since 2008
Solutions: Tripwire Enterprise
Federal agencies face a unique set challenges in the cloud because of programs like FedRAMP designed to ensure cloud security. Tripwire’s solution suite scales across all types of federal environments, be they on-premise, virtual, hybrid, or in a private or public cloud.
This major U.S. defense program was preparing to transition to the Amazon Web Services (AWS) Cloud and needed a solution that could alert it of IT and mission changes during and after the tedious process.
Tripwire Enterprise was deployed for file systems, databases, network devices, ESX, desktops and directory services. With the help of Tripwire Enterprise, this major defense program was able to baseline its system state and quickly identify authorized and unauthorized change.
In Tripwire Enterprise, this defense program found a solution that effectively communicates critical details about when system changes occur and by whom to further facilitate detection and remediation. With over 1,000 policy and platform combinations for regulations, standards and security frameworks, this U.S. defense program can remain confident in its compliance even when policies are in flux.
Need Help Finding a Cybersecurity Solution?
Contact one of our product experts to find a solution that meets your security needs and reduces your business risk. Whether you have one or several initiatives to respond to, Tripwire ensures compliance, security, and flexible risk management solutions.