For security configuration management (SCM) and baselining, this energy company’s previous solution was too cumbersome to manage. It was not scalable and did not deliver on the automation capabilities that were originally promised. The process was too manual and the solution required a lot of “care and feeding.”
For vulnerability management and asset discovery, there were difficulties with scanning highly sensitive control systems using a cloud-based solution that had negative consequences to the control systems. The existing reporting tool was also difficult to use; there was too much data and not enough prioritization.
Following a challenging NERC CIP audit, this energy company determined that it needed an automated, industry-standard solution to reduce compliance risk and manual efforts. After considering expanding its investment into its legacy tools, the company decided to transition to Tripwire for 1,000+ NERC CIP Assets and 2,000 IP addresses for monthly configuration baseline of the assets for NERC CIP-010 R2 and R2, as well as doing a discovery for unauthorized changes. Tripwire offered a holistic, scalable and easy-to-use solution that was automated and had deep FIM capabilities. Furthermore, Tripwire IP360 provided granular detail in reports, including heat mapping and risk prioritization.