Security, compliance, and IT operations leaders need a powerful and effective way to accurately identify security misconfigurations and indicators of compromise. Tripwire® Enterprise is the leading compliance monitoring solution, using file integrity monitoring (FIM) and security configuration management (SCM). Backed by decades of experience, it's capable of advanced use cases unmatched by other solutions.
This fully integrated suite of solutions for policy compliance, system integrity, and remediation management reaches far beyond simple compliance. It enables teams rapidly achieve an increased level of security across the entire enterprise, including on-premises, cloud, and industrial assets.
How It Works: Powerful, Integrated Controls
Tripwire Enterprise delivers four core capabilities in a single interface that work in concert as an enterprise-class security and compliance solution:
System Integrity Management scans across large heterogeneous environments to detect threats and provides an instant view into configuration vulnerabilities—boosting ecosystem security by reducing configuration drift and unauthorized change. Tripwire File Integrity Manager is the world’s first and best FIM solution and it can be used stand-alone for granular endpoint intelligence. When used with Tripwire Policy Manager, it delivers change-triggered configuration assessment and other system-configurable responses. This turns a “passive” configuration assessment into a dynamic, continuous, and real-time defensive solution, delivering superior security awareness and accelerating your effective response.
Policy Management establishes and maintains continuous agent and agentless configuration assessment for 4,000+ combinations of platforms, security and compliance policies, standards, regulations, and vendor guidelines. Tripwire Policy Manager offers complete policy customization, waiver and exception management, automated remediation options, and prioritized policy scoring. It does all this while providing auditors easily accessible evidence of compliance, making policy status highly visible and actionable for compliance teams.
Advanced Use Cases are available thanks to the highly customizable monitoring options, real-time change detection for your most critical assets, enterprise-wide detection of emerging vulnerable files (Log4J, Spring4Shell, Text4Shell, etc.), and continual review of networking devices to meet strict hardening standards. Tripwire Enterprise is unmatched in advanced monitoring use cases, fortifying your security ecosystem.
Remediation Management works alongside Tripwire Policy Manager to supply built-in guidance to IT security and compliance teams to repair drifted, misaligned security configurations while retaining role-based management, approvals, and signoffs for repairs. This helps operations teams quickly understand what failed and how to return systems into a production-ready state— and keep them there.
- Investigation and Root Cause Drill-down gives IT security and operations teams the ability to quickly and efficiently determine what happened. Systems inevitably change as enterprises constantly revise and change their people, processes, and technologies. Tripwire Enterprise delivers granular drill-down and side-by-side historic baselines and comparisons to quickly provide investigative teams what they need to know: what changed, when, by whom and how often, along with “how” information providing an unparalleled visibility into the forensic details of changes to the environment.
Industry-leading Security and Compliance Capabilities
Tripwire Enterprise excels with your compliance requirements by delivering industry-leading compliance and audit proof. It also provides powerful security beyond compliance with deep ecosystem visibility and support for more advanced use cases—it delivers an unparalleled view of the finite details of your environment such as locating vulnerable files on servers or identifying misconfigurations of security tools. Additionally, it has capabilities to protect industrial devices, and, using the MITRE ATT&CK framework, discover evidence of adversarial behavior in your environment. Using the built-in reporting you can summarize this information at each level of detail needed for a SOC Analyst, a CISO, or even an auditor.
Reporting and Integration
Between the included audit-ready reporting, integrations to leading platforms such as ServiceNow and Splunk, and advanced security use cases, Tripwire Enterprise enables you to connect security details with business context: Always know your current security posture (and how it’s trending) to achieve corporate objectives for risk reduction. Get visibility into the security and risk trends across your enterprise—from the entire organization down to business units or single departments.
MITRE ATT&CK Framework
Developed by the MITRE corporation, the ATT&CK framework is a cybersecurity model illustrating how adversaries behave and details the tactics you should use to improve security. Using ATT&CK policy content for Tripwire Enterprise, you can detect and report on adversarial behavior in your environment—adding a new layer of defense to your security strategy. And this is only one of over 50 frameworks available in our comprehensive content library.
Key Features and Benefits
Support for hybrid environments
- Monitors both on-premises and cloud environments for security and compliance
- Reduces costs and gives better visibility via a single solution for both environments
Updated data collection and communication
- Enables best-in-class security, integrity monitoring, and configuration and compliance management with Tripwire Axon®, a pluggable, extensible endpoint data collection and communication platform
Auto onboarding/offboarding for cloud assets
- Classifies and scans assets as soon as they are connected in dynamic environments
- Delivers immediate baseline state to monitor changes through the life of an asset—even when short-lived
- Automatic offboarding that lets you define how long ephemeral assets data should be retained
Single point of control for all IT configurations
- Supports centralized control of configurations across the entire physical and virtual IT infrastructure, including servers and devices, applications, and multiple platforms and operating systems
Advanced integration through REST APIs
- Enables programmatic automation of Tripwire Enterprise, extraction of collected information, and custom integrations with other solutions
- Allows automation of routine tasks through administration APIs, to integrate Tripwire Enterprise workflows with other business processes and tools
Robust Asset View feature
- Supports classification of assets with business-relevant tags, such as risk, priority, geographic location, regulatory policies, and more
- Offers provisioning with an asset tag file, increased scale for large numbers of assets, and imported asset tagging from integrations with other Tripwire products
Workflow tools for managing failed configurations
- Provides the Remediation Manager module for role-based workflows that let users approve, deny, defer, or execute manual and automated remediation of insecure and non-compliant configurations
Integration with change management systems
- Integrates with leading change management system (CMS) solutions such as ServiceNow, Remedy, Cherwell, JIRA, and more
- Automatically reconciles detected changes against change tickets and change requests
Support for maintaining a secure, compliant state
- Automates compliance with industry regulations and standards such as PCI DSS, SOX, FISMA, DISA, NERC, and many others
- Combines security configuration assessment with real-time FIM to detect, analyze, and report on changes as they happen to keep configurations continually compliant and fix issues before they result in a major data breach, audit finding, or long-term outage
Faster, easier audit preparation
- Dramatically reduces the time and effort for audit preparation by providing continuous, comprehensive IT infrastructure baselines, along with real-time change detection and built-in intelligence to determine the impact of change
- Includes reports designed with auditors in mind to ensure you can confidently supply justifications
Active Directory and SAML Integrations
- Integration between Tripwire Enterprise and Active Directory or your preferred IDP reduces administrative overhead and minimizes human error with auto-created users, groups, and roles for secure and efficient access management
Broad Support of the IT Stack
Keep watch over mission-critical servers or the entire IT infrastructure, including cloud and virtualized environments, applications, and industrial devices. Tripwire Enterprise provides the capability to assess, validate, and enforce policies while detecting all changes—no matter their source. It supports out of the box agent and agentless monitoring for:
- Physical, Virtual, Cloud and Hybrid Environments: Works in both physical and virtualized environments including private, public, and hybrid clouds. The Tripwire Enterprise console can operate as a virtual machine and its agents can monitor any supported virtualized or physical endpoint.
- Network Devices: Assesses configuration settings of the broadest range of network devices in the industry, including any device running a POSIX-compliant operating system. With custom connection parameters nearly any device can be monitored.
- Applications: Compliance policy management and integrity monitoring capabilities ensure supported applications are configured properly for security, compliance, functionality, and availability.
- Directory Services: Includes independent compliance policy management for LDAP-compliant directory server objects and attributes such as LDAP schema, password settings, user permissions, network resources, group updates, and security policies.
- Databases: Keeps Oracle, Microsoft, and IBM database servers and instances in a secure, continually high-performing state.
- File Systems and Desktops: Assesses configurations of physical and virtual server and desktop file systems, including security settings, configuration parameters, and permissions with forensic-level insight.
- VMware: Provides visibility across the VMware virtual infrastructure, enabling continuous configuration control of virtual environments.
- Customizable and Comprehensive Device Support: Tripwire maintains a content library with over 4,000 out-of-the-box configurations. The customizable monitoring capabilities of the zero-configuration Tripwire Axon agent empowers Tripwire Enterprise to work with most devices supporting common protocols, or even APIs. This gives you the flexibility to monitor assets that are critical to your operation—even when those assets are developed in-house or custom solutions not widely available in the market