When security teams gradually optimize their security workflows and move from manual to automated processes, the topic of IT service management (ITSM) integration with security tools such as Tripwire® Enterprise is a natural next step.
Your teams must be in sync about how information is entered into and managed by your systems in order to operate successfully, and it’s critical to have processes in place that validate that your integrations with ticketing and event management services like ServiceNow or Remedy are running as expected.
Why Do Security Teams Opt for ITSM Integration?
But before we dive into the details of how ITSM integrations work within Tripwire Enterprise, let’s go over the reasons why they’re so important in the first place. Note that this integration requires set-up by Tripwire Professional Services and is not out-of-the-box. However, many Tripwire Enterprise users find that the investment in this integration yields continuous returns in terms of saved time and resources.
Key benefits of ITSM integration:
- Makes it easier to prove to auditors that all changes are approved and reconciled
- Boosts efficiency by eliminating time consuming manual effort
- Simplifies the separation of bad changes from good to enable better decisions
- Improves change management by enforcing a tracked and monitored process
Tools like BMC Remedy, ServiceNow and HP ServiceDesk automate ITSM. This boosts auditability and efficiency for large, modern organizations, which can accumulate thousands of assets that require secure management. They’re generally also beholden to a compliance initiative like SOX or PCI—the latter explicitly requires change detection. ITSM tools didn’t exist to automate the process in the early days of these types of compliance requirements, so you had to manually reconcile changes across all those servers, a very time-consuming process.
How the Integration Works
When you open a new ticket in your ITSM tool to make changes to a particular application on a particular date, for example, an electronic approval process expedites the ability for the documented change to be made. Tripwire® Enterprise then detects the change and queries the ITSM tool to search for a matching ticket. If a match is found, the ticket information is used to promote the approved change to your security baseline. If the query does not return a match, Tripwire Enterprise will open a new incident ticket within the ITSM tool with a detailed change report attached.
Once these integrations are automated, you can verify their success by reviewing your Tripwire Enterprise Change Process Compliance Reports. In cases where the changes match a ticket in the ITSM tool, Tripwire Enterprise can extract information such as the ticket number and include it in a report. This provides the internal team as well as external auditors easily cross-referenced data. This integration can work in both directions. Reports with unauthorized changes that include the “whodunnit” information can be attached to new tickets generated by Tripwire Enterprise in the ITSM ticketing system.