With pressure on IT departments to remain lean and efficient, comply to policies and regulations, and also provide reliable 24/7 service, it is imperative that companies large and small adopt solutions and processes to ensure a known and trusted state at all times. With the reliance on technology to conduct business, interact with customers, and meet auditing requirements, “store doors” need to remain open at all times. That’s why thousands of organizations worldwide have turned to Tripwire’s IT security and compliance automation solutions to detect and identify the changes that can jeopardize compliance, security and operations.
File Integrity Monitoring
Do You Know What Changed, Who Changed It, and When?
File integrity monitoring (FIM) is a method for tracking every change made across the data center. Some IT managers may wonder why it is important to know about every change, especially given that most systems experience hundreds, thousands, or even tens of thousands of changes every week. To auditors, tracking every change is crucial, as uncontrolled change means risk. A handful of risky changes that can cause system failure, and just one ill-advised change can lead to compliance degradation, security vulnerabilities and service availability issues.
With FIM, there is complete visibility to all change, a record of who made changes, and an audit trail that gives you the data to quickly troubleshoot problems—suspect changes can be quickly identified and resolved. Being able to quickly pinpoint problem changes and streamline the troubleshooting process is one of the most effective uses of change auditing. But as Tripwire’s customers have discovered, the benefits an IT organization receives from their security and compliance automation solutions are much more far reaching.
Tripwire: The Pioneer in File Integrity Monitoring
Tripwire provides software solutions to help you achieve and maintain the integrity of all your IT configurations. File integrity monitoring makes change visible by detecting all changes across the breadth and depth of the data center, including virtual environments. It scans systems to create a baseline report, then compares subsequent scan results to that baseline and reports changes, resulting in a verifiable audit trail and version history of each system’s state.
Tripwire Enterprise accommodates a broad range of user defined policy criteria to enable its automated filtering of changes. Authorized changes can be defined in a variety of ways: those made within specified time windows, made by authorized users, correlated to change tickets and/or matching pretested changes, etc. Tripwire Enterprise also takes into account that not all changes are equal. It can enforce specific criteria based on the type of change (e.g. “Business As Usual” vs. Emergency) and type of system (e.g. a SOX server vs. email server).
Those customers wishing to complement their change and configuration automation tools with Tripwire Enterprise do so by using Tripwire’s integrations with popular enterprise change ticketing systems, such as BMC Remedy and HP OpenView. A flexible API is also available to facilitate integration with home grown solutions. Tripwire’s standard integration methods, including Tripwire Reconcile Express, make it easy to align security and compliance automation with your existing processes.
The Role of Change Audit in Compliance, Security, and IT Operations
High performing IT organizations know that to help avert data center problems, they must have complete visibility of change. This visibility helps them maintain a known and trusted state for compliance, security and IT operations.
Compliance can no longer be considered a once a year event, but rather an ongoing, continuous process. With Tripwire’s FIM capabilities, the audit process is automated and streamlined, expedited through detailed change history and reporting. Because all change is tracked and an audit trail created, auditors can quickly be given proof of how changes are managed. When combined with Tripwire Enterprise’s compliance policy management capabilities, each change is proactively tested to ensure it is within internal and/or external policy. Tripwire makes this powerful information actionable by alerting you when a change does not meet policy and can go as far as to create a new incident request within your existing change management system so it can be investigated further. Whether you are facing PCI, SOX, FISMA, NERC, Basel II, JSOX, GLBA or internal audits, Tripwire’s market leading solution can make the process easier, more accurate and cost effective.
Security professionals widely recognize that IT configuration integrity is fundamental to a sound security strategy. FIM is core to a security plan since intrusions may occur for an indefinite amount of time without change auditing actively monitoring the enterprise. Tripwire Enterprise not only tracks every change made across the IT infrastructure, in both physical and virtual environments, it lets you know what changed and who made the change. This information is provided through Tripwire reports and dashboards, which can be customized to your needs (such as severity of risk). Knowing who made the changes can also be used to review access privileges.
80% of unplanned downtime is caused by unauthorized change and 80% of the time taken to restore services is spent discovering what changed in the first place. Therefore, system availability is dependent upon how well an organization manages change. Tripwire Enterprise tracks every change across the data center—and identifies who made each change. This enables organizations to enforce a zero tolerance for unauthorized change, thereby quickly eliminating the number one source of downtime. If a system outage does occur, FIM can help the organization immediately pinpoint the problem and inform rapid remediation.
Change is necessary not only to keep up with day to day operational evolution, but also to enable IT to transform the organization. As the business continues to demand change, it’s in its own best interest to get control of the changes that pose potential risk. Tripwire’s file integrity monitoring empowers IT professionals with the capability to improve and enforce change and configuration management policies and procedures to ensure compliance with internal governance, external regulatory requirements, and industry best practices. By adopting Tripwire IT security and compliance automation solutions, organizations achieve a known and trusted state by automating compliance, mitigating security risk and improving operational efficiency.