I talk to a lot of Tripwire Enterprise users. In fact, I talk to a lot of users of other IT security products too: SIEM users, IDS users, Firewall users, access management users. When I ask about the security rules and content they use in our products or others they often wince.
“I’ve got a few rules I made, but I have a lot of gaps….”
“I’ve got my starter kit for policies, but I haven’t rolled them out yet…”
“I’m trying to reserve some time to spend on rule creation…”
I don’t blame these folks a bit. I know that more than half their day is spent putting out fires. The other half is filled with their day jobs, which include little things like breach analysis, getting new agents deployed, getting reports created and the overall security of their enterprises.
If anything it’s our fault — “we” being us well-meaning but product-focused IT security solution providers in general. After all, we don’t make too many plug-and-play systems with off-the-shelf security content for our super-slick products.
Tripwire Enterprise users trust us to mange their security configurations and continuously monitor their critical files, but like all security vendors we need to sometimes give them more expertise than we give them features. So this really excites me:
Today Tripwire announced the first in what I hope will be a long series of content releases: the Cybercrime Control Library. This ready-made content kit provides Tripwire Enterprise users with:
- A set of pre-made breach detection rules for Windows 2003 and 2008 servers that detects malware running in memory by monitoring suspicious or unexpected port activity, combined with…
- A hand-picked set of Center for Internet Security (CIS) policy rules assesses the same platforms for the strength of key configuration items like firewall settings, services, and listening ports
If a Tripwire user is busy putting out fires and managing their other security controls and has NO time to assess and create rules for Tripwire Enterprise, this content package provides a great, readily-deployed base level of security and confidence. (What kind of confidence? The kind that comes from watching our Cybercrime Controls alert on a Meterpreter exploit like I saw in a demo last week. That was cool.)
To get this same confidence all Tripwire users need to do is visit the Tripwire Customer Center, click on the “Product Downloads” tab, and then select “Solutions” from the list on the left.
For many it will be the first step in overthrowing the tyrant we call “Urgent”.
Vive la revolution.