Congratulations! You are the new Tripwire Enterprise administrator…now what? Fundamentally, the goals of Tripwire Enterprise don’t require a rocket scientist to understand: File Integrity Monitoring and Security Configuration Management are fairly straight forward.
What is more difficult is understanding the data that Tripwire Enterprise provides in the larger business context. What does that change mean to my company? I am 75 percent compliant with PCI…what does that mean?
As one of Tripwire’s Systems Engineer I roam the countryside meeting with prospective and existing customers trying to understand their technical and business needs to ensure that our products can solve their problems.
Even when their problems appear simple (I need to be compliant with regulation X), a whole raft of questions arise (what happens when you aren’t compliant?)
Assuming that Tripwire Enterprise is the solution to your problems here are some of the things that must be considered and will be subsequently talked about in later posts:
- Who will own the application? It doesn’t really matter who but someone MUST. I have seen organizations where security is the owner and others where operations owns Tripwire Enterprise but one of these groups, or perhaps Change Management, needs to take responsibility.
- How will the data be distributed? I walked into an existing customer last year and they were crying because of all the time their operations folks were spending Googling every little DLL and EXE that Tripwire Enterprise told them had changed. Ack… Needless to say a rather lengthy discussion on how to bake Tripwire Enterprise reports into their change process and management oversight entailed. (For additional details on the need for process see my post here.)
- What is the role of the Tripwire Enterprise administrator in this process and how can they ensure that the goals of security and the business remain aligned?
- What features of Tripwire Enterprise can help the administrator provide the business with the best and most up to date data while avoiding noise and false positives?
- Where can automation and integration help the Tripwire Enterprise administrator deal with large volumes of change?
- When a benchmark or policy shifts from pass to fail, how will the organization handle it?
Each of these questions when answered will move your organization up the maturity ladder not only when it comes to the use of Tripwire Enterprise but also in terms of change management, release management and the ability to connect security to the business.
Security Ninjas have a lot on their plate trying to keep the pirates and zombies at bay. Keep an eye here for tips and tricks to enhance your ninja skills and make your deployment of Tripwire Enterprise hum…
- Control and Capabilities Drive Enterprise Security Confidence
- Security Configuration Management for Dummies
- SecureCheq Uncovers Critical Configuration Vulnerabilities
- The Challenges of Security Configuration Management
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock