Just because a change is proposed and scheduled does not mean that it was actually made or made correctly. Many changes are intended to make improvements, or to correct problems, so being able to confirm they have successfully been made is critical. Otherwise the improvements are not realized or the problems remain when you think they have been resolved—both scenarios are ingredients for trouble.
Tripwire’s FIM not only knows when things change, it can compare what actually changed to what was expected to change. No other FIM can do this at the level Tripwire can. Tripwire FIM provides independent confirmation of change processes and policies.
There are some changes that just shouldn’t be made because they pose increased risk to the environment. Critical configuration files are one example. Each of these files contains one or more configuration settings values that must be in predefined states or ranges to meet and maintain security
policy. If any of these files is changed the settings values must immediately reevaluated to determine if they are still within policy. Application executable (.exe) files of a mission critical application are another example of files that should possibly generate an alert if they change for any reason. Tripwire FIM not only knows what has changed, but it also knows if certain files are supposed to change or if the actual change was within policy. Without the ability to analyze change you have little more than “noise”.
Maintaining a Desired State
True FIM—Tripwire FIM—allows you to know what state you are in and then maintain that state. This is only possible because of our version-based architecture and our ChangeIQ capabilities which allow us to filter low-risk change (expected) from high-risk change (unexpected). No other FIM has either of these capabilities. Maintaining a desired state is at the core of best practice security. And if you constantly apply best practices you get compliance for free—it is simply a byproduct of daily operations.
Tripwire FIM improves security and proves compliance. All other FIM creates volumes of noise!