Many people remember where they were during historic events. Whether it is a personal, or a public occurrence, it’s just human nature to remember these significant moments. Every profession also has its share of memorable events. In medicine, those who were in the profession will remember where they were when they heard about the first heart transplant or the discovery of a cure for a particular disease. In cybersecurity, there are similar events that stick in the mind. Unfortunately, due to the nature of our business, more often than not, the events are not happy memories or experiences.
For example, if you were in the profession in 2000, you had to contend with everyone you worked with trying to open that “I Love You” message in their inbox. In 2003, you will remember the morning of the SQL Slammer worm. Back then, the state-of-the-art protection consisted of little more than a firewall and anti-virus that worked by virtue of periodically updated definition files. In the case of the SQL Slammer worm, even the best firewall and anti-virus products were ineffective.
An event in more recent memory is the Apache Log4J vulnerability that rattled the cybersecurity community in December 2021. Since then we have also seen this new trend delivering Spring4Shell and now Text4Shell. With Log4J, many cybersecurity professionals recognized that it was going to be the beginning of a powerful remediation nightmare since so many software packages contained the vulnerability, yet it was not easy for many system administrators to identify those that included the Log4J framework. However, for those who were using Tripwire Enterprise (TE), the experience was quite different.
Benefits of Using Tripwire Enterprise
TE is known for its ability to monitor files, as well as monitoring servers. Whether it’s pulling information for integrity monitoring or pulling configuration information for the SCM/policy side of the system, TE has these tasks under control. However, the product capabilities allow for far more expansive usage. In the Log4J scenario, a file system rule can be created that can easily scan for every instance of the file name pattern. You can then run this scan against all servers in your environment and create a full report showing every server with every instance of the file, making remediation a simple matter, rather than the nightmare being suffered by many other system administrators. We had customers who understood their precise impact within hours of the public announcement.
While not advertised as a core capability, it is clear that TE is incredibly flexible in its capabilities. One has to wonder why this is not an advertised feature. The main reason is that TE is so robust in its marketed offering, that this capability seems almost superfluous. Considering that the alternative for finding the Log4J vulnerability was for every system administrator to seek out a comprehensive software inventory for their organization (and often rely on external vendors to confirm), it is no surprise that remediation took many long days. Too often, no such inventory exists or is too incomplete to be reliable for a situation like this.
One could argue that a vulnerability scanner can do the same job. That’s certainly true, but in some cases, a vulnerability scanning vendor may take a few days to publish a new detection rule, and in many cases, that rule may not be customizable. This is not comforting when a critical zero-day flaw is announced. Tripwire’s advanced monitoring capabilities can mean the difference between the nail-biting experience of awaiting a vulnerability scanner rule update and getting to work to remediate a major threat to the environment.
Conclusion
The visibility offered by TE offers security beyond compliance. Not only can you gather unparalleled visibility to your systems, but you can check configuration parameters/hardening standards to make sure that they meet your organizational needs or, when the need arises, precisely identify your risk exposure on an emerging threat.
If you want to discover any further use cases of Tripwire FIM solution, watch this space or download this handy guide.
