Tripwire announces the release of Configuration Compliance Manager (CCM) Version 5.15 which now audits patch management processes, is Security Content Automation Protocol (SCAP) version 1.2 compliant and validation ready, and adds a variety of new configuration auditing policies that dramatically extends network visibility.
Auditing the configurations and patch status of IT systems and monitoring changes in those configurations is a critical step in reducing security risk and achieving compliance.
Tripwire Configuration Compliance Manager automates agentless configuration auditing, change monitoring and configuration compliance, providing a clear picture of system configurations and the impact of configuration changes on compliance with internal policies and a wide variety of external regulations.
“Tripwire is the only security configuration management company that can offer both agent-based and agentless capabilities,” said Dwayne Melancon, chief technology officer for Tripwire.
“With CCM 5.15, we’re able to offer customers new solutions around auditing the patch deployment process, as well as scan for a much broader range policies and systems to provide rapid results, enable stronger accountability, and increase confidence in the security and stability of your IT infrastructure.”
Patch Process Auditing
Patch deployment tools primarily check to determine if a patch has been installed and often fail to correlate patches that have been superseded.
With CCM’s new patch process auditing users can check to determine if Windows systems the reboot necessary before a patch is actually applied, not just installed, is pending. In addition, CCM is now able to calculate compliance percentages that include superseded patches.
New Configuration Auditing Policies
Tripwire Configuration Compliance Manager includes a rich library of policies based on standards and benchmarks from NIST, CIS, DISA and Microsoft, as well as policies for specific regulations such as PCI, Sarbanes-Oxley, HIPAA, USGCB and NERC.
CCM version 5.15 adds a range of new policies including:
- DISA STIG Red Hat Enterprise Linux 6 V1R1
- CIS Cisco Firewall for ASA version 3
- CIS Solaris 10 Version 5.1.0
- COS Cisco IOS version 3.0.1
- CIS IBM DB2 version 2.1.0
- CIS VMware ESX Server 4 version 1.1.0
- CIS Juniper JUNOS 8/9/10
- CIS Windows 8
- CIS Windows Server 2012
- SOX Windows Server 2008
- CIS Solaris 11
- CIS IBM AIX 5.3-6.1
- CIS MS SQL Server 2008
- SOX Windows Server 2012
- SOX MSSQL 2008R2
- SOX VMWARE 4 v1.1.0
- SOX Windows 8
- SOX Juniper JUNOS
- SOX Solaris 11, AIX 5.3-6.1
Updated policies include:
- CIS RHEL5 Version 2.0.0
- CIS Windows 7 version 1.2.0
- CIS Windows Server 2009 version 1.2.0
- DISA STIG Windows Server 2003
- DISA STIG Windows Server 2008
- DISA STIG RHEL 5
- DISA STIG Solaris
- DISA STIG IIS7
- PCI/FIM policies for AIX, HP-UX, and Solaris
- SOX RHEL6 v1.1.0
- SOX RHEL5 v2.0.0
- SOX Solaris 10 v5.1.0
- SOX VMware ESX Server 3 v1.0.0
- SOX VMware ESX Server 3.5 v.1.2.0
- SOX SUSE
Tripwire Configuration Compliance Manager utilizes a completely agentless architecture, requiring no software installation on monitored endpoints dramatically reduces deployment costs.
Agentless configuration auditing is complementary to agent-base auditing because makes it possible to profile every device on the network, delivering the most comprehensive network coverage available.
Configuration Compliance Manager is now part of the Tripwire portfolio of security solutions following their acquisition of nCircle. CCM version 5.15 is available now.
For more information please visit:
- No Patch, No Problem?
- Control and Capabilities Drive Enterprise Security Confidence
- Security Configuration Management for Dummies
- SecureCheq Uncovers Critical Configuration Vulnerabilities
P.S. Have you met John Powers, supernatural CISO?
Title image courtesy of ShutterStock