Here at The State of Security, we cover everything from breaking stories about new cyberthreats to step-by-step guides on passing your next compliance audit. But today, we’d like to offer a straight-forward roundup of the Tripwire product suite.
Get to know the basics of Tripwire’s core solutions for FIM, SCM, VM and more. Without further ado…
SCM and FIM: Tripwire Enterprise
Tripwire’s flagship product is the industry standard for integrity monitoring and security configuration management. It’s essentially a security configuration management (SCM) suite that provides fully-integrated solutions for policy, file integrity monitoring (FIM) and remediation management.
The suite lets IT security, compliance and IT operations teams rapidly achieve a foundational level of security throughout their IT infrastructure by reducing the attack surface, increasing system integrity and delivering continuous compliance.
Tripwire Whitelist Profiler
You can augment Tripwire Enterprise with a number of add-ons like Tripwire Whitelist Profiler, which helps bridge the IT/OT gap by giving operational specialists better visibility into environments like industrial control systems (ICS). ICS operators regularly find themselves needing to manage device-specific policies—a task made difficult when they only have default reporting tools at their disposal.
Tripwire Whitelist Profiler enables you to report on both authorized and unauthorized settings based on your whitelist: your set of permitted ICS settings. It also lets you verify that only approved users exist on your systems at any given time.
Tripwire Malware Detection
Tripwire Malware Detection is another extension of Tripwire Enterprise that identifies malware as soon as it is introduced into your system. Should any unwarranted changes appear on the critical servers monitored with Tripwire Enterprise, Tripwire Malware Detection can immediately inspect the changed or new file to identify malicious behavior.
Tripwire Malware Detection spins up suspicious files into a protected sandbox environment for inspection. A comprehensive PDF report is then provided within the Tripwire Enterprise console.
Security professionals at all levels require a foundational level of security and must have proven ways to demonstrate how it protects the organization’s assets, services and business initiatives. Tripwire Connect, the visualization and reporting platform purpose-built for Tripwire Enterprise, makes this possible.
Incremental data transmissions of all Tripwire Enterprise data sources enables near-real time reporting. Transferring only the “delta” change data reduces network bandwidth and speeds analysis. Consolidate information across all Tripwire Enterprise consoles in the organization.
Vulnerability Management: Tripwire IP360
Tripwire IP360, Tripwire’s vulnerability management (VM) solution, helps you discover assets, identify vulnerabilities and prioritize risks. This enterprise-class vulnerability management solution enables cost-effective reduction of cyberthreat risk by focusing your remediation efforts on the highest risks and most critical assets.
The latest release introduces agent-based vulnerability management (ABVM). Agents enhance Tripwire
IP360’s core functionality by bypassing the need for access credentials and by reducing overall network traffic. ABVM includes dynamic IP endpoints and occasionally-connected devices, providing more accurate vulnerability assessment of your assets. ABVM can also be used to strengthen your cloud assets’ security by building agents directly into cloud images.
Event Logging: Tripwire® Log Center
Tripwire Log Center collects, analyzes and correlates log data from devices, servers and applications. It offers customizable dashboards with an easy drag-and-drop interface. Its correlation engine automatically identifies and responds to events of interest using a logical flow of one or more conditions. Actions can include creating a work ticket, sending a notification email or running a command. Tripwire Log Center can also integrate with Tripwire Enterprise and Tripwire IP360 to detect and respond to anomalies and suspicious activities.
A new capability of Tripwire Log Center 7.3, Passive Asset Discovery, allows customers to discover previously unidentified assets through analysis of their log data. After discovery, the assets can then be added to your environments for further monitoring by Tripwire Log Center.
DevOps SaaS: Tripwire for DevOps
Security is often seen as an inhibitor to agility in DevOps because it generally isn’t fully integrated into the DevOps process. But a true shift to the left is only possible when security is baked into each and every step of the process. After all, it takes much less time to fix a security problem as soon as it arises rather than backtracking after you find out about it later on.
Tripwire for DevOps is a comprehensive security SaaS solution that runs both static and dynamic analysis on container images for vulnerabilities in a sandbox. It equips DevOps teams with a complete security assessment of new application builds as they move through the continuous integration and continuous delivery (CI/CD) toolchain from development to production, providing a quality gate teams can use to fail builds of applications that don’t meet security compliance and configuration standards.
Managed Services: Tripwire ExpertOps
Tripwire ExpertOps extends your staff with a dedicated engineer who’s always in sync with your team. You’ll see rapid time to value with consolidated services that quickly align your systems with multiple compliance standards—all hosted on single-tenancy cloud infrastructure. Tripwire ExpertOps provides a cloud-based managed services version of the industry’s best FIM and SCM.
A single subscription in one of three available tiers provides ongoing, personalized consulting from trained experts and hands-on tool management to help you achieve and maintain compliance and critical asset security. It provides stretched IT teams an alternative to the difficult process of purchasing, deploying and maintaining products.
ICS Cybersecurity: Tripwire Industrial Visibility
Tripwire Industrial Visibility provides ICS operators with total clarity into the devices and activity on their network. It uses deep packet inspection, change management, event logging and threat detection to help you keep your most sensitive assets out of intruders’ reach. This solution protects against unwanted change in your OT environment, using passive scanning and detection to keep you operating at peak availability and uptime.
The Tripwire Industrial Visibility solution solves operational challenges with continuous threat monitoring and advanced logging intelligence that gives you deep, granular ICS visibility. Tripwire Industrial Visibility gathers threat data that could threaten the safety and availability of your OT environment by analyzing network traffic and conducting deep packet inspection. It’s fluent in over 40 of the native industrial protocols commonly found in ICS, making sense of the floods of data produced by your entire range of IIoT-connected industrial devices.