So, you have 2,000 network devices in your environment and everyone is telling you that you have to rotate all 2,000 device passwords every 30, 60 or 90 days (at a minimum). How are you going to manage this? The task seems monumental and time-consuming!
If nothing is done, then your security/compliance posture will worsen due to reusing passwords that are easy to remember across assets. In addition, passwords could become stale and give adversaries more time to crack them. Time to roll up the sleeves and start changing passwords, but wait...
Enter PAM solutions! Privileged Access Management solutions take the headache out of managing all those passwords. They manage who has accessed those accounts and updates those accounts when their passwords need rotating – some solutions even support SSH key storage!
Whew, that takes a load off your mind! Time to make some vendor choices and get the PAM solution of your choosing implemented in your environment.
OK, so you have gotten yourself a PAM solution installed and configured, and things are running along smoothly. But wait, how do you update your other security apps that rely on those privileged accounts, like Tripwire Enterprise or IP360!?
Many applications are not designed to integrate with PAM solutions at this time, even though according to Gartner's 2018 Magic Quadrant report for PAM
, 40% of organizations using formal change management process will have embedded or integrated PAM tools within them by 2020, which will reduce their risk surface – up from 10% in 2018. It’s a good thing you got your PAM solution deployed already!
Tripwire's newest integration app, Tripwire Password Manager
(TPM), fills this gap.
It acts as a broker between your PAM solution and Tripwire applications. TPM finds the assets needing to be updated, asks your PAM solution for those credentials and updates the assets in your TW Apps. It can even start scans in IP360 and TE if you configure it to do so.
Tripwire Password Manager is already in use around the world in banking, government, utility and commercial settings. It is speeding up a manual process that would take days or weeks even and accomplishing the same tasks in hours.
Your team is already under a lot of pressure to do so much more with too few resources and the same budget
as the last couple of years, TPM allows you to focus on the security/compliance results of those TW application scans.
Tripwire Password Manager supports both password and SSH key types of credentials giving you the flexibility to configure your credentials to best fit your company's needs.
Do you use ‘shared’ common credentials amongst assets of the same type? TPM can be configured to use shared credentials for uniquely defined make/model pairs.
If you have assets that have restricted access to their log files, TPM can also gather logs and other important asset information via SCP/SSH for your SIEM tool to monitor. TPM will use either the directory path you provide or a command-line command to retrieve the information you need, either for compliance or security needs, and store it locally in per asset directories for easy monitoring/retrieval.
Tripwire Password Manager is designed as a modular system, so new PAM solutions can be added quickly as they come on the market or your existing PAM solution is not yet supported. TPM currently supports CyberArk's Privileged Access Security
(PAS) and One Identity's TPAM suite PAM
solution with others being added quarterly.
Tripwire Password Manager can be downloaded for free from the Tripwire Customer Portal
and easily set up by yourself, or you can contact your sales team to get installation help from our Professional Services team.
If you have a PAM that is not currently supported, you can also reach out to your Tripwire sales team and work with one of our PS developers to add support for your PAM solution to Tripwire Password Manager.