CCE are now an accredited partner & re-seller of Tripwire, the leading provider of Security Configuration Management systems.
Tripwire Enterprise is a security configuration management suite whose separate components work as stand-alone offerings or in a comprehensive, tightly integrated solution. It connects IT security to the businesses and missions it serves, protects systems by continually hardening their configurations, and detects the issues and changes that impact IT system integrity and cause exploits.
Tripwire Enterprise’s File Integrity Monitoring module detects the anomalies, unexpected changes, and deviations that indicate exploit attempts or threats across the industry’s broadest range of platforms, applications and devices. It assures integrity and maintains a “known and trusted” state for critical systems and the information they contain.
Tripwire Enterprise’s Policy Manager module helps customers meet the numerous security standards and regulations they face, from not only in-house security requirements but also governance regulations such as PCI, ISO, CIS and many more.
File Integrity Monitoring
There are five different endpoints that Tripwire Enterprise can monitor:
- File systems, Windows, Linux or Unix OS
- Databases, changes to schema and content
- Directory services, LDAP, Active Directory etc
- Virtual Infratructure, VMs, Hypervisors etc
- Network devices, routers, switches firewalls
File Systems, File Integrity Monitoring
Tripwire Enterprise can monitor, in real-time, not only files under Windows, Linux and other supported operating systems but also additional focus points such as registries, Microsoft Exchange and Internet Information Server configurations. Tripwire also provide out-of-the-box recommended change audit rules to monitor things such as critical files and configurations.
Tripwire Enterprise not only monitors changes within the database itself, but can monitor changes to the structure of the database, known as the database schema.
For example, Active Directory can monitor the changes within AD, help identify who added who to sensitive groups, eg: Domain Admins.
Tripwire can monitor the configuration of the infrastructure, such as reconfiguration of virtual machines.
Through a command line interface, Tripwire Enterprise can connect to many different types of network devices, such as Firewalls, routers, and switches, pulling back information such as firewall rules, access control lists and configurations.
Third party integrations
Through the Tripwire Technology Alliance Program, there are a number of integrations that will provide additional functionality to Tripwire Enterprise. Threat Intelligence providers (e.g. Palo Alto, ThreatGrid, Lastline) Tripwire can detect a change on the endpoint, pass the file to a threat provider for analysis and then report information is passed back to Tripwire. Tripwire is able to integrate with Ticketing Systems (e.g ServiceNow, Remedy) to validate the change detected and verify if the change is considered a good or bad change. Tripwire is also able to integrate to 3rd Party SIEMs (e.g Splunk) and send change data out to the SIEM’s for correlation later. Tripwire currently has a couple of Splunk apps available today in the Splunk app store.
Automated Remediation of configuration:
Within Tripwire Enterprise, you are able to check and monitor the configuration of an application. If the configuration drifts in any way, we will detect the change and give you the opportunity to reverse the change back to the original setting. Helpful to get a system back to a known good state.
One of the major features of Tripwire Enterprise is the policy management. Tripwire have over 700+ different policies available to customers, to freely download from the Tripwire Customer Centre and import into their Tripwire estate, such as PCI, CIS, ISO27001 etc. Once imported, there are a set of rules and tests that are ran against the endpoint to establish if they pass the relevant test or standard of choice. For example, there are a high number of requirements for PCI, and Tripwire Enterprise has developed tests for each of those requirements, such as checking the length of a password on a Windows Server or checking to see if administrator account is disabled. Dashboards and reports can also be created detailing which endpoints fail which tests. Tripwire Enterprise will then also provide you detailed remediation steps on how to get every specific endpoint version back in to a compliant state against the policy of choice.
There are a number of ‘plug-ins’ which can be also be acquired to help enhance the functionality of Tripwire Enterprise, for example, integration with current Ticketing systems; Whitelist profiling; Dynamic Software reconciliation, event sender etc. Having extremely rich API functionality provides our customers with an endless array of options when it comes to making sure Tripwire Enterprise fits well within their environment and processes.
You can find out more about Tripwire Enterprise by going to the Tripwire Enterprise web page