Tripwire Confidential Tripwire Enterprise 5.0. Tripwire Confidential 2 Tripwire Enterprise 5.0 Snapshot What is it? Change auditing software for medium-large

Tripwire Confidential

Tripwire Enterprise 5.0

2 Tripwire Confidential

Tripwire Enterprise 5.0 SnapshotTripwire Enterprise 5.0 Snapshot

What is it?Change auditing software for medium-large IT organizations

What does it do?Detects, Reconciles, and Reports change

What is its value?Demonstrated compliance

Increased availabilityEnhanced security


Audit Change: Prove System and Process IntegrityAudit Change: Prove System and Process Integrity

Reconcile

Report

Automated

Detect


Detects ChangeDetects Change

Independent from automated and manual sources of change

– Allows Segregation of Duties

– Change based on designated “known and trusted” state

Creates a verifiable audit trail

– Who, What, When, How, etc.

Broad infrastructure coverage

– Servers

– Desktops

– Routers, switches, firewalls, load balancers, etc.

– Future expandability


Reconciles ChangeReconciles Change

Detailed change information

– Changes occurring outside of maintenance windows

– Unauthorized individuals making changes

Graphical differencing of actual and expected changes

Integrates with other C/CM tools to automatically validate authorized and intended changes– Command Line Interface– Web Services API

Triggers corrective action when undesired change is discovered

ActualActualChangesChanges

ReconcileReconcileChangesChanges

ExpectedChange

UnexpectedChange

ChangeChangeDetailsDetails

33rdrd Party PartyInfo.Info.


Reports ChangeReports Change

Report library

– Change activity & detail

– Change process metrics

– Change history

Online dashboards

– Web-based

– Combines 1-4 reports

– Drill down to underlying reports

Capabilities include:

– Tailored criteria

– Scheduled runs

– Archival

– HTML, XML, PDF formats


Enterprise ManageabilityEnterprise Manageability

Scalability

– 10,000 servers

– 100,000 network devices

Usability

– Web Browser GUI• Remote accessibility• Persistent user settings

– Multiple users

– LDAP integration

– Hierarchical, logical groups• Nodes, Rules, Users• Reports


Reporting


Real-time DashboardReal-time Dashboard


Drilldown to Report DetailsDrilldown to Report Details






Detailed ChangesDetailed Changes

DescriptionThis report displays detailed change information for nodes as specified in the report's criteria

Usage Generate for a staging server to document expected changes to be deployed to production. Reference for promote by match to automatically approve expected changes on production systems. Appended to change tickets to document successful change, or alternately append to an incident to investigate unexpected change


Change VarianceChange Variance

DescriptionCompares the current changes on a set of agent-based nodes

UsageThis report is typically used to compare the changes on the nodes after a patch/install has been completed. Any changes that are inconsistent across the nodes are flagged and reported on


Change Process ComplianceChange Process Compliance

DescriptionShows authorized and unauthorized changes to elements over specified time intervals. Authorized changes are recognized by the presence of a third party reference identifier

UsageManagement report showing trend of effectiveness of change process controls. A Dashboard can show trends by location or IT service


Changes RateChanges Rate

DescriptionShows the quantity changes over a specified time (e.g. the past quarter) grouped by a specified frequency (e.g. weekly)

UsageManagement report showing change trends


Changes by Node or Node GroupChanges by Node or Node Group

DescriptionCompares the selected nodes/node groups to each other. This includes reporting on the total number of changes as well as the individual change type totals (additions, deletions, and modifications)

UsageCompares the quantity of changes (current and historical) for specified node or node groups (e.g. Locations)


Changes by SeverityChanges by Severity

DescriptionLists nodes having changes in each of the user-defined severity ranges

UsageA high-level report showing unresolved changes by severity. This report would typically be run and the end of a shift to identify systems that have deviated from their known and trust baseline


Device InventoryDevice Inventory

DescriptionDisplays a summary listing of the name, type, make, model, version, and description for selected nodes monitoring

UsageHelps identify monitored nodes and group similar nodes according to user selected criteria


Reporting Summary:Reporting Summary:

What changes map to authorized and approved work orders?

What changes do not match expected changes?

Reports available in: HTML XML PDF

Unauthorized change = Risk

Integrating Tripwire with your change management process will show whether the process is working


Customer Success Stories


Passing the Visa PCI audit Passing the Visa PCI audit

Faces three major audits each year: - Visa PCI, SOX, private insurer

Must continuously audit critical files across entire IT infrastructure for unauthorized changes

Problem: Deployed Tripwire on its Linux and

Windows servers

Detects all changes and enables discovery of unexpected results

Tripwire Solution:

Benefits:

Surpassed key sections of Visa’s PCI and SOX audit requirements

Saved weeks of internal development effort, days preparing for ongoing audits, and hours by eliminating time wasted investigating surprise changes

In addition to meeting compliance requirements, reduced system downtime and increased availability

“Tripwire took a burden off our shoulders.”


Proving Control. Increasing Availability.Proving Control. Increasing Availability.Web Conferencing, Video Conferencing and

Online Meeting Services

Change Management circumvention was impacting service delivery

Needed the means to enforce its “zero tolerance” policy

Problem: Implemented Tripwire on

over 1000 systems

Change reports used as evidence when confronting offenders

Tripwire Solution:

Benefits: Availability improved by a “nine” – Less than one hour of downtime a year

MTTR was reduced from 50 minutes to less than 15 minutes

Satisfied auditors requirements for Sarbanes-Oxley §404 and reduced the time necessary to prepare and conduct audits

Better service to their customers. Better control of their IT environment.


Closing the Loop on ComplianceClosing the Loop on Compliance

SOX 404 compliance issues

No formal change management process throughout the enterprise

Understanding service-affecting change too time-consuming

Problem: Implemented Tripwire on

130 business servers

Tripwire reports provide independent evidence that enables a closed-loop change process

Tripwire Solution:

Benefits: Satisfies external auditors requirements for “segregation of duties” and

“independent verification” of production changes

Automatic verification system eliminated the need to hire additional staff

“What used to take 30 minutes now takes two. It takes the guess work out.”

No longer assumes “people do the right things.” Wellman can prove it.


Delivering Better Controls for NYSEDelivering Better Controls for NYSE

Client Case Study

Unauthorized changes cause downtime and staff inefficiencies

Discovery and documentation of production changes was a manual, time-consuming process

Problem: Changes are independently

discovered and reported on all production servers

All changes must be validated before shift manager hand-off

Tripwire Solution:

Benefits: Change success rate has risen to 99.99%

MTTR was reduced from 30 minutes to less than 12 minutes

Estimated annual savings of more than $500K

Proof of change control enhances Security & Change Management practices


Increasing Visibility. Proving Control.Increasing Visibility. Proving Control.

Inability to validate and track server changes across network

No way to assign accountability for rogue changes

Solving problems caused by changes was too time-consuming

Problem:

Tripwire implemented within 8 global data centers (services over 10 million customers)

Integrated with change approvals managed in Remedy AR System

Tripwire Solution:

Benefits: Reduced MTTR by increasing visibility of changes and more quickly

determining if/how changes affect systems

Enabled staff to spend time on strategic projects, not chase down problems

“Tripwire reports verify compliance with Sarbanes-Oxley (SOX) requirements and prove that effective controls are in place”


Customer ExamplesCustomer Examples

“Having Tripwire greatly streamlined the audit process. The Auditors appreciate the fact that Tripwire is our control mechanism for Finding and notifying us of inconsistencies”

Richard Buckingham, Manager of IT Infrastructure, Stamps.com

“I’ve used Tripwire at other companies, and since complying with CISP is a strategic initiative for us, security is paramount. Security is a foundation of our business and Tripwire is a foundation within our security infrastructure.”

Barak Engel, Chief Security Officer for InStorecard

““We chose Tripwire for Servers for security reasons and for managing change,” said Lipp, “and what finalized our decision was its ability to help us meet certification processes for the VISA Cardholder Information Security Program. They look for a product like Tripwire”

Jeffrey Lipp, CEO Chockstone

Documents

Tripwire Confidential Tripwire Enterprise 5.0. Tripwire Confidential 2 Tripwire Enterprise 5.0 Snapshot What is it? Change auditing software for medium-large