Upload
maria-debra-douglas
View
245
Download
1
Embed Size (px)
Citation preview
Tripwire Confidential
Tripwire Enterprise 5.0
2 Tripwire Confidential
Tripwire Enterprise 5.0 SnapshotTripwire Enterprise 5.0 Snapshot
What is it?Change auditing software for medium-large IT organizations
What does it do?Detects, Reconciles, and Reports change
What is its value?Demonstrated compliance
Increased availabilityEnhanced security
3 Tripwire Confidential
Audit Change: Prove System and Process IntegrityAudit Change: Prove System and Process Integrity
Reconcile
Report
Automated
Detect
4 Tripwire Confidential
Detects ChangeDetects Change
Independent from automated and manual sources of change
– Allows Segregation of Duties
– Change based on designated “known and trusted” state
Creates a verifiable audit trail
– Who, What, When, How, etc.
Broad infrastructure coverage
– Servers
– Desktops
– Routers, switches, firewalls, load balancers, etc.
– Future expandability
5 Tripwire Confidential
Reconciles ChangeReconciles Change
Detailed change information
– Changes occurring outside of maintenance windows
– Unauthorized individuals making changes
Graphical differencing of actual and expected changes
Integrates with other C/CM tools to automatically validate authorized and intended changes– Command Line Interface– Web Services API
Triggers corrective action when undesired change is discovered
ActualActualChangesChanges
ReconcileReconcileChangesChanges
ExpectedChange
UnexpectedChange
ChangeChangeDetailsDetails
33rdrd Party PartyInfo.Info.
6 Tripwire Confidential
Reports ChangeReports Change
Report library
– Change activity & detail
– Change process metrics
– Change history
Online dashboards
– Web-based
– Combines 1-4 reports
– Drill down to underlying reports
Capabilities include:
– Tailored criteria
– Scheduled runs
– Archival
– HTML, XML, PDF formats
7 Tripwire Confidential
Enterprise ManageabilityEnterprise Manageability
Scalability
– 10,000 servers
– 100,000 network devices
Usability
– Web Browser GUI• Remote accessibility• Persistent user settings
– Multiple users
– LDAP integration
– Hierarchical, logical groups• Nodes, Rules, Users• Reports
Tripwire Confidential
Reporting
9 Tripwire Confidential
Real-time DashboardReal-time Dashboard
10 Tripwire Confidential
Drilldown to Report DetailsDrilldown to Report Details
11 Tripwire Confidential
Drilldown to Report DetailsDrilldown to Report Details
12 Tripwire Confidential
Drilldown to Report DetailsDrilldown to Report Details
13 Tripwire Confidential
Detailed ChangesDetailed Changes
DescriptionThis report displays detailed change information for nodes as specified in the report's criteria
Usage Generate for a staging server to document expected changes to be deployed to production. Reference for promote by match to automatically approve expected changes on production systems. Appended to change tickets to document successful change, or alternately append to an incident to investigate unexpected change
14 Tripwire Confidential
Change VarianceChange Variance
DescriptionCompares the current changes on a set of agent-based nodes
UsageThis report is typically used to compare the changes on the nodes after a patch/install has been completed. Any changes that are inconsistent across the nodes are flagged and reported on
15 Tripwire Confidential
Change Process ComplianceChange Process Compliance
DescriptionShows authorized and unauthorized changes to elements over specified time intervals. Authorized changes are recognized by the presence of a third party reference identifier
UsageManagement report showing trend of effectiveness of change process controls. A Dashboard can show trends by location or IT service
16 Tripwire Confidential
Changes RateChanges Rate
DescriptionShows the quantity changes over a specified time (e.g. the past quarter) grouped by a specified frequency (e.g. weekly)
UsageManagement report showing change trends
17 Tripwire Confidential
Changes by Node or Node GroupChanges by Node or Node Group
DescriptionCompares the selected nodes/node groups to each other. This includes reporting on the total number of changes as well as the individual change type totals (additions, deletions, and modifications)
UsageCompares the quantity of changes (current and historical) for specified node or node groups (e.g. Locations)
18 Tripwire Confidential
Changes by SeverityChanges by Severity
DescriptionLists nodes having changes in each of the user-defined severity ranges
UsageA high-level report showing unresolved changes by severity. This report would typically be run and the end of a shift to identify systems that have deviated from their known and trust baseline
19 Tripwire Confidential
Device InventoryDevice Inventory
DescriptionDisplays a summary listing of the name, type, make, model, version, and description for selected nodes monitoring
UsageHelps identify monitored nodes and group similar nodes according to user selected criteria
20 Tripwire Confidential
Reporting Summary:Reporting Summary:
What changes map to authorized and approved work orders?
What changes do not match expected changes?
Reports available in: HTML XML PDF
Unauthorized change = Risk
Integrating Tripwire with your change management process will show whether the process is working
Tripwire Confidential
Customer Success Stories
22 Tripwire Confidential
Passing the Visa PCI audit Passing the Visa PCI audit
Faces three major audits each year: - Visa PCI, SOX, private insurer
Must continuously audit critical files across entire IT infrastructure for unauthorized changes
Problem: Deployed Tripwire on its Linux and
Windows servers
Detects all changes and enables discovery of unexpected results
Tripwire Solution:
Benefits:
Surpassed key sections of Visa’s PCI and SOX audit requirements
Saved weeks of internal development effort, days preparing for ongoing audits, and hours by eliminating time wasted investigating surprise changes
In addition to meeting compliance requirements, reduced system downtime and increased availability
“Tripwire took a burden off our shoulders.”
23 Tripwire Confidential
Proving Control. Increasing Availability.Proving Control. Increasing Availability.Web Conferencing, Video Conferencing and
Online Meeting Services
Change Management circumvention was impacting service delivery
Needed the means to enforce its “zero tolerance” policy
Problem: Implemented Tripwire on
over 1000 systems
Change reports used as evidence when confronting offenders
Tripwire Solution:
Benefits: Availability improved by a “nine” – Less than one hour of downtime a year
MTTR was reduced from 50 minutes to less than 15 minutes
Satisfied auditors requirements for Sarbanes-Oxley §404 and reduced the time necessary to prepare and conduct audits
Better service to their customers. Better control of their IT environment.
24 Tripwire Confidential
Closing the Loop on ComplianceClosing the Loop on Compliance
SOX 404 compliance issues
No formal change management process throughout the enterprise
Understanding service-affecting change too time-consuming
Problem: Implemented Tripwire on
130 business servers
Tripwire reports provide independent evidence that enables a closed-loop change process
Tripwire Solution:
Benefits: Satisfies external auditors requirements for “segregation of duties” and
“independent verification” of production changes
Automatic verification system eliminated the need to hire additional staff
“What used to take 30 minutes now takes two. It takes the guess work out.”
No longer assumes “people do the right things.” Wellman can prove it.
25 Tripwire Confidential
Delivering Better Controls for NYSEDelivering Better Controls for NYSE
Client Case Study
Unauthorized changes cause downtime and staff inefficiencies
Discovery and documentation of production changes was a manual, time-consuming process
Problem: Changes are independently
discovered and reported on all production servers
All changes must be validated before shift manager hand-off
Tripwire Solution:
Benefits: Change success rate has risen to 99.99%
MTTR was reduced from 30 minutes to less than 12 minutes
Estimated annual savings of more than $500K
Proof of change control enhances Security & Change Management practices
26 Tripwire Confidential
Increasing Visibility. Proving Control.Increasing Visibility. Proving Control.
Inability to validate and track server changes across network
No way to assign accountability for rogue changes
Solving problems caused by changes was too time-consuming
Problem:
Tripwire implemented within 8 global data centers (services over 10 million customers)
Integrated with change approvals managed in Remedy AR System
Tripwire Solution:
Benefits: Reduced MTTR by increasing visibility of changes and more quickly
determining if/how changes affect systems
Enabled staff to spend time on strategic projects, not chase down problems
“Tripwire reports verify compliance with Sarbanes-Oxley (SOX) requirements and prove that effective controls are in place”
27 Tripwire Confidential
Customer ExamplesCustomer Examples
“Having Tripwire greatly streamlined the audit process. The Auditors appreciate the fact that Tripwire is our control mechanism for Finding and notifying us of inconsistencies”
Richard Buckingham, Manager of IT Infrastructure, Stamps.com
“I’ve used Tripwire at other companies, and since complying with CISP is a strategic initiative for us, security is paramount. Security is a foundation of our business and Tripwire is a foundation within our security infrastructure.”
Barak Engel, Chief Security Officer for InStorecard
““We chose Tripwire for Servers for security reasons and for managing change,” said Lipp, “and what finalized our decision was its ability to help us meet certification processes for the VISA Cardholder Information Security Program. They look for a product like Tripwire”
Jeffrey Lipp, CEO Chockstone