Tripwire Enterprise 5.0 Tripwire Confidential Tripwire Enterprise 5.0 Snapshot What is it? Change auditing software for medium-large IT organizations What does it do? Detects, Reconciles, and Reports change What is its value? Demonstrated compliance Increased availability Enhanced security 2 Tripwire Confidential Audit Change: Prove System and Process Integrity Detect Report Automated Reconcile 3 Tripwire Confidential Detects Change 4 Independent from automated and manual sources of change – Allows Segregation of Duties – Change based on designated “known and trusted” state Creates a verifiable audit trail – Who, What, When, How, etc. Broad infrastructure coverage – Servers – Desktops – Routers, switches, firewalls, load balancers, etc. – Future expandability Tripwire Confidential Reconciles Change 5 Detailed change information – Changes occurring outside of maintenance windows – Unauthorized individuals making changes Actual Changes Change Details Graphical differencing of actual and expected changes Integrates with other C/CM tools to automatically validate authorized and intended changes – Command Line Interface – Web Services API Triggers corrective action when undesired change is discovered Tripwire Confidential 3rd Party Info. Reconcile Changes Expected Change Unexpected Change Reports Change 6 Report library – Change activity & detail – Change process metrics – Change history Online dashboards – Web-based – Combines 1-4 reports – Drill down to underlying reports Capabilities include: – Tailored criteria – Scheduled runs – Archival – HTML, XML, PDF formats Tripwire Confidential Enterprise Manageability Scalability – 10,000 servers – 100,000 network devices Usability – Web Browser GUI • Remote accessibility • Persistent user settings – Multiple users – LDAP integration – Hierarchical, logical groups • Nodes, Rules, Users • Reports 7 Tripwire Confidential Reporting Tripwire Confidential Real-time Dashboard 9 Tripwire Confidential Drilldown to Report Details 10 Tripwire Confidential Drilldown to Report Details 11 Tripwire Confidential Drilldown to Report Details 12 Tripwire Confidential Detailed Changes Description This report displays detailed change information for nodes as specified in the report's criteria Usage Generate for a staging server to document expected changes to be deployed to production. Reference for promote by match to automatically approve expected changes on production systems. Appended to change tickets to document successful change, or alternately append to an incident to investigate unexpected change 13 Tripwire Confidential Change Variance Description Compares the current changes on a set of agent-based nodes Usage This report is typically used to compare the changes on the nodes after a patch/install has been completed. Any changes that are inconsistent across the nodes are flagged and reported on 14 Tripwire Confidential Change Process Compliance Description Shows authorized and unauthorized changes to elements over specified time intervals. Authorized changes are recognized by the presence of a third party reference identifier Usage Management report showing trend of effectiveness of change process controls. A Dashboard can show trends by location or IT service 15 Tripwire Confidential Changes Rate Description Shows the quantity changes over a specified time (e.g. the past quarter) grouped by a specified frequency (e.g. weekly) Usage Management report showing change trends 16 Tripwire Confidential Changes by Node or Node Group Description Compares the selected nodes/node groups to each other. This includes reporting on the total number of changes as well as the individual change type totals (additions, deletions, and modifications) Usage Compares the quantity of changes (current and historical) for specified node or node groups (e.g. Locations) 17 Tripwire Confidential Changes by Severity Description Lists nodes having changes in each of the userdefined severity ranges Usage A high-level report showing unresolved changes by severity. This report would typically be run and the end of a shift to identify systems that have deviated from their known and trust baseline 18 Tripwire Confidential Device Inventory Description Displays a summary listing of the name, type, make, model, version, and description for selected nodes monitoring Usage Helps identify monitored nodes and group similar nodes according to user selected criteria 19 Tripwire Confidential Reporting Summary: Integrating Tripwire with your change management process will show whether the process is working What changes map to authorized and approved work orders? What changes do not match expected changes? Unauthorized change = Risk 20 Tripwire Confidential Reports available in: HTML XML PDF Customer Success Stories Tripwire Confidential Passing the Visa PCI audit Problem: Tripwire Solution: Faces three major audits each year: - Visa PCI, SOX, private insurer Deployed Tripwire on its Linux and Windows servers Must continuously audit critical files across entire IT infrastructure for unauthorized changes Detects all changes and enables discovery of unexpected results Benefits: 22 Surpassed key sections of Visa’s PCI and SOX audit requirements Saved weeks of internal development effort, days preparing for ongoing audits, and hours by eliminating time wasted investigating surprise changes In addition to meeting compliance requirements, reduced system downtime and increased availability “Tripwire took a burden off our shoulders.” Tripwire Confidential Proving Control. Increasing Availability. Web Conferencing, Video Conferencing and Online Meeting Services Problem: Tripwire Solution: Change Management circumvention was impacting service delivery Implemented Tripwire on over 1000 systems Needed the means to enforce its “zero tolerance” policy Change reports used as evidence when confronting offenders Benefits: 23 Availability improved by a “nine” – Less than one hour of downtime a year MTTR was reduced from 50 minutes to less than 15 minutes Satisfied auditors requirements for Sarbanes-Oxley §404 and reduced the time necessary to prepare and conduct audits Better service to their customers. Better control of their IT environment. Tripwire Confidential Closing the Loop on Compliance Problem: Tripwire Solution: SOX 404 compliance issues No formal change management process throughout the enterprise Implemented Tripwire on 130 business servers Tripwire reports provide independent evidence that enables a closed-loop change process Understanding service-affecting change too time-consuming Benefits: 24 Satisfies external auditors requirements for “segregation of duties” and “independent verification” of production changes Automatic verification system eliminated the need to hire additional staff “What used to take 30 minutes now takes two. It takes the guess work out.” No longer assumes “people do the right things.” Wellman can prove it. Tripwire Confidential Delivering Better Controls for NYSE Client Case Study Problem: Unauthorized changes cause downtime and staff inefficiencies Discovery and documentation of production changes was a manual, time-consuming process Tripwire Solution: Changes are independently discovered and reported on all production servers All changes must be validated before shift manager hand-off Benefits: 25 Change success rate has risen to 99.99% MTTR was reduced from 30 minutes to less than 12 minutes Estimated annual savings of more than $500K Proof of change control enhances Security & Change Management practices Tripwire Confidential Increasing Visibility. Proving Control. Problem: Inability to validate and track server changes across network No way to assign accountability for rogue changes Solving problems caused by changes was too time-consuming Tripwire Solution: Tripwire implemented within 8 global data centers (services over 10 million customers) Integrated with change approvals managed in Remedy AR System Benefits: 26 Reduced MTTR by increasing visibility of changes and more quickly determining if/how changes affect systems Enabled staff to spend time on strategic projects, not chase down problems “Tripwire reports verify compliance with Sarbanes-Oxley (SOX) requirements and prove that effective controls are in place” Tripwire Confidential Customer Examples “Having Tripwire greatly streamlined the audit process. The Auditors appreciate the fact that Tripwire is our control mechanism for Finding and notifying us of inconsistencies” Richard Buckingham, Manager of IT Infrastructure, Stamps.com “I’ve used Tripwire at other companies, and since complying with CISP is a strategic initiative for us, security is paramount. Security is a foundation of our business and Tripwire is a foundation within our security infrastructure.” Barak Engel, Chief Security Officer for InStorecard “We chose Tripwire for Servers for security reasons and for managing change,” said Lipp, “and what finalized our decision was its ability to help us meet certification processes for the VISA Cardholder Information Security Program. They look for a product like Tripwire” Jeffrey Lipp, CEO Chockstone 27 Tripwire Confidential