Tripwire Enterprise 5.0
Tripwire Confidential
Tripwire Enterprise 5.0 Snapshot
What is it?
Change auditing software for
medium-large IT organizations
What does it do?
Detects, Reconciles, and Reports change
What is its value?
Demonstrated compliance
Increased availability
Enhanced security
2
Tripwire Confidential
Audit Change: Prove System and Process Integrity
Detect
Report
Automated
Reconcile
3
Tripwire Confidential
Detects Change
4

Independent from automated and
manual sources of change
– Allows Segregation of Duties
– Change based on designated
“known and trusted” state

Creates a verifiable audit trail
– Who, What, When, How, etc.

Broad infrastructure coverage
– Servers
– Desktops
– Routers, switches, firewalls,
load balancers, etc.
– Future expandability
Tripwire Confidential
Reconciles Change




5
Detailed change information
– Changes occurring outside of
maintenance windows
– Unauthorized individuals
making changes
Actual
Changes
Change
Details
Graphical differencing of actual
and expected changes
Integrates with other C/CM tools to
automatically validate authorized
and intended changes
– Command Line Interface
– Web Services API
Triggers corrective action when
undesired change is discovered
Tripwire Confidential
3rd Party
Info.
Reconcile
Changes
Expected
Change
Unexpected
Change
Reports Change
6

Report library
– Change activity & detail
– Change process metrics
– Change history

Online dashboards
– Web-based
– Combines 1-4 reports
– Drill down to underlying
reports

Capabilities include:
– Tailored criteria
– Scheduled runs
– Archival
– HTML, XML, PDF formats
Tripwire Confidential
Enterprise Manageability

Scalability
– 10,000 servers
– 100,000 network devices

Usability
– Web Browser GUI
• Remote accessibility
• Persistent user settings
– Multiple users
– LDAP integration
– Hierarchical, logical groups
• Nodes, Rules, Users
• Reports
7
Tripwire Confidential
Reporting
Tripwire Confidential
Real-time Dashboard
9
Tripwire Confidential
Drilldown to Report Details
10
Tripwire Confidential
Drilldown to Report Details
11
Tripwire Confidential
Drilldown to Report Details
12
Tripwire Confidential
Detailed Changes
Description
This report displays detailed change information for
nodes as specified in the report's criteria
Usage
 Generate for a staging server to document expected
changes to be deployed to production.
 Reference for promote by match to automatically approve
expected changes on production systems.
 Appended to change tickets to document successful
change, or alternately append to an incident to investigate
unexpected change
13
Tripwire Confidential
Change Variance
Description
Compares the current changes on a set of
agent-based nodes
Usage
This report is typically used to compare the
changes on the nodes after a patch/install has
been completed. Any changes that are
inconsistent across the nodes are flagged and
reported on
14
Tripwire Confidential
Change Process Compliance
Description
Shows authorized and unauthorized changes to
elements over specified time intervals. Authorized
changes are recognized by the presence of a third
party reference identifier
Usage
Management report showing trend of effectiveness
of change process controls. A Dashboard can
show trends by location or IT service
15
Tripwire Confidential
Changes Rate
Description
Shows the quantity changes over a
specified time (e.g. the past quarter)
grouped by a specified frequency (e.g.
weekly)
Usage
Management report showing change trends
16
Tripwire Confidential
Changes by Node or Node Group
Description
Compares the selected nodes/node groups
to each other. This includes reporting on the
total number of changes as well as the
individual change type totals (additions,
deletions, and modifications)
Usage
Compares the quantity of changes (current
and historical) for specified node or node
groups (e.g. Locations)
17
Tripwire Confidential
Changes by Severity
Description
Lists nodes having changes in each of the userdefined severity ranges
Usage
A high-level report showing unresolved changes by
severity. This report would typically be run and the
end of a shift to identify systems that have deviated
from their known and trust baseline
18
Tripwire Confidential
Device Inventory
Description
Displays a summary listing of the
name, type, make, model, version,
and description for selected nodes
monitoring
Usage
Helps identify monitored nodes and
group similar nodes according to user
selected criteria
19
Tripwire Confidential
Reporting Summary:
Integrating Tripwire with your change
management process will show
whether the process is working

What changes map to authorized
and approved work orders?

What changes do not match
expected changes?
Unauthorized change = Risk
20
Tripwire Confidential
Reports available in:
HTML
XML
PDF
Customer Success Stories
Tripwire Confidential
Passing the Visa PCI audit
Problem:
Tripwire Solution:

Faces three major audits each year:
- Visa PCI, SOX, private insurer

Deployed Tripwire on its Linux and
Windows servers

Must continuously audit critical files
across entire IT infrastructure for
unauthorized changes

Detects all changes and enables
discovery of unexpected results
Benefits:
22

Surpassed key sections of Visa’s PCI and SOX audit requirements

Saved weeks of internal development effort, days preparing for ongoing
audits, and hours by eliminating time wasted investigating surprise changes

In addition to meeting compliance requirements, reduced system downtime
and increased availability

“Tripwire took a burden off our shoulders.”
Tripwire Confidential
Proving Control. Increasing Availability.
Web Conferencing, Video Conferencing and
Online Meeting Services
Problem:
Tripwire Solution:

Change Management circumvention
was impacting service delivery

Implemented Tripwire on
over 1000 systems

Needed the means to enforce its
“zero tolerance” policy

Change reports used as
evidence when confronting
offenders
Benefits:
23

Availability improved by a “nine” – Less than one hour of downtime a year

MTTR was reduced from 50 minutes to less than 15 minutes

Satisfied auditors requirements for Sarbanes-Oxley §404 and reduced the
time necessary to prepare and conduct audits

Better service to their customers. Better control of their IT environment.
Tripwire Confidential
Closing the Loop on Compliance
Problem:
Tripwire Solution:

SOX 404 compliance issues


No formal change management
process throughout the enterprise
Implemented Tripwire on
130 business servers

Tripwire reports provide
independent evidence that
enables a closed-loop
change process

Understanding service-affecting
change too time-consuming
Benefits:
24

Satisfies external auditors requirements for “segregation of duties” and
“independent verification” of production changes

Automatic verification system eliminated the need to hire additional staff

“What used to take 30 minutes now takes two. It takes the guess work out.”

No longer assumes “people do the right things.” Wellman can prove it.
Tripwire Confidential
Delivering Better Controls for NYSE
Client Case Study
Problem:

Unauthorized changes cause
downtime and staff inefficiencies

Discovery and documentation of
production changes was a manual,
time-consuming process
Tripwire Solution:

Changes are independently
discovered and reported on all
production servers

All changes must be validated
before shift manager hand-off
Benefits:
25

Change success rate has risen to 99.99%

MTTR was reduced from 30 minutes to less than 12 minutes

Estimated annual savings of more than $500K

Proof of change control enhances Security & Change Management practices
Tripwire Confidential
Increasing Visibility. Proving Control.
Problem:

Inability to validate and track
server changes across network

No way to assign accountability
for rogue changes

Solving problems caused by
changes was too time-consuming
Tripwire Solution:

Tripwire implemented within 8
global data centers (services over
10 million customers)

Integrated with change approvals
managed in Remedy AR System
Benefits:
26

Reduced MTTR by increasing visibility of changes and more quickly
determining if/how changes affect systems

Enabled staff to spend time on strategic projects, not chase down problems

“Tripwire reports verify compliance with Sarbanes-Oxley (SOX) requirements
and prove that effective controls are in place”
Tripwire Confidential
Customer Examples
“Having Tripwire greatly streamlined the audit process.
The Auditors appreciate the fact that Tripwire is our control
mechanism for Finding and notifying us of inconsistencies”
Richard Buckingham, Manager of IT Infrastructure, Stamps.com
“I’ve used Tripwire at other companies, and since complying
with CISP is a strategic initiative for us, security is
paramount. Security is a foundation of our business and
Tripwire is a foundation within our security
infrastructure.”
Barak Engel, Chief Security Officer for InStorecard
“We chose Tripwire for Servers for security reasons and for
managing change,” said Lipp, “and what finalized our
decision was its ability to help us meet certification
processes for the VISA Cardholder Information Security
Program. They look for a product like Tripwire”
Jeffrey Lipp, CEO Chockstone
27
Tripwire Confidential