Feature

Intrusion Detection: Tripwire's Enterprise 5.0

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Why business managers are a breed of security professional."

Download it now to read this article plus other related content.

Tripwire's Enterprise 5.0
Tripwire
Price: Server, $3,999; $595 per agent; $125 per agentless device

Originally published: June 2005
Poor change management and operator error leave systems vulnerable to

    Requires Free Membership to View

attack—and can bring them down as surely as any hacker. Effective change control is also critical to the increasingly stringent demands of security audits and regulatory compliance.

Tripwire Enterprise 5.0 helps organizations take control of their networks, improving compliance, availability and security, and constantly monitoring servers and network devices (firewalls, routers and switches) through a combination of agent and agentless detection. Information is fed back to the Tripwire Enterprise Server and displayed in near real-time on a Web-based dashboard, and can also be used to generate reports on changes to monitored nodes.

Detected changes, whether by operators, applications (such as patch management tools) or attackers, may be modifications to files and their content, configuration settings or system status. Notably, Tripwire Enterprise 5.0 doesn't monitor Windows registry changes or SQL databases, but the company says it's adding those checks shortly.

Changes can be correlated to who was logged in at the time the change was made, making use of information from AAA servers (such as RADIUS and TACACS+) and audit logs. Tripwire Enterprise comes with generic LDAP support and works with Active Directory.

The bulk of tasks performed with Tripwire Enter-prise are baselining (recording the known good state of any given node) and reconciliation. Any changes are flagged and processed according to configurable rules, typically related to alerting (on the console, e-mailing a security manager or sending an SNMP trap). Tripwire Enterprise can also take action, such as automated reconciliation, including working with the Remedy AR system to manage change control. In the case of manual reconciliation, changes are reviewed in the console and can be accepted as part of the new baseline; denials force devices, OSes and apps to revert to their most recent trusted baselines.

Users familiar with Outlook will feel right at home, with a sidebar for quick access to common tasks, a tree view showing the nodes under management, and a main window to view, modify and delete data. Nodes are objects in the enterprise, typically routers, switches, firewalls, load balancers, and Unix and Windows systems, and are grouped by function, geography or business requirements.

The latest version of Tripwire Enterprise goes beyond its predecessors, Tripwire for Servers and Tripwire for Network Devices. It's now able to monitor and manage 10,000 servers and 100,000 network devices simultaneously through a single console. (Tripwire for Servers is still available as a separate product.)

Tripwire Enterprise provides robust reporting with 13 different standard reports and a dashboard that presents up-to-the-minute graphical indicators of system compliance.

This was first published in June 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: