Scott Crawford Research Director Enterprise Management Associates

Tripwire, Inc., the recognized leader in configuration assessment and auditing, has announced the newest version of its flagship product, Tripwire Enterprise 7.1, which maximizes the use of IT expertise throughout an organization by capturing and replicating this knowledge across all IT systems.

Tripwire Enterprise 7.1 ensures IT configuration integrity across the entire IT infrastructure and effortlessly manages internal and external policies, increasing IT productivity and easing IT security and compliance.

“IT organizations are completely reliant on knowledge workers for their success. Whether they hire expertise in-house or obtain it through consultants, all too often organizations find their IT expertise walking out the door. This creates an enormous resource sink, and it can place organizations at risk unnecessarily,” said Scott Crawford, Research Director at Enterprise Management Associates. “Tripwire Enterprise is an invaluable resource to companies who want to keep their investment in IT expertise in the data center and maximize the use of that expertise.” A Society for Information Management survey of 130 CIOs and senior IT executives revealed that attracting, developing and retaining IT professionals was at the top of their worry list, with 51 percent stating it was a major area of concern.

Golden Policies
Tripwire Enterprise’s policy management capabilities include the ability to capture configuration settings, creating a “golden policy.” Users can create and save a known and trusted IT configuration for easy duplication across other systems, so that IT infrastructure does not have to be evaluated manually. Tripwire Enterprise has expanded capabilities to proactively assess organizations’ configuration settings against internal and external standards. The new version offers comprehensive out-of-the-box security, compliance and operational policies, as well as improvements in policy customization and test management.

DataPipe, a managed global IT services provider, helps its clients achieve and maintain compliance with the stringent requirements of the Payment Card Industry Data Security Standards (PCI DSS). Joel Friedman, CSO of DataPipe, said “When demonstrating PCI compliance to auditors, the traditional approach to ensuring all systems are properly configured consumes an incredible amount of time and resources. Inevitably, soon after the configuration assessment, changes will occur. It is essential to immediately know if any change causes a system to deviate from a known, compliant state. With Tripwire Enterprise's automated configuration assessment and change auditing capabilities, DataPipe is able to proactively address these challenges, which is why we selected Tripwire as the underpinnings to two of the services in our Turnkey PCI Compliance package.”

Remediation Advice
Tripwire Enterprise now offers remediation guidance with Tripwire Remediation Advisor. Users can quickly reduce risks and return systems to a known and trusted state with documented remediation steps. This ensures that remediation is rapidly and correctly performed, improving operational efficiency. Because Tripwire Enterprise Remediation Advisor spells out remediation steps clearly and succinctly, remediation efforts no longer need to be assigned to the most senior of staff, leaving this talent available for more strategic projects.

Weighting
In addition, Tripwire Enterprise 7.1 enables organizations to prioritize remediation efforts with test weighting. With this quantification of risk based on individual tests, IT organizations can prioritize remediation efforts based on risk profiles and system importance. In addition, Tripwire Enterprise 7.1 will provide immediate notification to stakeholders when configurations begin to drift from their known states. This enables staff to intervene early and easily remediate changes that deviate from desired configurations. The recognition that some problems with configuration drift can wait, and others need to be remediated immediately, increases operational efficiency and allows IT to better support security priorities.

Waivers and Reporting
Tripwire Enterprise enables greater customization of policy requirements. In addition to being able to create a golden policy, IT staff are able to reduce time and effort during audit preparation by more proficiently managing configuration exceptions. Auditors can grant waivers in cases where a regulatory standard has not yet been met but a waiver for a specific time has been granted, and Tripwire Enterprise then documents, tracks and reports on these waivers. This enables more streamlined compliance, with accompanying reports.

Tripwire, Inc. is the recognized leader of configuration audit and control solutions, serving over 6,000 enterprises worldwide. As the first in the industry to combine configuration assessment with configuration change auditing, Tripwire helps IT organizations automate compliance across the data center, reducing risk and increasing operational efficiency. Tripwire ensures the organization achieves continuous operational, regulatory and security compliance, helping IT achieve and maintain a known, trusted and compliant system state. Tripwire is headquartered in Portland, Ore. with offices in the UK, Australia and Japan.

For more information visit: www.tripwire.com