Tripwire Announces Tripwire Enterprise 5.0; New Change Auditing Solution Provides Independent Proof of Change and Configuration Management Processes.PORTLAND, Ore. -- Tripwire trip·wire n. 1. A wire stretched near ground level to trip or ensnare an enemy. 2. A wire or line that activates a weapon, trap, or camera, for example, when pulled. 3. (R), Inc. today announced the availability of Tripwire Enterprise 5.0, a new change auditing solution that proves system and process integrity to help enterprises comply with regulations while achieving greater network availability and security. Tripwire Enterprise 5.0 automatically detects changes across both servers and network devices independent of who made the change or why the change was made, then enables actual production changes to be reconciled with intended and authorized au·thor·ize tr.v. au·thor·ized, au·thor·iz·ing, au·thor·iz·es 1. To grant authority or power to. 2. To give permission for; sanction: changes. Marking a major milestone for the industry and Tripwire alike, the new solution offers robust reporting capabilities that provide IT Operations and Security Managers the verifiable evidence required to prove that change management and security controls are in place and effective. In an attempt to manage infrastructure change more efficiently, IT organizations are investing in a variety of change and configuration management products (C/CM) that either automate To turn a set of manual steps into an operation that goes by itself. See automation. change approval workflow or the deployment and administration of software and system configurations. The mistaken assumption is that by automating the way change is authorized and implemented, human error and business risk is reduced. However, without the enforcement of a detective control, even the best change management processes are easily circumvented or simply ignored. An independent detective control serves as a tripwire that discovers the failure or circumvention CIRCUMVENTION, torts, Scotch law. Any act of fraud whereby a person is reduced to a deed by decree. Tech. Dict. It has the same sense in the civil law. Dig. 50, 17, 49 et 155; Id. 12, 6, 6, 2; Id. 41, 2, 34. Vide Parphrasis. of change management and security policy and alerts IT to take corrective action A corrective action is a change implemented to address a weakness identified in a management system. Normally corrective actions are instigated in response to a customer complaint, abnormal levels if internal nonconformity, nonconformities identified during an internal audit or . "While preparing for Sarbanes-Oxley compliance, our auditors told us we needed a verification system that was completely independent of the personnel approving or making the change," said Sam Swaringen, senior systems analyst for Wellman, a global leader in plastics recycling recycling, the process of recovering and reusing waste products—from household use, manufacturing, agriculture, and business—and thereby reducing their burden on the environment. . "We chose Tripwire because it gave us the independent change auditing reporting that satisfied the auditors' requirements." Tripwire Enterprise 5.0 delivers a verifiable audit information trail across the IT infrastructure reconciled with approved and intended changes. The software provides a variety of reports and online dashboards that builds trust in change management and security processes, demonstrates compliance, enhances security and increases network availability. "While SOX (1) (Schema for Object-oriented XML) An XML schema developed by Veo Systems and Muzino Communications, which was submitted to the W3C. SOX is based on DTD, but adds data typing and reuse mechanisms. compliance took a painful toll on most enterprises in 2004, we've only just begun to feel the real impact of mandatory regulations," said Jim B. Johnson, CEO (1) (Chief Executive Officer) The highest individual in command of an organization. Typically the president of the company, the CEO reports to the Chairman of the Board. of Tripwire. "IT must now continually prove it has control of the information systems that are critical to the business. Fortunately, what's good for demonstrating compliance is great for increasing security and availability. Tripwire Enterprise 5.0 offers ongoing proof that internal process controls are effective and provides the decision support tools that enable process improvement and better problem management." Internal and third-party IT audits are becoming more frequent and resource intensive as the industry recognizes the risks that IT availability and security inherently pose on the business. According to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. the Institute of Internal Auditors “IIA” redirects here. For IIA in decision theory, see Independence of irrelevant alternatives. Established in 1941, The Institute of Internal Auditors (IIA) is an international professional association of more than 128,000 members with global headquarters in (IIA (1) (Information Industry Association, Washington, DC) In 1999, IIA merged with SPA (Software Publishers Association) to become the Software & Information Industry Association. See SIIA. ), effective change management is critical to the attainment of business goals. Preventive, detective and corrective cor·rec·tive adj. Counteracting or modifying what is malfunctioning, undesirable, or injurious. n. An agent that corrects. corrective, n controls must be implemented in response to the identified risks of IT change. Without these controls it is difficult for management to meet the requirements of regulations such as Sarbanes-Oxley. "We expect that change auditing standards will be developed and incorporated directly into best-practice Change and Configuration Management frameworks. Process and infrastructure integrity health checks will eventually be part of the basic, statutory IT operations," said Charles Kolodgy, research director at IDC. "When Tripwire software is used to anchor IT infrastructures, it provides a solid foundation where a coherent, secure and functional network can be deployed, maintained and updated." Tripwire Enterprise 5.0 Tripwire Enterprise 5.0 provides a single point of control for detecting, reconciling and reporting change activity across servers, desktops, network devices, and a growing number of other infrastructure components. By detecting both automated and manual changes and reconciling those changes with authorized and intended changes, Tripwire Enterprise provides an independent detective control and verifiable audit trial across the IT infrastructure. Its library of reports and dashboards enable IT management to prove that change is properly managed, that any "out of band" change is properly investigated, and that the integrity of both production systems and the change management process is intact. Tripwire Enterprise change auditing has three critical functions within the C/CM process: --Detect Change: Tripwire Enterprise creates a verifiable audit trail by building a change history containing specific change details, including what changes were made, who made the changes, and when changes were discovered. Changes on each system are detected relative to a designated baseline specifically selected by authorized personnel. As an independent detective control segregated from the persons or technologies making changes, Tripwire Enterprise detects changes regardless of who made the change or how the change was made. --Reconcile Change: Tripwire Enterprise exposes unauthorized and unintended changes by discovering changes that occur outside of defined maintenance windows and exposing unauthorized individuals making changes through its detailed change reporting. To automate change reconciliation, Tripwire Enterprise uses information from other C/CM tools, such as change ticketing, software distribution and patch management The installation of patches from a software vendor onto an organization's computers. Patching thousands of PCs and servers is a major issue. A patch should be applied to test machines first before deployment, and the testing environments must represent all the users' PCs with their unique tools, to automatically recognize and validate authorized and intended changes by comparing the current configuration of a system with an approved change ticket, a pre-production version, or a reference system. When undesired change is detected, Tripwire Enterprise can automatically open incident tickets or trigger recovery. --Report Change: Tripwire Enterprise reporting With the dramatic expansion of information technology, and the desire for increased competitiveness in corporations, there has been an increase in the use of computing power to produce unified reports which join different views of the enterprise in one place. includes a library of reports and online dashboards that can be easily tailored to provide change process metrics metrics Managed care A popular term for standards by which the quality of a product, service, or outcome of a particular form of Pt management is evaluated. See TQM. , change activity, change history and node status. Reports can be scheduled, archived, and distributed in a variety of formats including HTML HTML in full HyperText Markup Language Markup language derived from SGML that is used to prepare hypertext documents. Relatively easy for nonprogrammers to master, HTML is the language used for documents on the World Wide Web. , PDF (Portable Document Format) The de facto standard for document publishing from Adobe. On the Web, there are countless brochures, data sheets, white papers and technical manuals in the PDF format. or XML XML in full Extensible Markup Language. Markup language developed to be a simplified and more structural version of SGML. It incorporates features of HTML (e.g., hypertext linking), but is designed to overcome some of HTML's limitations. . Tripwire Enterprise's reporting capabilities enable an independent accounting of change across the infrastructure and provides proof of systems and process integrity. About Tripwire Solutions A comprehensive change auditing solution requires three critical pieces: process, people and technology. Correspondingly, Tripwire Solutions include both software and professional services (job) professional services - A department of a supplier providing consultancy and programming manpower for the supplier's products. offerings. Its software offerings include Tripwire Enterprise and Tripwire for Servers, which is a proven change monitoring and analysis solution for servers running in small to mid-size organizations. Tripwire Professional Services offers a complete set of services to help organizations define change control processes, integrate Tripwire software with existing C/CM systems, as well as Tripwire software implementation and tuning. About Tripwire, Inc. Tripwire is the leading provider of change auditing software and services. Tripwire solutions enable enterprises to prove that their IT change management controls are effective and their infrastructure is safe. Tripwire software provides proof of regulatory compliance, instills accountability for change, ensures the security of business-critical systems, and increases the overall availability of IT services. Tripwire is headquartered in Portland, Ore. with offices in the UK and Japan. For more information visit: http://www.tripwire.com/. |
|
||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion