Tripwire Enterprise: Reimagining a Winning Product


How many security products does it take to monitor an organization? Even a small company often finds itself working with multiple monitoring tools to gain visibility into its security posture. This creates multiple blind spots, as a security analyst needs to jump between different tools with different formats and configurations to research a security incident. Adding to this problem is that the reporting from each tool usually differs, making the creation of a uniform report a chore.

Integrations and Splunk

Many organizations have tried to solve their individual problem by using Splunk to present the mountains of data in a group of dashboards, but this only solves some aspects, given that not all tools present data uniformly, or at all, to enable them to build those views. Reporting still needed to be generated from within each native application in many cases. To answer this need, we recognize the value to our customers in enabling them to use their data wherever and however it is most useful. We have recentralized our strategy into providing several flexible options to getting data out of our products and making it available to them wherever it can be the most actionable.

Better integration gives customers the ability to create reports in less time, so they can read the output information when they need it and to suit their specific task at the time. It’s not just enough that the information is in a usable, actionable format, but it’s also important that the customer does not need to perform extra work to retrieve that data out of the product.

Saving Time and Improving Confidence with Tripwire Enterprise

Security teams do not have time to log into multiple tools to gather data, preferring to focus on the forensic information they need to carry out their analysis. They need the information brought to their table. Most of the time that means that they will look to Splunk to see it in a dashboard. But not every customer knows how to configure their own dashboards on Splunk. Tripwire just recently qualified our 3.2.2 version of the Splunk app for Tripwire Enterprise (TE) with Splunkbase for on-premises deployments. What that means is customers now can have confidence that the app is not going to disrupt their Splunk enterprise deployment, and they can easily set up the data flow in minutes.

TE is now providing this as one of the primary ways of getting information out of the product, making it available to customers where they can get the best value from it. This increases the number of teams that get exposed to the data that we provide, and therefore adds more value to their organization in using TE, while keeping their cost level on our software.

In addition to establishing an easy pattern for the data flow, the Splunk app comes with out-of-the-box dashboards. We’re providing the critical transfer of information and also those example summary views to help them see the options readily available. These summaries have been a strong focus for the TE developers, and we will continue to focus on improving the type of information available and the reporting options it presents. We are empowering our customers to use their information and have that information wherever it’s the most useful for them.

There are other important improvements to TE data in the upcoming 9.1 release version. We have enabled a new advance syslog output to include File Integrity Monitoring (FIM) data as well. The focus behind this is to provide a second option for extracting data out of TE in a different format, and enabling utilization in more SIEMs beyond Splunk. As we look at providing more capabilities into the TE platform, we’re not picking up pieces of technology and lifting and shifting things around. We are reimagining these capabilities as we rebuild them to ensure that we are providing the most flexibility. We are bundling core extensions back into our product; enhancing and improving them.

Busy security professionals need information quickly, and they need to present it to others with equal speed and accuracy. They’re trying to understand very quickly, how’s my environment? Do I have risk? Am I being attacked? Is there a problem I need to solve? They’re trying to answer those kinds of questions. TE can answer them for their deployment, and we can make that a more valuable capability by adding in FIM and Security Configuration Manager (SCM) data exports, giving us additional data points to look at and understand a more realistic representation of risk in whatever end system they need that information in. That improves the granular reporting options and also the summary reporting available, which would be centralized in whatever destination our customers need it to be.

The Future is Bright (and Easier to Navigate)

We have to make sure that those capabilities provide both the deep insight that the customers want when doing forensic research, and also a summary view so they can quickly answer the questions and move on with their day. We are confident that the newest versions of Tripwire Enterprise will provide more expansive options to understand your environment and make security even easier.

Learn more about the industry’s leading FIM and SCM solution, Tripwire Enterprise, today: https://www.tripwire.com/products/tripwire-enterprise 



Source link