Professional Documents
Culture Documents
Tripwire Enterprise
File Integrity Manager
File integrity monitoring was Changes to configurations, files and file attributes throughout the
invented by Tripwire. But that’s IT infrastructure are just part of everyday life in today’s enterprise
only one reason why so many
organizations. But hidden within the large volume of daily changes are
consider “Tripwire” synony
the few that can impact file or configuration integrity. These include
mous with this critical security
control. Tripwire Enterprise has unexpected changes to attributes, permissions and content, or changes
taken FIM far beyond basic that cause a configuration’s values, ranges and properties to fall out of
change auditing. It not only alignment with security or compliance policies. To protect critical systems
collects highly detailed change and data, you need to detect all changes, capture details about each
data in real-time, it also adds instance, and use those details to determine if a change introduces security
change intelligence and
risk or non-compliance. You also have to do that in real time to stop an
automated remediation and
attack from succeeding—or minimize the impact of a successful one.
then integrates this data with
the other critical security
But with constant changes to files and by combining Tripwire’s industry-lead-
controls provided by Tripwire configurations occurring, how do you ing change detection with ChangeIQ™
solutions. tell the difference between “good” and change intelligence and automated
“bad” ones? Or in a more pragmatic responses.
sense, between business-as-usual
changes and the ones that spell Agent-based FIM for Change
trouble?
Data in Real Time
That’s what file integrity monitoring One of the big differentiators between
(FIM), a critical security control, is File Integrity Manager and other FIM
supposed to do. Unfortunately, most solutions is Tripwire’s use of agents
FIM solutions simply determine that a to continuously capture detailed who,
change occurred—and stop right there. what and when change details in real
Only a few capture change in real time time, with little impact on systems and
and with enough detail to show you who network traffic. Tripwire’s lightweight,
made it. Even fewer provide the option easy-to-manage agents mean you don’t
to trigger remediation of an undesirable miss the changes that occur between
configuration change. scans that can leave systems and data
exposed.
Organizations need “true” FIM—file
integrity monitoring that detects each While some solutions claim to be agen-
change as it occurs and uses change tless, they actually install and uninstall
intelligence to determine if a change an agent each and every time they
introduces risk or non-compliance. File collect change data, which increases
Integrity Manager, a core component of overhead and risk. And the truly agen-
Tripwire® Enterprise, offers exactly this tless solutions only collect a subset
FOUNDATIONAL CONTROLS FOR
SECURITY, COMPLIANCE & IT OPERATIONS
of the change data that File Integrity
Manager collects, which reduces your
knowledge of system states as well as What makes FIM “true” FIM?
your overall security posture. Other
solutions rely on periodic megascans to True FIM detects change by first establishing a highly detailed
collect detailed change data, but due to
baseline version of each monitored file or configuration in a
the impact these scans impose on sys-
tems, they’re usually only scheduled to known and trusted state. Using real-time monitoring, it detects
occur weekly, monthly or even quarterly. change to any aspect of the file or configuration and captures
these in subsequent versions. Versions provide critical before-
ChangeIQ Change Intelligence and-after views that show exactly who made the change, what
In addition to capturing highly-detailed changed, and more. True FIM also applies change intelligence
change data in real time, File Integrity
to each change to determine if it impacts integrity (for example,
Manager uses ChangeIQ™ change intel-
ligence to differentiate between “good” rules that determine if the change takes a configuration out of
change and “bad” change, or at least policy or is one that is typically associated with an attack). File
between expected changes versus unde- Integrity Manager is true FIM.
sired and potentially harmful ones.
ChangeIQ:
In short, ChangeIQ turns raw change Fig. 1 Tripwire Enterprise allows you to see before and after differences in precise
“noise” into actionable information. detail through continuous versioning and baselining.
»» Tripwire Enterprise
Report Catalog
»» Tripwire Enterprise
Policy Manager
»» Tripwire Connect
»» Tripwire Enterprise
Remediation Manager Fig. 2 With Tripwire Enterprise’s library of pre-made, built-in reports, changes and
»» Tripwire Enterprise anomalies become immediately visible.
Agent Platform Support
»» Tripwire Axon
»» Tripwire Axon Agent
Platform Support
Tripwire is the trusted leader for establishing a strong cybersecurity foundation. Partnering with
Fortune 500 enterprises, industrial organizations and government agencies, Tripwire protects the inte
grity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Tripwire’s
award-winning portfolio delivers top critical security controls, including asset discovery, secure config-
uration management, vulnerability management and log management. As the pioneers of file integrity
monitoring (FIM), Tripwire’s expertise is built on a 20+ year history of innovation helping organizations
discover, minimize and monitor their attack surfaces. Learn more at tripwire.com
©2019 Tripwire, Inc. Tripwire, Log Center/LogCenter, IP360 and Tripwire Axon are trademarks or registered trademarks of Tripwire, Inc. All other product and company names are
property of their respective owners. All rights reserved. TEFIM3b 1806