Configuration audit and control provider Tripwire on Feb. 5 gave IT a better handle on controlling configuration changes that can cause outages or compliance issues when it launched the latest release of its Tripwire Enterprise software.
The configuration monitoring and control software is designed to help IT track changes made outside of existing policies to help reduce the amount of downtime and security vulnerabilities caused by unauthorized changes.
“Auditing the state of your configurations is essential to find out where unauthorized changes are occurring,” said Rob Warmack, vice president of product marketing at Tripwire in Portland, Ore. “There are polices in place on when changes should be made and how configuration states exist. Our job is to track that.”
Tripwire Enterprise 6.0 adds the ability to monitor changes to Microsoft SQL Server databases and Group Policy Objects in Active Directory as well as HP UX 11 on Itanium. Tripwire also updated monitoring for operating system versions on network devices that it also audits.
The new elements that the software can track further broadens already widespread support for different infrastructure components, which is critical for success, according to Warmack. “We have coverage across the entire IT service stack, including network devices, servers, directories and databases. We can see all the changes occurring,” he said.
Tripwire in the 6.0 release also developed automated techniques to filter and classify changes to better detect changes made outside of policies.
“Not all change is equal. An emergency change is not the same as a business-as-usual change, so we categorize changes,” said Warmack. Users can treat a change in different ways based on the system type, type of change, time of day it was made and its risk level.
The new release also adds the ability to analyze changes to determine whether they conform to existing policies. The analysis capability applies to authorized users, time windows, or other parameters.
“Say you have patches to push out and the rule is you only do that between 2 a.m. and 4 a.m. Then if something changes at 8 a.m. we flag it and bring it to the attention of the appropriate people,” he said.
Tripwire, which morphed from a host intrusion detection and change audit for security company into a vendor focused on operations and compliance, competes with a range of vendors including Bladelogic, Opsware, Symantec, ConfigureSoft, SolidCore and others.
Tripwire typically targets compliance officers, Sarbanes Oxley Act program managers or security managers.
Tripwire Enterprise 6.0, which also adds more actionable reports and online dashboards, is available now.
