Tripwire Log Center Provides Total Visibility into Infrastructure

fact sheet Vendor: Tripwire Product Name: Tripwire VIA file Integrity monitoring and Log and Event management About Tripwire Press Release vendor resources Choosing the Right Log Management Product Tech Brief: Log management software tracks everything that happens across the IT infrastructure and will help keep your infrastructure secure and compliant. Download this Internet.com Tech Brief to understand what to look for in a log management solution and for profiles of five leading log management vendors. Avoid the Top Five PCI Mistakes Tech Brief: If your organization handles credit card data, there is no avoiding Payment Card Industry Data Security Standards (PCI DSS). The goal of PCI is better security of credit card information. Download this Internet.com Tech Brief to learn the five critical mistakes that organizations make when they lose sight of this goal. Hassle-free Compliance Whitepaper: Does your organization treat compliance as a set of check boxes designed to meet the auditors' requirements? If so, you are wasting a lot of time, money and precious IT resources. This white paper is a roadmap for making compliance a painless, efficient, and routine part of your IT processes. Pulling the plug on Legacy Log Management Whitepaper: When it comes to log management today, CSOs have been left in the lurch. According to a new IDG Research Services survey, organizations are poised to "rip and replace" legacy technology to get a better handle on compliance and security. This paper includes key research findings and strategies to overcome this legacy challenge. For PCI, the Future is Now Whitepaper: Running scared from an upcoming PCI audit? There's a better way. It's called continuous compliance built directly into every day operations. The result is a virtual elimination of costly (not to mention scary) fire drills, even as credit card standards continue to evolve. Information Security and Multi-Compliance: Avoiding Audit Fatigue with a Single IT Compliance Strategy Guide: This guide describes how to gain this alignment and defines the various compliance roles so that information security and compliance activities become integrated into daily business operations. Beyond PCI Checklists: Securing Cardholder Data with Enhanced File Integrity Monitoring

The solutions from traditional security vendors struggle to address log management in a way that helps customers turn log data into actionable intelligence. And solutions that could provide intelligence tend to sacrifice speed and scale in order to provide it.

Tripwire Log Center: Next Generation Log and Event Management Whitepaper: Event logs have to be collected and managed to meet IT compliance needs, but they are also increasingly seen as a major resource to boost enterprise security. Learn why that's so, why traditional log and event management solutions don't provide the answer, and how a modern integrated product does.

Into this landscape steps Tripwire, with a background in file integrity monitoring and compliance policy management for the IT infrastructure. Tripwire released Tripwire Log Center in January to not only collect but to analyze event and change information.

Tripwire Log Center is a standalone solution, but it integrates out-of-the-box with Tripwire Enterprise, which provides in-depth file integrity monitoring on files and configurations throughout your physical and virtual infrastructure. The end result is unparalleled visibility across events and changes without the complexity and bloat associated with traditional log and security information and event management (SIEM) tools, said Tim Zonca, product marketing manager at Tripwire.

SIEM tools are providing customers with part of the solution they need to monitor their infrastructure, but not total visibility. Despite their complexity, SIEM systems often fail to see the relationships between events and changes, leaving customers open to vulnerabilities and threats that can be stopped with a better solution.

The rules around SIEM are also changing thanks to an increase in compliance regulations coming from industry and government. In the past, it was enough to be able to capture information when you knew there was a problem. New regulations require you to save more log files and be able to quickly and easily analyze the files.

Many organizations are searching for security vendors that can handle these new challenges without enormous challenges and complexity.

Tripwire's Zonca says Tripwire Log Center offers a new and pragmatic approach to SIEM that makes it possible to capture and dynamically analyze security data without relying on brittle, point-to-point integrations between traditional log and event management systems.

"We think it's crazy to try to bolt all of that technology together," Zonca said. "We had the luxury of taking a step back and solving these security and compliance problems in a fundamentally different way. We don't have any baggage. The result is that we have an unfair competitive advantage in our next-generation architecture that delivers visibility and intelligence without compromising speed and scale."

Tripwire's experience in configuration change management meant the company was already helping customers monitor what was happening on their infrastructure. Tripwire customers could track changes, and increasingly they wanted more visibility into those changes. Was a change good or bad? What led up to the change?

"It was a natural expansion for us to give our customers added visibility," Zonca said.

Tripwire Log Center combines log management and SIEM. It captures tens of thousands of events per second from any number of devices and then compresses, encrypts, and stores the logs. Users can use standard storage mediums such as storage area networks (SAN) or network attached storage (NAS). The data is indexed so users can complete fast, complex searches using plain keywords.

The built-in SIEM capabilities can provide real-time alerts about suspicious activity. Security analysts can use a customizable dashboard to show them where suspicious activity is happening in real-time.

The event management capabilities of Tripwire Log Center allow users to compare activity against a set of pre-defined policies and thresholds. It sends alerts to notify when a threshold is breached. An event ticketing system helps prioritize events so bigger problems can be fixed sooner.

Tripwire's Zonca said the average security analyst can monitor Log Center and even create new correlation rules without going to the vendor, a lengthy process that many products required in the past. Without vendor intervention and charges, users can create and edit correlation rules in minutes or hours, not days or weeks.

For large enterprises or for managed service providers that deal with a tremendous amount of log data, Tripwire Log Center helps sort through the data and helps human security analysts focus on the areas that need attention.

Miami-based Terremark provides scalable and flexible computing infrastructure to its clients around the world. The company needed a single solution that could manage its massive amounts of log data from multiple customers, servers, and security devices; analyze the information in real-time; and report and act upon areas of interest.

"With Tripwire Log Center, we have a central console from which we can quickly take action on the suspicious activity: We find the important needle for our clients among the many massive haystacks of possible suspicious needles," said Pete Nicoletti, vice president of security engineering at Terremark. "This intelligent capability not only helps us remain proactive in our defense against cyber attacks, but also frees up our security analysts to do what they do best, analyze and respond appropriately to real security events and protect the confidentiality, integrity, and availability of our clients' critical IT infrastructure."

In addition to reducing complexity in Log Center's architecture, Tripwire has a more pragmatic approach to pricing as well. Old pricing models for log management products were a complex combination of events, users, number of consoles, number of devices, appliances, and integration with other systems or help desks.

Like electricity, Tripwire Log Center customers only pay for what they use. Tripwire charges by the events per second. And because Log Center is software and not an appliance, customers that want to deploy it at multiple locations (like retailers) can do so without incurring the cost of additional appliances or components.