Virtualization Technology News and Information
Tripwire Reins In Rogue Configuration Changes

Quoting eWeek

Tripwire, a leading contender in the fast-growing configuration auditing and control market niche, on July 16 will launch the latest release of its Tripwire Enterprise software.

Tripwire Enterprise 7 is aimed at helping IT get a better handle on unauthorized configuration changes that can cause outages, regulatory compliance violations or open security vulnerabilities. The new version adds a large number of configuration assessments and reports that address operational, regulatory and security compliance issues.

"We're introducing tens of thousands of configuration assessments—out-of-box templates to assess configurations in the data center and identify those risks inherent in them to allow enterprises to achieve a known, trusted and compliant state," said Steve Hall, product marketing manager at Tripwire in Portland, Ore.

The software performs an initial scan of IT infrastructure and assesses their configurations to get an idea of the current state. It then correlates those configurations against industry benchmarks, so that customers can find risks or weaknesses and then move those to a trusted, compliant state. Once that is in place, the software then detects any additional changes and evaluates them for compliance.

The new release can now proactively assess configuration settings and then present the customer with the risk profile associated with those settings. The risk profile can be based on industry-defined benchmarks or best practices as defined by the customer.

The 10-year-old Tripwire is focused on the configuration audit and control niche within the broader configuration management space. That segment of the market is growing by a compound annual growth rate of 16 percent, according to market research firm Gartner.

That reflects a growing recognition in the market that planned changes managed by provisioning and configuration management tools don't address the whole problem, believes Jean Pierre Garbani, industry analyst with Forrester Research in Cambridge, Mass.

"I think that increasingly as people are implementing change management, they're discovering they have a big issue there: That to stabilize their environment, they have to make sure compliance with policy is enforced," he said.


Forrester for its part forecasts a growth rate of 25 to 25 percent for the overall, global change management market for 2007, Garbani said.

Tripwire Enterprise 7 also emphasizes risk remediation by adding the ability to detect unauthorized changes and then reversing those changes "back to a good, known state," said Dan Schoenbaum, senior vice president of marketing and business development at Tripwire.

That capability will initially focus on network device configuration changes, but Tripwire intends later this year to add the ability to audit configuration management databases to ensure all configuration items in the database are authorized. That capability will work with BMC's Atrium CMDB as well as Hewlett-Packard's Universal CMDB and CA's CMDB. Tripwire also added integration into CA's Service Desk, building in existing service desk integration with BMC's Remedy.

In addition, Tripwire Enterprise 7 adds the ability to detect changes made in VMware's ESX and Sun's Solaris virtual server environments. "We can see change at the server, partition and kernel level in the virtual environment," said Hall.

Read or comment on the original, here.

Published Friday, July 13, 2007 6:01 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<July 2007>