In a team environment, it’s all about playing nice with others. The same could be said of your technology team (or stack), and its various components. The problem of disparate, complex systems – each coming from disparate, complex places – all being thrown together in an enterprise has been one the industry has been mulling over for some time.
Any change to an individual service could have repercussions across the whole suite, and interconnected issues like these continue to perplex and overwhelm practitioners. With Tripwire Enterprise Integration Framework (TEIF), Fortra’s Tripwire offers customers a way to integrate with change management systems to provide a closed-loop change monitoring cycle.
What is Tripwire Enterprise Integration Framework (TEIF)?
TEIF was designed to integrate Tripwire Enterprise to IT Service Management (ITSM) and Configuration Management Database (CMDB) systems, to facilitate more streamlined and comprehensive communication between them, as outlined in the datasheet. It was brought about because today’s organizations have “multiple sources of truth” to manage, and those sources don’t always see eye to eye. That presents a problem when you need them to work as one towards the same goal.
What are “sources of truth” in an enterprise?
Examples of “sources of truth” usually involve a configuration management database (CMDB) system that tracks asset metadata asset type (i.e. server, network device, database, etc., the asset owner, IP addresses, manufacturer, or physical location).
A Configuration Management Database (CMDB) is the most common single source of truth in large environments. Other sources of truth could include:
- Fortra’s Tripwire Enterprise (TE) | Tripwire Enterprise (TE) is a source of truth when determining whether an asset is in compliance with corporate, industrial or government standards.
- Antivirus Threat Detection, Patch Management| These tools are virus protection sources of truth.
TEIF can provide an assessment of asset coverage for compliance between a CMDB and Tripwire Enterprise. We call that a ‘true up’ report. It lists assets that are in one or other or both and is used to affirm that the proper assets are in both systems.
The challenge of change management
Having these sources of truth is a reality of the modern enterprise. However, they are constantly being updated and altered in the course of an organization’s needs, and that’s where many security teams struggle.
It’s true that most customers handle planned changes without a lot of challenges. However, a lot of issues arise when dealing with changes ‘after the fact’. One case might be where a caller calls into the Help Desk and the operator makes a change, but then neglects to fill out a ticket in a timely manner.
This can result in the change being recorded as a ‘potentially unauthorized change’ (PUC) in an incident ticket. Other challenges occur when implementors make the system changes outside of the approved change window, possibly resulting in a PUC, which will trigger security alarm bells.
How does TEIF help security teams?
As in the examples mentioned above, the majority of change-related issues arise due to user error. However, TE Integration Framework can help catch those instances and make automated adjustments to bring those changes into compliance. Here’s how.
Bringing ITSM and CMDB Together in a Closed Loop
This intersection of security policy, user error, and hard-to-implement change management is exactly where TEIF comes into play. Consider that:
- IT Security (ITSM) is primarily interested in Security Compliance Management (SCM) or ‘did this change affect our security settings or cause us to be non-compliant?’. (For security, TEIF can create tickets when a compliance score drops below an acceptable (and configurable) threshold).
- Change Management (CMDB)is primarily interested in File Integrity Management (FIM) or ‘was this change authorized?’. (TEIF can also create tickets based on allow-listing violations such as a change in listening ports or installed software).
Integrating ITSM and CBDM systems via TEIF creates a continuous feedback loop that makes sure all changes are in alignment with desired policy.
Speeding Alert Times
TEIF is a game-changer for enterprises because the integrations that it facilitates can then alert faster than a human review. Case in point: TEIF can update the compliance status of a CMDB configuration item (CI) with the compliance status as it exists in Tripwire Enterprise. So, a user only needs to look at the CMDB to determine its compliance status and can forego logging into Tripwire Enterprise, saving valuable time and unlocking the security workflow. This is only one example of the good that TEIF integrations can do.
Fortra’s TEIF simplifies complex use cases for systems across the board, including:
- Change Management – The ability to capture observed changes and reconcile them if necessary to approved changes.
- Incident Management – Complete investigations with an incident ticket complete with full details of any unauthorized changes.
- Configuration Management Database – Within your CMDB, get metadata about in-scope assets, automatically apply corresponding asset tags within Tripwire Enterprise, and get data delivered directly from the node.
Creating a Single Source of Truth
In other words, the key value-add of TE Integration Framework is that it integrates the most popular IT and security solutions to create a single source of truth for your most critical systems. This creates a continuous feedback loop that aligns any changes with compliance, security, and authorization standards within your enterprise. TEIF accomplishes this by:
- Reducing friction to data visibility across your enterprise
- Reporting on all endpoint settings
- Automatically reconciling changes
The urgency of change management in today’s landscape
The underlying premise of a change management program is that no change happens in isolation. Every adjustment has a ripple effect on other elements within the enterprise, and if security teams are unaware of those changes, the effect might be negative, and no one would ever know until it’s too late.
Software that facilitates a closed-loop change monitoring cycle like Fortra’s TEIF gives organizations the visibility they need over internal changes and helps them integrate their disparate systems, so they interoperate smoothly and deliver the data SOCs need without unnecessary friction.
Because of its ability to streamline workflows and facilitate faster communication among parts, change management can help an enterprise to maximize the value of their technology investments, speed time to detection and response, and ensure that any changes that occur within their environments are noted, monitored, and authorized.
For more information on Tripwire Enterprise Integration Framework (TEIF), download the datasheet.
