Proactively Reduce Risk and Improve IT Security in Physical and Virtual Environments

WHITEpaper
Proactively Reduce Risk and Improve IT
Security in Physical and Virtual Environments
page 2 Executive Summary
page 3 Environmental Challenges for Security Professionals
page 4 Sources of Security Compromise
page 5 Tripwire as Part of a Proactive Security Strategy
page 8 Putting It All Together: Benefits of Configuration Audit and Control
page 9 Ensuring a Strong Security Posture for Your IT Infrastructure
©2008 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc. All other product and company names are property of their respective owners. All rights reserved.WHITE?PAPERProactively Reduce Risk and Improve IT Security in Physical and Virtual Environments
Executive SummarySecuring the IT infrastructure in today's computing environment may well be the biggest challenge faced by organizations. Not only must organizations ensure the integrity of their systems and data, but often they must also prove that their security processes and policies measure up against standards and regulations established and enforced by national standards-developing entities. In addition, the recent popularization of virtualized environments adds a new layer of complexity to the security picture. Businesses are just begin-ning to comprehend the security implications of these environments.
To tackle these security issues, many organizations adopt a security approach that addresses vulnerabilities through security policy and systems designed to protect the integrity of the IT infrastructure. This approach recognizes that the integrity of the IT infrastructure may be easily compromised by malicious attacks from external sources, but often lacks a means of addressing compromises that originate from within the organization through both intentional and inadvertent employee actions. And ironically, the very systems responsible for providing security-the firewalls, intrusion detection systems, and others-often go unmonitored.
Configuration Audit and Control solutions from Tripwire play a critical role in an organization's security approach, starting with configuration assessment of all systems and devices, including those with the pri-mary function of protecting the computing environment and data. Tripwire software assesses the infrastruc-ture against established, consensus-based security standards, providing a scorecard that security, compliance and IT operations staff can use to get the infrastructure into compliance with security standards-even with virtualized machines as part of the environment. Once the organization achieves a known and trusted state with its computing infrastructure and data, Tripwire helps organizations stay there, with continuous monitoring and alerting for any configuration changes-whether they originate from inside or outside the organization, and whether they represent proper or improper change.
In this paper you'll learn more about the security risks and vulnerabilities faced by organizations. You'll also learn about the elements of a proactive security approach. Finally, you'll learn how Tripwire helps organi-zations attain and maintain a good security posture using industry-leading configuration assessment and change auditing to harden systems against security breaches, automate compliance with security standards and policies, identify configuration changes, and resolve vulnerabilities.
Page 2WHITE?PAPERProactively Reduce Risk and Improve IT Security in Physical and Virtual Environments
Environmental Challenges for Security ProfessionalsThose whose job it is to protect the security of the organization's IT infrastructure work within an ever-changing landscape. Challenges arise from Internet connectivity, e-commerce, a global workplace, virtual-ized environments, and the ever-increasing complexity of today's enterprise network. Top that with people who inadvertently introduce risk to the infrastructure and individuals out to cause mischief or trouble, and it's obvious that security professionals have a big job on their hands. Some of the major challenges security professionals face are discussed below.
Unclear PerimeterIn the past, the line between what is inside versus outside the organization was fairly clear. By connecting to the Internet though, businesses connect to the public net... [download for more]