In my previous article, we discussed how organizations are shifting how IT resources are deployed and managed. We covered three methods in particular: automated image creation and deployment, immutable image deployment and containers. We’ll now explore how organizations can make the best of these methods in a dynamic environment.

Dealing with Change when the Targets are Moving

In a dynamic environment, the assets that you’re monitoring are changing often. One Tripwire customer is onboarding and offboarding approximately 800 systems every day! You would never see that much system churn 20 years ago when Solaris ruled the datacenter and when systems were slowly rolled out and ran multiple applications for years at a time.

Today, systems may go into production for just a few hours before they are destroyed. But even for those few hours, they must be monitored, and we need to ensure that they were configured correctly when they started (SCM checks) and that no serious vulnerabilities are present (IP360 Check). The IP360 Axon agent will start a check of a system the first time it comes up. The Tripwire Enterprise Axon agent can baseline and do an SCM check when an agent comes up by notifying the TE Console that it’s there. At that point, classification and baselining can begin.

This type of asset management and getting monitoring setup right away requires automation. When new assets come into the system, they must be immediately classified:

  • What type of system is this?
  • What application(s) is it running?
  • What policy does it follow? (CIS, SOX, PCI, DISA, etc)
  • Who gets alerts?
  • And there are others….

Once classified, Tripwire can apply tags to the asset (“node” in Tripwire terminology). Once tagged, the Tripwire Rules that apply to each area can be baselined, thus allowing monitoring to begin. Once (Read more...)