- Tripwire Enterprise 7.5V provides visibility and configuration control, helping customers mitigate virtual sprawl, security threats stemming from misconfiguration -

At RSA Conference Europe 2008 Tripwire, Inc., the recognised leader in configuration assessment and auditing for virtual and physical IT infrastructure, announces the newest version of its flagship product, Tripwire® Enterprise 7.5V. Designed explicitly to give visibility into the security and compliance of virtual IT systems, the latest version of Tripwire Enterprise allows IT to manage systems to internal and external policies – across the heterogeneous data centre – from a single point of control.

The constantly growing number of mission-critical applications running in virtual environments necessitates proper configuration for security, compliance and optimal performance. Tripwire Enterprise 7.5V helps IT maintain this ideal state with capabilities that:

Identify and mitigate virtual sprawl. With Tripwire Enterprise 7.5V, enterprises have an early warning system to potential virtual sprawl, with alerts when virtual infrastructure is added or deleted, to take appropriate action and contain unauthorised virtual machine provisioning, automatic monitoring of enabled virtual infrastructure, and auto discovery of unmonitored virtual objects.
Deep integration with VMware vCenter products that allows Tripwire Enterprise to automatically discover all elements within the virtual environment. Now users will know which elements in their virtual infrastructure are assessed for configuration integrity – and which are not. With this latest version, Tripwire users have the ability to monitor VMware ESX 3.0, 3.5, and 3i hypervisors; virtual switches; virtual machine containers; and virtual machine workloads.
New configuration assessment policies designed specifically to assess and validate configurations within VMware virtualised environments, including VMware ESX DISA STIG; the VMware ESX 3.5 Hardening Guide V2; CIS; and PCI. With these policies, enterprises have a view into all configuration settings and changes of virtual infrastructure objects, providing complete control for security, regulatory compliance, and optimal operational performance. In addition, users can also create their own best practice policies for their virtual environment through Tripwire Enterprise. Tripwire integration with VMware vCentre products provides virtualisation customers with easy access to hardening guidelines.
Continuous control of virtual infrastructure objects. Tripwire Enterprise builds on its flagship heritage, automatically detecting unauthorised, non-compliant change to virtual infrastructure objects, immediately alerting IT staff to exceptions to change and configuration management policies for immediate investigation.
Remediation Advice for every change that violates a policy. Tripwire provides detailed remediation guidance, allowing enterprises to quickly return any system to a known, compliant state. This approach enables IT staff to better manage risk by providing continuous, automated compliance across heterogeneous environments.

In a recent survey, “Is Virtualisation Under Control?” conducted by Tripwire, more than 90 percent of those interviewed said that virtualised servers are now deployed in their production environments and run a wide variety of applications. And, three out of four said that up to half of their production servers are now virtualised. This has made security and compliance particularly important for enterprises deploying virtualisation in production environments.

“Most security vulnerabilities in the virtual world will be introduced through misconfiguration and mismanagement of the technology,” says Gartner Vice President and Fellow Neil MacDonald. “While existing tools may be used to assess the proper configuration of virtualised workloads, in many cases these don’t work to assess the proper configuration of the virtualisation layer itself. Ideally, a single, consistent process and tool would be used to assess the proper configuration of both physical and virtual workloads, including the virtualisation layer.”

“VMware and Tripwire are committed to helping customers proactively ensure security and compliance across virtual and physical infrastructure through automation and enhanced manageability,” said Shekar Ayyar, vice president of infrastructure alliances at VMware. “Tripwire Enterprise 7.5V provides critical insight that complements the industry-leading VMware platform, providing essential configuration control to help ensure that security and compliance policies can be enforced.” Tripwire and VMware are extending their leadership around compliance from the Datacentre to the Desktop to proactively provide solutions that help customers maintain control and adhere to Business, Security, and Regulatory directives.
“IT environments are heterogeneous by nature. While many organisations are exploiting the benefits of virtualisation, they want a single point of control for managing configuration integrity across the organisation,” said Dan Schoenbaum, SVP of Corporate and Business Development for Tripwire. “As the backbone of business increases in complexity through technology such as virtualisation, we’re seeing visibility, embedded expertise, and automation grow in importance. That’s why, with the deepest configuration knowledge in the industry, Tripwire is well positioned to provide a holistic solution for ensuring configuration control within the virtual infrastructure and beyond.”Tripwire Enterprise 7.5V new features are available only through the purchase of the Tripwire Enterprise for VMware ESX Server node. Tripwire Enterprise 7.5V will be available at

Source: The itpr Partnership