CSA vs Tripwire in relation to PCI complaince

Unanswered Question
Mar 9th, 2007

One of statements in PCI DSS is:

Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical

system or content files; and configure the software to perform critical file comparisons at least

weekly.

Typically auditors wants to see a software like tripwire on the system to satisfy an item above.

Question: does/(will) CSA has the simular functionality to protect and report on critical and content files?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tsteger1 Fri, 03/09/2007 - 08:03

Never used Tripwire but I know you can configure CSA to monitor files and report back. You can get quite granular too.

Tom

haithamnofal Thu, 04/19/2007 - 01:56

Hi,

CSA is Host-Based IDS/IPS while as Tripwire is a change management solution. This means, that CSA is not designed for monitoring changes in configuration files and is mainly designed for IDS/IPS purposes. Moreover, CSA is only limited to host protection and cannot be deployed on network devices, while Tripwire can monitor changes on both hosts and netwrok devices.

HTH

Haitham

paujones Thu, 04/19/2007 - 21:32

CSA is more than just a host-based IDS/IPS. Because it is a behavioral-based and can be centrally tuned to the specific requirements of the systems it is deployed, it can effectly monitor file integrity.

In the PCI Solution for Retail, CSA was installed on all of the central application servers and the In-Store POS servers. Cybertrust found it to be an effective solution that met the Host IDS and Host Application Firewall elements of the PCI DSS 1.1 guidelines.

Actions

This Discussion