03-09-2007 05:15 AM - edited 03-09-2019 05:34 PM
One of statements in PCI DSS is:
Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical
system or content files; and configure the software to perform critical file comparisons at least
weekly.
Typically auditors wants to see a software like tripwire on the system to satisfy an item above.
Question: does/(will) CSA has the simular functionality to protect and report on critical and content files?
03-09-2007 08:03 AM
Never used Tripwire but I know you can configure CSA to monitor files and report back. You can get quite granular too.
Tom
04-19-2007 01:56 AM
Hi,
CSA is Host-Based IDS/IPS while as Tripwire is a change management solution. This means, that CSA is not designed for monitoring changes in configuration files and is mainly designed for IDS/IPS purposes. Moreover, CSA is only limited to host protection and cannot be deployed on network devices, while Tripwire can monitor changes on both hosts and netwrok devices.
HTH
Haitham
04-19-2007 09:32 PM
CSA is more than just a host-based IDS/IPS. Because it is a behavioral-based and can be centrally tuned to the specific requirements of the systems it is deployed, it can effectly monitor file integrity.
In the PCI Solution for Retail, CSA was installed on all of the central application servers and the In-Store POS servers. Cybertrust found it to be an effective solution that met the Host IDS and Host Application Firewall elements of the PCI DSS 1.1 guidelines.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide