cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
762
Views
0
Helpful
3
Replies

CSA vs Tripwire in relation to PCI complaince

DSmirnov
Level 1
Level 1

One of statements in PCI DSS is:

Deploy file integrity monitoring software to alert personnel to unauthorized modification of critical

system or content files; and configure the software to perform critical file comparisons at least

weekly.

Typically auditors wants to see a software like tripwire on the system to satisfy an item above.

Question: does/(will) CSA has the simular functionality to protect and report on critical and content files?

3 Replies 3

tsteger1
Level 8
Level 8

Never used Tripwire but I know you can configure CSA to monitor files and report back. You can get quite granular too.

Tom

haithamnofal
Level 3
Level 3

Hi,

CSA is Host-Based IDS/IPS while as Tripwire is a change management solution. This means, that CSA is not designed for monitoring changes in configuration files and is mainly designed for IDS/IPS purposes. Moreover, CSA is only limited to host protection and cannot be deployed on network devices, while Tripwire can monitor changes on both hosts and netwrok devices.

HTH

Haitham

CSA is more than just a host-based IDS/IPS. Because it is a behavioral-based and can be centrally tuned to the specific requirements of the systems it is deployed, it can effectly monitor file integrity.

In the PCI Solution for Retail, CSA was installed on all of the central application servers and the In-Store POS servers. Cybertrust found it to be an effective solution that met the Host IDS and Host Application Firewall elements of the PCI DSS 1.1 guidelines.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: