By Tripwire, Inc.
MarketLive, Inc. offers the technology and hosting power behind online retail sites
such as National Geographic, Gump's, Stride Rite, Trek Bicycles, and Sundance
Catalog. These online retailers generate more than $2 billion dollars in sales annually.
Because these merchants collect and often store customer data, they must
meet the PCI regulation designed to secure credit card information. Even though
MarketLive is not itself a merchant, the company saw that becoming PCI compliant
would put them at a competitive advantage: they could prevent their existing clients
from facing non-compliance penalties, and enable them to attract new business.
When MarketLive went shopping for a PCI compliance solution, they uncovered
hundreds of options. They selected Tripwire because it is well-recognized and wellrespected
by auditors as an effective response to many of the PCI requirements.
Tripwire's configuration audit and control solution also gave MarketLive an automated
method for improving change control processes, streamlining the build process, and
increasing operational efficiency.
MarketLive worked with Tripwire Professional Services to help establish stronger
change control practices, streamline build procedures, and deploy Tripwire
Enterprise across their servers and databases. Professional Services first interviewed
the change management team to understand business processes and define best
practices for change management. This drove the creation of the monitoring rules
and alert actions within Tripwire Enterprise. Changes are first categorized according
to change type, and then appropriate actions are executed. Business-as-usual
changes are automatically accepted wherever possible exposing those changes determined to be policy exceptions and escalating them for investigation. With the
focus now on just the policy exceptions, Tripwire enables MarketLive to proactively
respond and efficiently remediate unauthorized change.
Tripwire Enterprise also helped IT handle database monitoring in a new and effective
way. Instead of writing an array of utilities using database debugging methods,
Tripwire monitors relevant database elements without compromising the performance
of the database. Because Tripwire was specifically designed for the task, IT
staff can adjust the Tripwire agent to monitor exactly at the right level and frequency
appropriate for the situation. This capability alone saved MarketLive several hundred
hours of internal development time.