Case Study

Case Study: Tripwire Proves Configuration Audit And Control Is A Best Seller With Auditors And IT

By Tripwire, Inc.

MarketLive, Inc. offers the technology and hosting power behind online retail sites such as National Geographic, Gump's, Stride Rite, Trek Bicycles, and Sundance Catalog. These online retailers generate more than $2 billion dollars in sales annually. Because these merchants collect and often store customer data, they must meet the PCI regulation designed to secure credit card information. Even though MarketLive is not itself a merchant, the company saw that becoming PCI compliant would put them at a competitive advantage: they could prevent their existing clients from facing non-compliance penalties, and enable them to attract new business.

When MarketLive went shopping for a PCI compliance solution, they uncovered hundreds of options. They selected Tripwire because it is well-recognized and wellrespected by auditors as an effective response to many of the PCI requirements. Tripwire's configuration audit and control solution also gave MarketLive an automated method for improving change control processes, streamlining the build process, and increasing operational efficiency.

MarketLive worked with Tripwire Professional Services to help establish stronger change control practices, streamline build procedures, and deploy Tripwire Enterprise across their servers and databases. Professional Services first interviewed the change management team to understand business processes and define best practices for change management. This drove the creation of the monitoring rules and alert actions within Tripwire Enterprise. Changes are first categorized according to change type, and then appropriate actions are executed. Business-as-usual changes are automatically accepted wherever possible exposing those changes determined to be policy exceptions and escalating them for investigation. With the focus now on just the policy exceptions, Tripwire enables MarketLive to proactively respond and efficiently remediate unauthorized change.

Tripwire Enterprise also helped IT handle database monitoring in a new and effective way. Instead of writing an array of utilities using database debugging methods, Tripwire monitors relevant database elements without compromising the performance of the database. Because Tripwire was specifically designed for the task, IT staff can adjust the Tripwire agent to monitor exactly at the right level and frequency appropriate for the situation. This capability alone saved MarketLive several hundred hours of internal development time.