ITIL, Problem Management and Tripwire Enterprise | Cyber Security
I’ve written about ITIL and Tripwire Enterprise, offering a secure approach to managing your Change Management processes, but ITIL’s guidelines offer more than just recommendations around ensuring changes happen as expected.
Problem management is another key area where Tripwire Enterprise can help you on your ITIL journey. ITIL sensibly focuses on root-cause analysis for problem management. Once a problem (or, indeed, a potential problem) has been identified, root cause analysis can begin.
At the heart of this process are two key objectives: developing a detailed understanding of the original problem and its causes and identifying the relevant actions that will either resolve or prevent an issue from happening.
For many organizations, root cause analysis is often skipped in the problem management process due to its time-consuming nature. Understanding the circumstances under which a problem arises can be challenging, especially when your team is busy working to implement a fix. But understanding the root cause is key to preventing repeat occurrences and extended outages. Therefore, it should not be dismissed.
Whether it’s a security risk, a configuration error or a hardware fault that causes it, problem management will likely be a good test of your toolset. When you look across your estate, understanding what’s going on necessitates the ability to spot patterns that may only show up under the magnifying glass of someone working their way through a problem management case. All too often IT teams are caught out by the recurring minor incidents that actually reflect a bigger, underlying fault.
Fortunately, the toolsets for IT problem management are getting better all the time, and, perhaps more importantly, the important data they often gather is no longer hidden in individual log files.
The last few years have seen a rise in tools aimed at helping organizations not just capture data but also visualize it. (With graphing and reporting, it’s far easier to spot the trend before it becomes a major outage.) And plenty of startups are starting to apply machine learning to analyze and highlight data than ever before.
I suspect the future for this field will likely involve far more collaborative approaches driven by cutting-edge technology and technology specialists helping to customize, tune and optimize the data output of mass-data analysis tools. But even with big picture data, it’s important to remember that gathering the forensics in the first place is important.
Whether intruders sweep up their tracks afterwards or an automated process accidentally prunes the key log file you were looking for, there’s a risk that if you don’t spend the time setting up the right log configuration to begin with, you’ll be no better off than if you had no logging at all. ITIL’s approach to service management should help you prevent gaps from occurring over time, but constantly keeping your tools and configuration up-to-date is pivotal, too.
Tripwire Enterprise can help with your root cause analysis by providing you a snapshot of the “before and after” states, helping you to understand what changed and led up to your original problem. Whether it’s a misconfiguration through a typo or an unexpected effect of a patch, being able to build a timeline can help technicians identify the circumstances that led up to the original problem case.
Tripwire Enterprise can also help you easily assess deviations from your desired state. When you start an investigation, it can be challenging to work out where to begin, but compliance assessment will help you spot devices that are no longer configured to your own (or, indeed, various industry standards) configuration standard and potentially kickstart your investigation by narrowing down your efforts to just a few key devices.
Practical ITIL in day-to-day operations requires organizations to make the most of their toolset to deliver the full range of benefits. Fortunately, with the help of Tripwire Enterprise’s File Integrity Monitoring and System Configuration Management functionality working together, you can achieve many of these objectives far easier than you might initially think!