FFIEC News

Aria Systems Selects Tripwire Enterprise for Configuration Control

(Jan 09, 2008)-- Tripwire has announced that Aria Systems has selected Tripwire Enterprise to help it comply with the Payment Card Industry Data Security Standard (PCI DSS). Tripwire’s configuration assessment and file integrity monitoring solution allowed the company to successfully achieve PCI certification while enabling its staff to focus on projects that generate more business.

“Tripwire’s experience with PCI enabled us to focus on hardening our systems rather than interpreting PCI requirements. Judging by the assessor’s response, we got it right,” said E. Barry Smith, Chief Financial Officer at Aria Systems.

Aria Systems provides a SaaS subscription billing and customer lifecycle management platform that helps businesses establish better control of their finances, billing and marketing procedures. The company has experienced tremendous growth over the past five years and now processes millions of transactions for its customers. The increase in business volumes recently placed Aria into Level 1 Merchant status as stipulated within the PCI DSS, requiring a more stringent, on-site analysis of its systems that process and store credit card data.

Aria Systems immediately turned to Tripwire and its proven experience in helping others attain PCI compliance to help them meet the Qualified Security Assessor’s (QSA) requirements for proof of change and configuration control. In fact, Tripwire Enterprise ships with out-of-the-box policies based on security standards provided by the Center for Internet Security (CIS) that are mapped to specific PCI requirements. And, its file integrity monitoring capabilities come with default policies that fully address the PCI requirements on all of the servers that manage Aria’s confidential customer information.

Following implementation of the software and policy tuning performed by Tripwire Professional Services, Aria successfully achieved Level 1 certification well before the deadline. Tripwire was considered a superior method of control that completely addressed the PCI requirements in question as Tripwire gave Aria and its assessor the ability to easily review configuration assessment reports for all PCI servers. Moving forward, Tripwire Enterprise will continually and automatically monitor all change activity, alerting IT systems managers proactively to activity that is unauthorized or suspect.

“Tripwire Enterprise just makes life easier,” said Geoff Knaak, System Administrator at Aria. “We don’t have to wait until something breaks now to know if anything unexpected has occurred. Tripwire alerts us immediately. If there is a problem, we investigate it using Tripwire’s detailed information as a guide. With the time saved, systems operators can now stay focused on other projects, like those that directly serve our customers and help grow the business.”

For more information, please visit http://www.tripwire.com/

Share or bookmarklet this web page at: