Subscribe Contact Us About Us Advertising Editorial Calendar SC US SC Aus/NZ

Home
News
Events
Blog
SC Awards
- Previous Awards
Products
- Reviews
- Group Tests
SC Insight
Jobs
Archive
Subs
- News by Email
- Subscribe to SC Magazine
Whitepapers

Text "follow scmagazineuk" to 86444
@scmagazineuk
LinkedIn

RSS | Log in | Register

Tripwire Enterprise

Peter Stephenson

6/1/2010

Print
Email
Reprint
Text: A | A | A

Product Information

Vendor:Tripwire

Product: Tripwire Enterprise

http://www.tripwire.com

Price:£4,531 for console and backend database; £64-£1,487 for devices

Product Rating

Features
Ease of Use
Performance
Documentation
Support
Value for Money
Overall Rating

For:A lot of predefined policy configurations that offer a great amount of flexibility

Against:Difficult to configure

Verdict:This product shows its heritage, especially for spotting changes in critical files. Just be sure that you know what you are doing when you configure and deploy it

Related Group Test

Policy management (2010)

Reviews For This Vendor

Tripwire Enterprise uses both agent-based and agent-less approaches to assess and maintain server and device configurations and keep them in line with both company and federal policy. It includes standards such as FISMA, as well as regulations such as HIPAA, GLBA and PCI DSS.

It combines many policy sources with several platforms and device types, which results in over 215 pre-built and customisable policies right out of the box.

Installation is quite straightforward and is launched from an executable and lead by a short installation wizard. At the completion of the wizard the web-based management interface can be launched and initial configuration can begin. The interface is a bit awkward to use. It took us a few minutes of clicking around and reading the documentation to really get a feel of how to use the product.

Policy configuration is also a bit tricky. The root policy tree is empty to begin with and we had to go through the documentation several times to complete the configuration and get things up and running before designing and assigning policies. However, it does a great job of offering flexibility in policy configuration and once we had a feel for it we found it to be more comfortable to navigate and use.

Documentation consisted of three PDF guides. The installation guide provided clear step-by-step instructions throughout the entire installation process, while the user guide offered an in-depth look at configuring and managing the product. The reference guide gives some logging and integration information, as well as working in the product's command line interface. All of the guides included many screenshots and configuration examples.

Tripwire offers both standard and premium support at an extra cost. The levels provide different support options ranging from phone and email support hours to accelerated response times and named contacts. All customers receiving support can also access a large web-based community that includes downloads, forums and a knowledgebase.

At a price just over £4,530 before server and device licences we find Tripwire Enterprise to be average value for the money. While it does offer a lot of policy features we find it is difficult to use and has quite a learning curve.

SC Webcasts

Security beyond the (fire)wall

Streaming live on 19^th June at 3pm BST

This webcast addresses the technological challenges of maintaining full control of your most sensitive information - even once it goes beyond the firewall - while maintaining the freedom and flexibility necessary to allow your staff and other stakeholders to work as efficiently as possible. Tune in for free to hear from our regular and popular guest speaker, Bola Rotibi from (ISC)2 application security advisory board. To secure your place, please click here.

The truth about vulnerability management: Compliance checkbox or real protection?

Streaming live 2nd July at 3pm BST

How often are you assessing network vulnerabilties? Is your current vulnerability management program merely a compliance checkbox for auditors? Tune into this webcast live to hear from Joerg Weber, head of attack monitoring, Barclays, Lee Barney, an information risk consultant, and Skybox's Michelle Cobb on how you can prioritise vulnerabilities in a way that makes sense for your specific threat posture. Secure your free place here.

SC Featured Webcast

Employee file sharing: the good, the bad and the ugly

This recently held webcast unveiled the full results from the latest data security survey, where it was revealed that 50 per cent of the information security professionals asked said that they had 'no real visibility' of how data is being sent within and outside the company. Guest speakers included the director of information security from Monster.co.uk and the ISO from Atos. If you missed the live show, you can tune into the on-demand video here.

SC Whitepapers

Java security: Balancing existing testing platforms with open source solutions

In a rush to get new products out to market quickly, companies expose themselves to the risk of software failure. Java developers often turn to open source solutions to help protect themselves from risk. This new whitepaper explains how you can use your existing testing platforms alongside open source solutions to fix those issues related to both security and quality within your Java code. To download the paper for free, please click here.

DDoS and downtime: Considerations for risk management

The purpose of this paper is to start a conversation about the often overlooked risk of downtime caused by DDoS attacks and to provide sufficient content for risk managers to account for the DDoS threat as they evaluate risks to their day-to-day operations and long-term mission. To read the paper in full, please download it for free here.

Ponemon 2012 Global Encryption Trends Study

In Ponemon's recent Global Encryption Study, the organisation surveyed 4,205 information security professionals across seven countries to examine how encryption has evolved over the last eight years. The study focused on data protection priorities, budgeted expenditures for encryption and the types of encryption technologies involved, with the findings revealing some interesting insight into the relationship between encryption and its impact on the security position of organisations. To read the full report for free, please download it here.

Advanced spear phishing: The rise of industrial phishing attacks

With phishing still the most common form of attack, hackers are now engaging in industrial-scale phishing attacks that leverage sophisticated customisation and delivery techniques. Borrowing tactics from cloud computing and database marketing, this study looks at longline phishing - an advanced form of spear phishing, which has higher clickthrough and penetration rates than traditional attacks, potentially causing a higher risk to IT security departments across the world. To read the study for free, please click here.

Most Popular
Most Emailed
Most Recent

RSS

This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.

Your use of this website constitutes acceptance of Haymarket Media's Privacy Policy and Terms & Conditions