November 01, 2016
Licence starts at £490 to £5,700, plus £15 to £732 per asset depending on configuration and number of assets covered.
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Solid Tripwire change and security management tool that addresses all of the requirements for just about any regulation.
- Weaknesses: Can become a bit pricey considering that you must add support as a separate cost item as well as hardware and software, such as MS-SQL, to support the product.
- Verdict: Very good product for detecting changes in configuration or files and reporting in a way friendly to regulatory requirements. Closed loop remediation adds to the value.
Tripwire Enterprise is a policy compliance/risk management, IT operations and security tool. Its purpose, among other things, is to add context to changes. Given that Tripwire has been known for over a decade as being able to spot changes in critical files in Microsoft operating systems, it is not surprising that Tripwire Enterprise has strong capabilities along those lines as well.
Consisting of vulnerability management, security configuration management and log management, Enterprise can interface with 100 third-party devices. Based on the security model of prevent, detect, analyse and respond, this is a sort of SOC in a box with a bit of the NOC thrown in as well. Its policy management functionality automates configuration assessment and compliance. Integrity management monitors file integrity in real time while forensics and inspection does deep data collection and manages historical change and audit information.
Finally, remediation and integration functionality provides automated and guided remediation and system integrations. Enterprise is agent-driven. The Axon agent is lightweight. However, there is an agentless option.
The architecture is composed of rules that ask questions of the agents. The agent then responds to the enterprise server looking for changes from the baseline - not just files but applications, devices, etc. Only changes move across the network so there is a very low network footprint.
We dropped into the integrity-monitoring dashboard. You can create your own dashboard using the available widgets. This one was set up to show a bar graph of changes by date and approval, and bar graphs of suspicious changes by asset and by platform. The standard in use was NIST 800-53, High Security.
Once we saw the top level we were able to drill down into the widget. This took us to individual changed elements. Drilling down to the level of an individual asset you can get detailed test results. The same is true if you look at the test itself. This will tell you what devices passed or failed (or passed part and failed part) of the test.
Enterprise integrates directly with Service Now and can generate tickets to perform closed loop remediation. The product comes with 750 policies out of the box. That translates to over 25,000 individual tests. For critical event response, a specific and detailed flow chart is generated allowing the analyst to see the event in good detail. Because of the closed loop remediation work flows, users either can do remediation of the event yourself or let the system do it for them.
Enterprise interfaces with threat feeds so, when the tool's internal capabilities are factored in, malware infections, including unknown malware and ransomware, can be halted before damage is done.
Further, there is an extensive policy library that ships with the product but you can build your own policies if you wish. The website has a support portal that requires sign-in. It includes a knowledge base and all content, such as policies, is available for download.
There is no included support. All options are fee-based and the costs are dependent on a number of factors, such as location, scope of support, on-site or remote, etc. Enterprise is an on-premises product and supports several databases, including MySQL, MS-SQL and Oracle.
This is a feature-rich security and risk management tool that can get pricey in large implementations. However, Tripwire has a track record that all but ensures that the product will behave as expected. We were impressed overall and there is a lot of functionality to offset the cost of the tool. Given its capabilities, cost of ownership is quite reasonable. We would have liked to see a minimum no-cost standard support package. Documentation is solid.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Researchers hack Visa cards in six seconds
- The information security implications of M&A deals
- Cyber-security must reflect risk not just regulation
- ICYMI: Tesco warned; IP Bill threatens economy; German routers offline; Azure trojan; Gooligan fraud
- Data centres are on the move - where will they end up?