Tripwire Enterprise and Via Data Mart
Strengths: Full end-to-end system and security policy management with robust modelling and reporting
Weaknesses: Can be costly for some organisations
Verdict: If one can afford it, these tools are worth a close look. Carries the Tripwire tradition forward in fine style
Tripwire Enterprise and Via Data Mart are two products that comprise a suite for maintaining configuration states of servers, network devices and databases, as well as robust reporting services, to allow for deeper analysis of security and configuration policy.
Tripwire Enterprise is a tool for full-service system configuration management that allows administrators to put a policy in place and have systems continuously checked against that policy to ensure compliance.
Via Data Mart, on the other hand, is more of a way for administrators to collect information from various sources throughout the environment, including output from configuration and vulnerability management systems, and turn the data into a way of testing security policy changes through the use of dashboards and rich reports.
We found these products can be easily installed on the same server, and initial installation and setup does not take long at all. Both products include Windows and Linux installers for greater deployment flexibility. We chose to install both on a Windows server. The installation process is similar in both products, and is done by running an executable, which launches a brief setup wizard. At its completion all of the components are installed and all further management is done via a web-based management interface, which we found to be well organised with intuitive layouts.
We found Tripwire Enterprise to be more like three products in one, rather than just a simple system configuration management tool. It is built on three solid functions that include configuration management, file integrity monitoring and remediation. These work together to provide a robust feature set. The Policy Manager function allows administrators to define policy and assess their configurations against any of more than 250 policies, standards, regulations and vendor guidelines. File Integrity Manager continually checks systems for unauthorised or unneeded changes. Finally, Remediation Manager automates remediation and maintains compliance throughout the enterprise.
Documentation provided includes both installation and administrator guides in PDF format for both products, which were well organised and contained an excellent amount of detail, including many screenshots and configuration examples.
Tripwire offers all customers basic, no-cost phone and email support and they can access an online area that includes many resources, such as a knowledgebase and user forum. Additional aid is available, with the cost for premium support based on the number of licences purchased.
At a price starting at £13,200 for both Tripwire Enterprise and Via Data Mart, it can be quite pricey for some environments but we find it to be good value for money. In this pricing model however, Via Data Mart takes up the bulk of the cost, so if data modelling is not a part of the overall strategy the cost drops significantly. That said, it does offer a lot of excellent capabilities for better security policy and overall security posture.