Tripwire IP360: Vulnerability management product overview
Expert Ed Tittel examines vulnerability management products from Tripwire, including the rack-mounted IP360 appliance and the cloud- based PureCloud Enterprise service.
Tripwire Inc., based in Portland, Ore., is an IT security company known for its log management, file integrity monitoring and security configuration management products. After acquiring nCircle in 2013, Tripwire started offering enterprise-class vulnerability and risk management, which is provided to customers across several products.
The company's main vulnerability management product is Tripwire IP360; Tripwire's PureCloud Enterprise, meanwhile, provides cloud-based vulnerability scanning. Tripwire IP360 is a rack-mounted or virtual appliance-based product, while PureCloud is a cloud service and does not require any dedicated hardware or software. In addition, Tripwire also offers SecureScan, a free vulnerability scanner for networks with up to 100 IP addresses, making it ideal for small organizations that lack a sizable budget for security. Still, SecureScan provides the same enterprise-class vulnerability scanning platform as Tripwire IP360 and Tripwire PureCloud Enterprise.
Features
Tripwire IP360 is managed from an intuitive web interface. Like many vulnerability management products, IP360 is designed for easy setup and management; Tripwire says the product can be up and running, and complete a scan or two, in less than an hour. The setup includes one or more Linux-based physical or virtual appliances, which can be pooled together for increased speed and performance.
Tripwire IP360 is powered by an advanced vulnerability scoring system; the product pulls data from Tripwire's Vulnerability and Exposure Research Team (VERT), which identifies emerging vulnerabilities. VERT is responsible for creating unique detection signatures that are pushed to Tripwire products; IP360, for example, leverages the VERT data and analyzes it in a risk matrix, which is based on factors such as the difficulty to exploit the vulnerability. Enterprise security teams are then given a risk score for the vulnerability in order to prioritize their remediation efforts.
All Tripwire vulnerability management products, including IP360, perform asset discovery and identification, identify weaknesses -- which may include hidden devices -- and prioritize vulnerabilities and remediation tasks. Scans may be run from predefined definitions, or profiles, and administrators may customize policy definitions as needed. Predefined profiles include those for a standard scan, deep scans, ping and port scans, web applications and host inventories, among others for specific compliance regulations. Tripwire can also discover any mobile device that connects to wired or wireless networks. It also provides an automated workflow in which an administrator defines rules for device categorization across physical and virtual locations.
All Tripwire vulnerability management products have preconfigured reports available for the Payment Card Industry Data Security Standard (PCI DSS), the Sarbanes-Oxley Act audits, SCAP and information assurance vulnerability alert standards, as well as audit reports and scan results may be exported to CSV, PDF and other formats. While most reports satisfy the needs of administrators and auditors, some reports are designed specifically for C-level executives.
Vulnerability signatures are updated regularly but not continuously. Unique to Tripwire, customers are guaranteed signature updates within 24 hours of a Microsoft advisory regarding a new vulnerability.
Tripwire offers a scalable architecture with low bandwidth requirements that minimize the impact on systems and networks during scans. Tripwire PureCloud enables customers to perform an unlimited number of scans each month, scans perimeter servers using public IPs and scans web applications. It covers PCI DSS 3.0 compliance requirements for external scanning of an organization's network.
Pricing, licensing and support
Customers can purchase Tripwire products directly from the company or through a channel partner. Tripwire IP360 offers a wide range of prices for different types of clients and appliances; the product supports platforms such as Amazon Elastic Compute Cloud, Microsoft Hyper-V and VMware's ESXi and Fusion. Tripwire PureCloud requires a license and pricing is based on number IPs in the environment.
Tripwire provides clients with basic free support upon purchase of Tripwire products, as well as advanced support for a fee. Basic support is available for one year and includes software upgrades. Customers report that Tripwire provides outstanding customer support.
Free tools include SecureScan and SecureCheq, which focuses on Microsoft Windows desktop and server configurations. Customers can access product briefs, white papers, videos, case studies and more from the Tripwire website. A series of free training webinars called "learning labs" are available to learn about the intricacies of Tripwire IP360.