Product: Tripwire Enterprise
Price: Starts at $599 ranging to $6,995 for the license cost.
- The real-time change intelligence, with side-by-side comparisons assist you in pinpointing differences and prioritizing remediation actions. This is an extremely useful and unique feature.
- None that we observed.
- With the combination of change audit and configuration assessment, this intuitive tool hits the mark for use with your next compliance driven project.
SC Labs Reviews
Reviews from our expert team
Tested by: Matthew Hreben & Katelyn Dunn
Tripwire Enterprise is a web-based solution centered on what Tripwire deems the least understood and most nebulous of the security triad: integrity.
The solution is uniquely geared towards a focus on change detection and identifying inevitable drifts from an organization’s compliance standards. To this end, Tripwire Enterprise combines change audit and configuration assessment capabilities to provide users assurance they are using secure configurations on their hardware and software, especially referring to the CIS benchmark standards.
We reviewed Tripwire Enterprise through its main use-case, a compliance-driven project that incorporates a variety of different standards and requirements. For example, one of the requirements involved alignment with a white paper on GDPR with NIST and ISO templates. Graphs displayed in the CIS Benchmark Overview tab describe the compliance health of an environment where CIS controls are concerned. Analysts may then drill into a more specific window that shows how and where policies and practices are failing and gives a step-by-step remediation guide based on those results. These test results are customizable, or users can also choose to defer to out-of-the-box rules and policy-set evaluations to review their current state.
Under the hood, the solution’s Detection Engine gathers granular data from file systems, network devices, databases, directory services, desktops, hypervisors and applications to detect any changes within these architectures. From there, a determination is made on whether the change took a network out of a compliant state and if this change came from an authorized source. The ability to nest logic from both sides (change audit and configuration assessment) is unique to Tripwire Enterprise. Essentially, the detection engine defines what information to monitor across different data sources. When it comes to compliance-focused change auditing, Tripwire Enterprise offers reconciliation options with conditional actions, managed via the Reconcile Express tool and integrations with CM systems. On the configuration assessment side, it provides users with policy management options with a Remediation Advisor, allowing the creation of temporary waivers and additions to your policy baseline.
The decision to engage either workflow begins with the Integrity Monitoring tab. Here, graphs show changes by data and approval and suspicious changes by platform. Anything suspicious within these reports can be sent out on a scheduled basis or run ad hoc. Tripwire categorizes changes as authorized or unauthorized to give visibility on the associated change ticket. From there, it is possible to go to a more detailed view of changed elements and their attributes such as date, time, type of change, any users associated with the change and the specific node that discovered it. Tripwire Enterprise offers some out-of-the-box rules for critical change detections that cover the basics of an operating system and it is possible to deploy more on top of that, depending on the necessity of specific practices. There is a ticketing system integration that allows users to create tickets based on detected changes. Tripwire Enterprise has API access to allow for numerous integrations and a variety of natural integrations. Finally, the solution has cloud hardening for AWS, Azure, Google Cloud and others so users will be able to see if their cloud is set up securely.