Strengths: Solid policy management with a few extra features.
Weaknesses: Slightly confusing price model with a lack of no-cost support.
Verdict: Extends the Tripwire legacy of excellent products with just a few small warts in documentation and support.
Tripwire Enterprise brings together policy management, change management and file integrity monitoring under one easy-to-manage platform. With Tripwire Enterprise, administrators can use a combination of an agent-based and an agentless deployment to collect, assess and report on server, database, endpoint and network device configurations throughout the entire enterprise environment. This tool is also leveraged by a couple of key components, which include Asset View and Fast Track. More explanation on those in a minute. First, we take a look at deployment and installation.
This product is software-based, so it must be installed on a server in the environment. Installation of the product itself is easy and is done by simply running an executable, which launches a cleanly organized setup wizard. At the completion of the wizard, the product installs all the necessary components, including the management console. After installation is complete, all management is done via the web-based management console, which we found to be well-organized and easy to navigate with a clean look and tab-top navigation structure. The other thing to note about the management console is the clean dashboard views. The dashboard is one of the first things that an administrator sees when they log into the console and it is loaded with a plethora of useful information, including authorized versus unauthorized changes, changes by application, and many other charts and graphs. This gives the administrator an instant view of what's happening and if anything needs immediate attention.
Tripwire Enterprise also can leverage a library of more than 25 unique policy sources that cover a large amount of policy and platform combinations. These policies include not only regulatory compliance guidelines, such as PCI, HIPAA and NERC, but also hardening guidelines for software vendors, security policies and country-specific standards and best practices. This massive library allows administrators to find and deploy all policies that apply to their environment or organization.
Documentation included installation, user and reference guides. We found each to contain a good amount of detail and easy-to-follow, step-by-step instructions, along with quite a few screen shots and configuration examples.
Tripwire offers only paid support to customers, who can choose from standard and premium levels at a starting cost of $399 and $459 per year, respectively. Standard support includes 12/5 phone- and email-based support, as well as access to a web-based support portal, which includes resources such as a knowledge base, resource library, support forum and product downloads and documentation. Premium support includes the same portal access and also adds full 24/7 phone- and email-based support.Pricing for Tripwire Enterprise is a little tricky, but customers can choose from a wide variety of pricing options. The Express Console version, designed for smaller environments, starts at just under $700, but there is also an Unlimited Console available for $7,000. Those prices license the console as well as endpoints. However, file system monitoring and network device monitoring is an extra cost. We find this product to be a good value for the money overall.