Tripwire – IP360 9.0.3

Tripwire IP360 is an enterprise-class vulnerability management solution, managed via a web-based GUI that enables cost-effective risk reduction with remediation efforts focused on the highest risks and most critical assets. It provides comprehensive visibility into the enterprise network and all devices and associated operating systems, applications, and vulnerabilities.

This single vulnerability management solution accommodates hybrid enterprises by supporting assets on premises, in a public or private cloud, or in running and non-running containers. The product starts with profiling, not scanning, which shows the company understands coverage is not everything. Tripwire offers protocol, application and vulnerability detection with low false positive rates for an accurate, efficient and comprehensive understanding of your environment.

Built upon a scalable architecture, Tripwire IP360 features comprehensive vulnerability scoring and endpoint intelligence integration for rapid responding to new and advanced threats. Granular vulnerability scoring focuses remediation efforts on critical assets and highest risks. Exploit availability, risk class and vulnerability age help pinpoint the greatest risk to give business context by asset value and natively prioritize vulnerabilities, targeting remediation efforts for greatest risk reduction. The Reporting Vulnerability Inventory includes a heat map showing the risk matrix of an environment you can drill into to see names, affected hosts, risks and scores – everything from no known exploits to authenticated exploits. Risk levels and a vulnerability count are shown in a risk bar graph and you can view granular descriptions and remediation recommendations as well. An aggregate host score is included for a cumulative score of every vulnerability on a system. A vulnerability aging report shows the lifecycle of a vulnerability.

The scalable enterprise architecture supports three main platforms: VMware, Hyper-V and AWS. Centralized reporting and security analytics offer consolidated security intelligence in a dashboard with trend, audit and drilldown capabilities. Centralized security management provides multi-tenancy, real-time analytics and enterprise integration.

Credentialed and uncredentialed network scans and agent-based scans assess endpoints, network devices, and web applications for vulnerabilities. Distributed and scalable scanning yields rapid deployment. Scanners can be distributed for consolidated reporting. With DP pooling, you can add multiple scanners into the same environment for additional resiliency. Out-of-the-box scan profile options are available, as is the option to create your own. Customizable scan scheduling allows you to determine a scan window that works for you. The scanning methodology yields low false-positive rates and endpoint vulnerability scans.

The reporting engine consumes data and gives you a report. And while it felt limited, we found it to be sufficient. Compliance reporting is included for PCI, SCAP/CyberScope and IAVA standards. Vulnerabilities are reported in standard CVE and CVSS formats. Reporting templates are Windows-based and leverage a SQL database.

Starting price is $5,811 for 128-IP annual license and includes one year of enterprise 24/7 support.

Tested by Tom Weil