2016-01-18T02:31:00Z

We're evaluating Tripwire, what else should we consider?

We are mainly a VMware customer and for security Tripwire is being recommended. However, upon research I found that VMware has vCenter Configuration Manager and I'm checking to see if that's an alternative.

If not vCM, does anyone recommend any other products? How about CIMCOM?

Thanks.

it_user371577 - PeerSpot reviewer
User at a tech company with 51-200 employees
  • 11
  • 129
10
PeerSpot user
10 Answers
it_user372162 - PeerSpot reviewer
Senior Manager Infrastructure at Accenture
Real User
2016-01-18T22:42:29Z
Jan 18, 2016

Have you looked into ScriptRock yet? It's a great platform for configuration management / monitoring / integrity as well as security. You can get complete visibility into the configuration of every server, network device, and cloud app you're running, ensure everything is correctly configured at all times while enforcing whatever security policies are critical to your environment. You can start with 10 nodes for free to try as well ...... www.ScriptRock.com :-) it seems to be a 'next generation' version of Tripwire.

Search for a product comparison in Application Security Tools
it_user363954 - PeerSpot reviewer
Programmer at a educational organization with 501-1,000 employees
Vendor
2016-01-23T09:19:32Z
Jan 23, 2016

After tuning your applications, you can protect them with Tripwire or Cisco's FirePOWER NGIPS solution. Cisco's solution integrates well with existing hardware and discovers non-existing hardware. This industry grade product can build financial trust from customers worried about their identities being stolen. An equivalent solution might be to stick with Tripwire. In addition use SSL/TLS (enforcing authenticity, integrity and confidentiality) while employing application certificates and client certificates in digital streams. I'm not an expert on this, but Tripwire may be more difficult to manage yet easier to configure.

it_user369339 - PeerSpot reviewer
Project manager at IRIDIS Group
Vendor
2016-01-20T07:36:08Z
Jan 20, 2016

We used Tripwire some time ago on different platforms (Intel/SPARC) and OS (Windows/Unix Solaris) and were very satisfied. The product combines the flexibility and functionality. During use Tripwire we did not have any problems with installation and configuration. The product works great on various plaformah. So I recommend it for use.

KS
CEO at Appvance
Vendor
2016-01-18T18:17:43Z
Jan 18, 2016

Are you attempting to understand what hole you have in an application and close them? ie App Penetration testing?

Or are you asking about detecting IT security issues in production?

These are two different fields, the second arguably not very related to “Application Security” but more “Network Security”

it_user371895 - PeerSpot reviewer
Business Development Manager at a tech company with 51-200 employees
Consultant
2016-01-18T14:01:15Z
Jan 18, 2016

My company is considered a competitor but I think you have to define better what you are looking for. there is a difference between configuration management tools like VCM to vulnerability management tools like Tripwire/ Qualys/ NNT.
As to the third product you mentioned, if you were referring to Calcom software www.calcomsoftware.com they are focused on baseline hardening and the actual act of securing the servers. This is a new automation approach which helps the IT administrator to enforce a security policy without having to test a policy in labs or breaking running services when securing the system. they are a management pack for SCOM so if you use System Center or own the license you will probably see a good ROI.

Vendor
2016-01-18T13:49:46Z
Jan 18, 2016

I'm using NNT from newnettechnolgies.com

Find out what your peers are saying about Tripwire, Trend Micro and others in Application Security Tools. Updated: September 2023.
735,432 professionals have used our research since 2012.
it_user352776 - PeerSpot reviewer
IT Division at Lais s.r.l.
Consultant
2016-01-18T13:38:50Z
Jan 18, 2016

i use Stormshield Endpoint Protection "https://www.stormshield.eu/endpoint-protection/" , you can configure in only witelist application checking the application certificate id and is very good to prevent cryptolocker attack.

it_user333624 - PeerSpot reviewer
Software Developer at a tech services company with 501-1,000 employees
Consultant
2016-01-18T12:03:03Z
Jan 18, 2016

hmm...I would look into these aproaches:
OSSEC
file integrity
log monitoring
rootkit detection
config analysis

Verisys(similar to Tripwire)
it's easier to use and cheaper

AIDE
open source

You'll have to look into it and what complies with the requirements in details.
Going for open source or paid enterprise in rapport with the demands of the security levels and structural needs.

it_user226029 - PeerSpot reviewer
Chief Marketing Officer at Greenbone Networks GmbH
Consultant
2016-01-18T11:47:36Z
Jan 18, 2016

Hi, I can't judge about the two solution as my company should be considered a competitor in the Vulnerability Management space. Still, what I'd like to recommend is to verify at least the ability to scan below the virtualization environment. I haven't heard of vCM and Vulnerabiliy Management in conjunction, so the question towards vCM would be about it gets update on Vulnerabilties discovered (ways of testing for them, frequency of updates, high risk vulnerability handling and so on).
Generally I'd suggest to consider putting the management of your Vulnerability Scanning solution outside of the virtualized environment and only use virtual sensors in it.

it_user346149 - PeerSpot reviewer
Managing Director at a tech services company
Consultant
2016-01-18T11:45:38Z
Jan 18, 2016

You should consider the following vendors: 

Tenable
AlienVault

Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot
Apr 3, 2023
Hi Everyone, What do you like most about Tripwire Enterprise? Thanks for sharing your thoughts with the community!
2 out of 6 answers
SL
Systems Analyst at bercell integrated technologies
Apr 25, 2019
We use Tripwire Enterprise as a tool to test the vulnerability of a network. That is the most valuable feature of the product for us.
it_user1247235 - PeerSpot reviewer
Cyber Security Consultant at a tech services company with 51-200 employees
Jan 7, 2020
The most valuable feature is the integrity.
Julia Miller - PeerSpot reviewer
Community Director at PeerSpot
Apr 3, 2023
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
2 out of 4 answers
SL
Systems Analyst at bercell integrated technologies
Apr 25, 2019
One of the features of this solution is that they have a fixed annual price license for a limited number of users.
it_user1247235 - PeerSpot reviewer
Cyber Security Consultant at a tech services company with 51-200 employees
Jan 7, 2020
The licensing depends on type of the equipment, how many devices and the types of devices.
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technology products and we want your vote! If there’s a technology solution that’s really impressed you, here’s an opportunity to recognize that. It’s easy: go to the PeerSpot voting site, complete the brief voter registration form, review the list of nominees and vote. Get your colleagues to vote, too! ...
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 5, 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedicated to improving software security. It operates under an open community model, meaning that anyone can participate in and contribute to OWASP-related online chats and projects. The OWASP ensures that its offerings (online tools, videos, forums, events, etc.) remain free and are easily accessible t...
See 2 comments
Ben Arbeit - PeerSpot reviewer
Manager at a retailer with 51-200 employees
Jul 31, 2022
Thanks for this informative article.
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a retailer with 10,001+ employees
Aug 5, 2022
OWASP is nice, but very specific and currently limited. How about trying ISO-24772 for all?
EB
Director of Community at PeerSpot (formerly IT Central Station)
Mar 4, 2022
Hi community members, Here is our new Community Spotlight for YOU. We publish it to help you catch up on recent contributions by community members. Do you find it useful? Please comment below! Trending Top HCI in 2022 What are the main differences between XDR and SIEM? Articles Top 5 Ethernet Switches in 2022 SASE: what is it and what are the main benefits? Questions Che...
RC
Enterprise Architect at CDPL
Dec 15, 2021
Privacy Concerns in an RPA Implementation Program. The biggest concern we (as RPA solution implementors) have faced when interacting with clients and customers were: 1. Regulatory and Compliance issues. 2. InfoSec and Security issues. 3. Audit Issues. Regulatory and Compliance Issues: There is a huge penalty if the wrong data gets updated and emails are sent to customers by the regulatory...
Related Categories
Related Articles
Ariel Lindenfeld - PeerSpot reviewer
Director of Community at PeerSpot
Aug 21, 2022
PeerSpot User's Choice Award 2022
We’re launching an annual User’s Choice Award to showcase the most popular B2B enterprise technol...
Deena Nouril - PeerSpot reviewer
Tech Blogger
Aug 5, 2022
What is OWASP Top 10 in 2022
What is OWASP? The OWASP or Open Web Application Security Project is a nonprofit foundation dedi...
Download Free Report
Download our free Application Security Tools Report and find out what your peers are saying about Tripwire, Trend Micro, and more! Updated: September 2023.
DOWNLOAD NOW
735,432 professionals have used our research since 2012.