What is our primary use case?
The primary use case of this solution is for:
- Check File Integrity
- Check Databases Configuration Integrity, Network devices,
- Monitor changes manually or in real time
- Validate legitimate changes
- Reverse unauthorized changes
- Test node compliance against standards( ISO 27001, PCI DSS, SWIFT...)
- Automatic and manual remediation
- Generate reports manually or automatically
- Send notification emails
- Send logs via Syslog protocol
What is most valuable?
The most valuable feature is the integrity.
If the file configuration has been modified, this solution calculates a hash code of the file. This means that if someone has changed the file, the solution will recalculate the hash and the admin receive a notice that the file has been modified, by sending an email or an alert to the administrator that someone has modified, added or deleted a line.
Not just files, but others like tables metadata, network device config...
What needs improvement?
The main functionality is good, it's the best. Maybe they can add more functionality, for example, they can add a rollback feature so that if someone has changed the file, it will give you an old version of the file and integrate it directly into the system. This is done for network devices but not in other devices. It's a good functionality to have but it's not necessary because it is the work of the administrator, not the solution.
In the next release, I would like to see a guide for every solution to be implemented, bacause it takes some time to understand what files you need to check or what databases.
The solution works with other solutions but there is no guide to explain how to do so. but if you know what files must be monitore, then you can considere that the implemention is well done.
For how long have I used the solution?
I have been using this solution for one year.
What do I think about the stability of the solution?
This is a stable solution.
What do I think about the scalability of the solution?
This solution is scalable and it is easy to add users.
We deploy this solution to other organizations that range in size from small to medium and large companies.
How are customer service and technical support?
We have contacted technical support in many cases and they are very good.
The last time that we contacted them was for an issue that we were having in deployment for the AIX systems. There are several errors when deploying this solution to AIX ystems, but with the help of support, it can be done.
How was the initial setup?
It's easy to deploy this solution but to integrate the equipment for your use case is not that easy. It can be a bit difficult.
It can take three weeks to deploy this solution, but it depends on the environment and he amount of equipment.
You can have one or two people to deploy this solution and it can be as many as two for maintenance.
What about the implementation team?
We have a team that can deploy this solution in other companies.
What's my experience with pricing, setup cost, and licensing?
The licensing depends on type of the equipment, how many devices and the types of devices.
What other advice do I have?
When I first started working with Tripwire, I was only working on file integrity, but there are more functionalities for this solution that i can considure as the best like testing node compliance against standards, and rollback functionality for network devices, also there is an option that when you test your node compliance againt standards Tripwire give the ability to start automatic remediation for your system, or a guide to remediate and fix it manually.
I would rate this solution a nine out of ten.
Which deployment model are you using for this solution?