Tripwire IP360 Review

Helps us prioritize vulnerabilities but the dashboard and reporting need to improve


How has it helped my organization?

Tripwire IP360 helps me to discover most of the vulnerabilities. I'm specifically talking about system vulnerabilities, not application vulnerabilities. I like the way that it prioritizes these vulnerabilities, as it allows me to focus on the most important ones first and then follow up with the rest.

What is most valuable?

The most valuable features of this program are the low rate of false positives, and the ability to go deep and examine why a vulnerability was discovered, as well as how it was discovered. I believe these are the two main features that I like.

Another great feature is the ability to scan through host-based agents which provides faster, more reliable and a network-friendly way to scan. Having a scan agent installed in the target system provides faster results as hundreds of agents can run at the same time in hundreds of targets instead of scanning through the network. Network scanning requires credentials to connect to a system, has a limit of parallel scanning and creates unwanted network traffic.

What needs improvement?

I feel that the reporting should be improved - especially the way it organizes the findings. I would like to have a real-time dashboard. The previous program I used, could tell me which of my systems were vulnerable when a new definitions file was uploaded, so I knew about the new vulnerabilities before scanning the systems. An exposure index would be great in reporting. 

Another thing that needs to be fixed, is the reporting. The remediation solution for Microsoft vulnerabilities, for example, gives me the CV number and then I have to search in Microsoft to find and download the patch. Other programs give me directly the KB article with a link to download the patch related to my case.

The technical support can also be better.

For how long have I used the solution?

I have been using Tripwire IP360 for one and a half years now.

What do I think about the stability of the solution?

Tripwire IP360 is a very stable solution. The fact that it is a virtual appliance, makes it easy to update and easy to upgrade.

What do I think about the scalability of the solution?

Tripwire IP360 is easily scalable. You can deploy multiple sensors and the sensors can do the scanning. It's easy. You can deploy sensors depending on your topology or network segmentation. All will report back to the manager and update or upgrade through the manager.

How are customer service and technical support?

I am not very impressed by the technical support. One reporting problem we had took some time to be fixed, but we also had some vulnerabilities that weren't protected, which were fixed immediately. So let's say the technical support is not very good, and it is not very bad either. 

Which solution did I use previously and why did I switch?

Yes, we used Nexpose and Qualys VM previously. We changed to Tripwire IP360 because we wanted to change and see if we could detect our vulnerabilities from a different perspective.

How was the initial setup?

The initial setup was easy and straightforward and it took me around two weeks to deploy the program.

What's my experience with pricing, setup cost, and licensing?

I believe the price compares well within the market.

Which other solutions did I evaluate?

We evaluated Nessus and Rapid7 Nexpose. But we chose Tripwire due to its low rate of false positives and its prioritization abilities.

What other advice do I have?

I would advise others who are looking at getting this solution, to make sure that it can scan all types of systems they have - if it's Linux or a mainframe or if it is a switch. So, they should ensure that they can scan it. Also, if they want to have web application scanning, I wouldn't recommend this solution. This is not one of its very strong points.

So, on a scale from 1 to 10 where 1 is the worst and 10 is the best, I would put it at 7. Things that should improve, are real-time dashboards, a way to customize scanning (on custom-defined ports), more customization and more flexibility on the user side.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest