Fortra Tripwire IP360 Reviews

We used the product for scheduled vulnerability scanning and detecting changes within our assets.

We could manage our entire IP range with the solution. We could also manage it based on specific assets. Scheduled reports and distributed reports were also valuable. We did it for our compliance requirements.

It's an enterprise-level tool. If we’re not putting it in everything, it's very expensive to maintain in terms of people and time. We need to dedicate time and resources to keep it running. It was hard to configure. We made some technology changes, and there were some technologies that we couldn’t scan with the product. So, we decided to reduce our footprint internally.

We stopped using the product in December last year.

I rate the tool’s stability a two out of ten. My administrator told me it needed constant maintenance, things failed, things had to be double-checked, and sometimes things were not working. He found it very unreliable.

Only the administrator was using the product. He used it to read reports as part of our compliance programs. It wasn't heavily used by a lot of users. The tool comes in at a large scale, and we tried to scale it down. The scaling did not apply to us. It was neither difficult nor easy.

I rate the scalability a five out of ten. We had some challenges while scaling it down. It could do 10,000 devices, and we wanted to use it for ten devices. The process was difficult and expensive. We did not need the product anymore.

We spent a lot of time with the technology support team from Fortra. When we finally got the right person, they knew what they were talking about, but it took us a lot of time to get there.

Neutral

We are using Microsoft Defender Advanced Threat Protection. We purchased it because we have a lot of Microsoft products. It is our virus protection solution. We had people in the security team who were using the advanced features already. So, we decided to use it to measure and mark compliance against vulnerabilities. We're looking for other ways to find file integrity management for the few assets that we need to do it for.

I rate the ease of setup a three out of ten.

We had to migrate to a virtual appliance, which took a year. It was unreasonable. We needed one firewall administrator, one Tripwire administrator from our organization, and professional services from Fortra to deploy the solution. The two administrators knew how the parts were interconnected.

The product was expensive for us. It was not cost-effective for how we used it to do the job. We didn't think it was worth the money.

Overall, I rate the product a six out of ten.

Tripwire IP360 helps me to discover most of the vulnerabilities. I'm specifically talking about system vulnerabilities, not application vulnerabilities. I like the way that it prioritizes these vulnerabilities, as it allows me to focus on the most important ones first and then follow up with the rest.

The most valuable features of this program are the low rate of false positives, and the ability to go deep and examine why a vulnerability was discovered, as well as how it was discovered. I believe these are the two main features that I like.

Another great feature is the ability to scan through host-based agents which provides faster, more reliable and a network-friendly way to scan. Having a scan agent installed in the target system provides faster results as hundreds of agents can run at the same time in hundreds of targets instead of scanning through the network. Network scanning requires credentials to connect to a system, has a limit of parallel scanning and creates unwanted network traffic.

I feel that the reporting should be improved - especially the way it organizes the findings. I would like to have a real-time dashboard. The previous program I used, could tell me which of my systems were vulnerable when a new definitions file was uploaded, so I knew about the new vulnerabilities before scanning the systems. An exposure index would be great in reporting. 

Another thing that needs to be fixed, is the reporting. The remediation solution for Microsoft vulnerabilities, for example, gives me the CV number and then I have to search in Microsoft to find and download the patch. Other programs give me directly the KB article with a link to download the patch related to my case.

The technical support can also be better.

I have been using Tripwire IP360 for one and a half years now.

Tripwire IP360 is a very stable solution. The fact that it is a virtual appliance, makes it easy to update and easy to upgrade.

Tripwire IP360 is easily scalable. You can deploy multiple sensors and the sensors can do the scanning. It's easy. You can deploy sensors depending on your topology or network segmentation. All will report back to the manager and update or upgrade through the manager.

I am not very impressed by the technical support. One reporting problem we had took some time to be fixed, but we also had some vulnerabilities that weren't protected, which were fixed immediately. So let's say the technical support is not very good, and it is not very bad either. 

Yes, we used Nexpose and Qualys VM previously. We changed to Tripwire IP360 because we wanted to change and see if we could detect our vulnerabilities from a different perspective.

The initial setup was easy and straightforward and it took me around two weeks to deploy the program.

I believe the price compares well within the market.

We evaluated Nessus and Rapid7 Nexpose. But we chose Tripwire due to its low rate of false positives and its prioritization abilities.

I would advise others who are looking at getting this solution, to make sure that it can scan all types of systems they have - if it's Linux or a mainframe or if it is a switch. So, they should ensure that they can scan it. Also, if they want to have web application scanning, I wouldn't recommend this solution. This is not one of its very strong points.

So, on a scale from 1 to 10 where 1 is the worst and 10 is the best, I would put it at 7. Things that should improve, are real-time dashboards, a way to customize scanning (on custom-defined ports), more customization and more flexibility on the user side.

It gives us reports on vulnerabilities.

They keep expanding what the solution is checking.

Ensures we know which vulnerabilities that we are exposed to.

We would like to have better reporting capabilities and for them to be more granular.

It seems very stable.

It seems very stable.

I haven't heard any complaints.

We did use another solution previously. We switched because we wanted something that was more robust.

The initial setup was slightly complex because there was some customization. 

We used a consultant for deployment.

It has helped increase staff productivity.

The company probably chose this solution because they thought that they would be getting the best bang for their buck.

We use it identify vulnerabilities.

We have multiple uses for this solution, we use it for breakouts and early detection. We use it much more for security rather than for compliance on policies. Then it's more about the whole infrastructure, early detection, file integrity management, and everything else.

It's become the pinnacle point for anything that enters the network or anything that's passing through to production to first be affected by IP360, hardened, and up to standard. For our integrity management, one was deployed in the bank about two years ago and that's still going to expand the usage and the product itself. That will go hand in hand with training and expanding the product as for where it's deployed. 

The most valuable feature would be the command app to control feature. It's not hugely utilized. It can go a lot further. It can be used a lot more because it can drift over into spaces from telephoning, where you have certificate expiry and it's easy with a couple of scripts to control expiry or certificates for everything else for outages with a call center solution. There are multiple areas where the product can quickly adapt by using upper command control to immediately solve a lot of issues where you don't need to look at other products.

The reporting functions can use improvement. There is room for growth because reporting functions differ a lot depending on what you're going to output. It depends on whether it's for technical or senior management and how it's interpreted. There could be growth within the reporting functionality side.

Highly stable with excellent support.

In terms of scalability, it's one of the most mature solutions. It's highly scalable and we mostly deal with large sectors like ISPs, banks, and telecommunications agencies so all of the solutions are highly scalable.

Their technical support is better than excellent. 

The initial setup is more complex than other products but absolutely the most mature one that I've dealt with. Tripwire is one of the most mature in terms of companies, suites, support, everything, much more than any other product. Deployment is dependent on organizational size so it's hard to say but it took around one to two weeks plus there will be a lot of follow up on skill transfer and training which is certainly another growth area. 

We have most definitely seen ROI. Especially in the banking sectors and, most definitely, with telecommunications as well.

It's more expensive but also more superior. I've had a lot of cases where I opted for something similar which they normally have and some other kind of products but they always fall short and it doesn't do so I know of a release of more than two different products have been deployed that have failed and are not being used anymore.

I do constant research into solutions available on the market. I've got my own battle sheets which I know the ins and outs of each product available on the market. It's different from what Gartner says because Gartner runs around with Fortune 500 and large organizations, where it's different in South Africa, in a much smaller market.

I would advise you to do your homework when considering this solution. 

I would definitely rate it a ten, it's one of the most mature solutions and is constantly evolving. 

The most valuable feature of the product is reporting on an audit after a vulnerability scan is completed, and furthermore, the details that the audit report provides.

Given the audit report, you are able to investigate how the vulnerability is triggered, along with all the other information surrounding the vulnerability.

This product detects vulnerabilities which exist in the environment, and provides enough information that allows for remediation, thereby securing the environment.

After remediation is completed, executing another scan allows us to check if the remediation has been performed properly.

For IP360, unfortunately, scans for certain vulnerabilities often cause issues, as they are mainly false positive.

For instance, scanning Microsoft OS patches often leads to false positives, since they will identify patches that are missing, yet these missing patches are often superseded by newer patches that have been applied.

There are several more recommendations I could make, too.

We have been using the solution for 11 months.

There were a few minor hiccups concerning scanners going down, but this does not happen often.

We had a scalability issue when we scheduled multiple scans to occur in a specific time frame, and there have been instances where these scheduled scans do not complete on time.

However, most of the time, the scheduled scans complete on time.

Technical support was hardly required for IP360.

I have not previously used a different solution.

I did not do any initial setup, as it was already prepared.

I cannot advise others on this issue.

I did not make any evaluation on what products to use.

This tool is only great for reviewing identified vulnerabilities and verifying remediation, but not vulnerability tracking or reporting.

It’s most valuable feature is the ability to schedule and run vulnerability scans as needed.

It has enhanced the security program by ensuring that all external-facing systems are scanned on a routine basis.

There are inconsistencies in some of the vulnerability findings when compared to similar tools. For example, a recent scan didn’t turn up any vulnerabilities related to SSL but when I used another tool, it found those vulnerabilities, which after some investigating were valid.

I have used it for 2.5 years.

I have not encountered any stability issues.

I have not encountered any scalability issues.

Tripwire’s technical support has always been excellent.

I did not previously use a different solution, but next year I will be switching to a different cloud-based, security-as-a-service solution.

It is a cloud-based tool, so there wasn’t anything to configure.

The pricing is definitely the most affordable in the market.

I evaluated similar products from BeyondTrust and Qualys.

If you are looking for affordability, this is a great deal. If you are looking for better reporting capabilities and vulnerability tracking over time for remediation purposes, then this is not the best solution.

My rating reflects the product being used purely for PCI ASV scans. If used for perimeter-only scanning, I would rate this tool lower.