Tripwire's IP360 solution is offered in either a virtual or physical appliance, which is common within the vulnerability management space. Tripwire sent us their IP360 virtual appliance which included robust documentation that was easy to follow. The virtual appliance required some configuration after we turned the virtual machine on, which was outlined in the QuickStart guide. Since we had to configure the appliance using Tripwire's custom CLI commands, we referenced Tripwire's CLI guide a few times. So, if you have little experience using a CLI environment, you should be able to complete the configuration in a short amount of time.
After we set up the virtual appliance and verified its connection, we logged into the IP360 management interface via standard web browser. IP360 management is controlled by their vulnerability and exposures manager (VnE manager). Profiling of assets is handled with their device profiler appliances which every VnE manager appliance features a built-in device profiler such as the virtual appliance we were given. The device profiler simplifies deployments and allows ease of use, which still allows for scale to the largest of deployments.
IP360's main dashboard is clean and modern looking, with a few widgets that you can modify to fit your liking. This is a nice feature as it eliminates the need to navigate away from the dashboard and drilling down into multiple menus. In the main dashboard, you can create networks, schedule scanning, and browse your recent scanning activity, as well as running previous scans. The main dashboard only offers basic settings, which is sufficient for setting up a new scan profile or scheduling a scan for instance. Further customization and granularity can be found in the section labeled legacy UI, located in the top right corner nestled with notifications, help, and settings. The legacy UI section gives you greater control and deeper configuration settings than the default UI dashboard. Although we would have liked to see everything in one dashboard, it almost looks as Tripwire is in the process of migrating from their legacy UI to their newer, more modern UI. This scheme seemed rather out of place, as most other products we have used previously have one consistent UI instead of multiple dashboards with a completely different look and feel to them.
Despite the two different user interfaces, running scans and reports ran as expected, as well as being intuitive. After running a scan, you can open the report which is organized by tabs; the graphs seem outdated, but the data is presented logically and very easy to read. There are several categories separated by tabs. For instance, the vulnerability tab displays all the vulnerabilities found including the common vulnerabilities and exposures (CVE). You can also see how many hosts are exposed to the vulnerability, and the corresponding vulnerability score which is displayed as green and red numbers to indicate the criticality.
Most Tripwire IP360 customers can receive a customized web demonstration and additional support from a Tripwire system engineer during the initial setup process. The additional support option is great for organizations that are low on resources or want IP360 to be set up quickly and efficiently. For an additional fee, Tripwire offers a handful of customer support services. These services range from your own designated technical account manager, onsite services, classroom training, and even personalized support from Tripwire. Pricing starts at $5,811 annually which includes 128 IPs, and perpetual pricing is also available. Tripwire IP360 includes enterprise premium support with 24x7x365 access.
- Michael Diehl with Dan Cure;
tested by Matt Hreben