Here we look at the key points to consider when choosing a Tripwire alternative.
1. Why look for an alternative to Tripwire?
Tripwire has a superb pedigree and has been used by most organizations at one time or another. The core Tripwire Enterprise product has benefitted from years of development to make it a hugely competent and comprehensive tool for assessing and tracking configuration settings across enterprise-class IT estates.
However, as with many mature software products, there is a risk that what was intended as a comprehensive product, often ends up as quite a complex one and the main complaints tend to be:-
- Difficult to set up properly
- Hard to stay on top of the alerts
- Support can be tricky in terms of getting to the right people
2. File Integrity Monitoring for System Files
One of the core functions of Tripwire is file-integrity monitoring for securing data and your IT infrastructure. Therefore the key requirement when investigating an alternative product is how well file integrity requirements are catered for.
The state of the art in FIM for system files now delivers real-time file change detection for Windows and Linux or UNIX, and identifies who made the change, detailing the account name and process used to make changes, crucial for forensically investigating security breaches.
3. FIM for System Files #2
In order to detect potentially significant changes to system files and protect systems from malware, it is essential to not just simply run a comparison of the file system once per day as has traditionally been the approach. For each file, a complete inventory of file attributes must be collected, including a Secure Hash. This way, even if a Trojan is introduced to the file system, this can be detected. The 'Modern Malware' APT or Advanced Persistent Threat approach to hacking now requires a forensic level real-time file integrity monitoring solution.
4. File Integrity for Configuration Files on Network Devices
Scripting an agentless SSH script for a new firewall or router in Tripwire can be a painstaking task but it will be vital to ensure your alternative solution allows tracking of configuration changes to firewalls, routers and switches. The best alternative options provide interactive,' what you see is what you get' script development utilities - if you can log onto a device and list its config, then you can automate this.
5. Device Hardening Audit Reports
One of the big strengths of Tripwire is the range and breadth of configuration assessment reports provided. Alternatives to Tripwire now provide similar reports for UNIX, Linux, Windows and Network Devices. Checklists of secure configuration best practices are available from sources such as NIST and these can be adopted and extended to provide tailored Secure Configuration Policy for your systems.
6. Agentless UNIX and Linux Configuration Change Tracking
The original Tripwire concept was to take a snapshot of all significant UNIX config files and then run a comparison 24 hours later. Good alternatives exist which provide similar checklists of all significant files to track, delivered in a template format so they are easy to set-up.
7. Windows Registry Keys and Values
Given the critical nature of the Windows Registry, tracking changes to keys and values is vital to maintain a secure configuration. A typical registry hive may comprise hundreds of thousands of items so the tracking of changes is best achieved using a local agent. A local agent reduces load on the network and the server and provides further advantages that all changes can be detected unlike a polled approach which always allows the opportunity for interim changes to be missed.
8. Windows Local Security Policy
Similarly to the Registry, the Local Security Policy is a critical element of the Operating System for governing system security. Tripwire alternatives are available that can provide Registry, Local Security Policy, Installed Software, Local User Accounts and filesystem integrity monitoring.
9. Scheduled File Integrity Reports
As well as Hardening Reports it will be necessary to ensure that any Tripwire alternative provides scheduled File Integrity reports. The traditional Tripwire approach is to deliver a daily report summarizing all file changes on systems being monitored. The best alternative solutions use real-time FIM change detection and therefore all filechanges are detected, some of which may be missed if a simple once daily poll is used.
10. Value for Money - Reduce License Fees, Support Fees and Cost of Ownership
With any switch from one solution to another, there will be a range of costs to assess. The best alternatives to Tripwire will reduce your cost of ownership significantly to more than outweigh any license fees and costs associated with the migration to the new solution. You should take into consideration the costs of implementation, training and acclimatization to the new system. However, since Tripwire is such a comprehensive system this comes with an associated complexity of set-up and management that will be greatly reduced with a contemporary alternative.
“NNT offered us a solution and price that was hard to ignore. The combination of excellent software and their super support has allowed us to implement a solution that saves us thousands of dollars in annual running costs compared to the previous system we had in place”
Don Bromley, Systems Manager, Universal Studios
“We were able to narrow our shortlist down to two vendors, Tripwire and NNT. Tripwire were already known to us but NNT were a relative newcomer, one we came across via a Google search, and I can honestly say we have never looked back.”
David McKnight, Director of Data and Network Security