Current Filter: Network>>>>>Review>

   

Security holes, compromised critical systems, easily guessed passwords and leaking web sites need to be identified and a vulnerability scanner will achieve this.

With a solid track record in this field, built over decades, the Tripwire IP360 appliance provides an easily deployed, on premise or cloud solution that can scan, identify, and assess all network assets. By employing advanced analytics and a unique scoring algorithm, it identifies and prioritises critical vulnerabilities which can be immediately remediated.

Tripwire IP360 is offered as a hardware or virtual appliance: we loaded the latter onto our VMware host system in a matter of minutes. The web console is well designed and after applying a license, we downloaded the latest vulnerability database and left the appliance to update its signature files automatically. Essentially that's all there is to deployment and we could now get straight on with discovering and assessing network assets. This is also a simple process: after defining our internal network address range and providing various system credentials we could run on-demand scans at will, simply by selecting the network, a scan profile, and the appliance to run it.

A good range of predefined profiles are provided as standard, including options for web apps, deep scans, host inventories, ping and port scans, plus another for Sarbanes-Oxley (SoX). Profiles can be customised by choosing the scan features you want to activate and any bandwidth usage constraints, all then saved as a custom profile.

Vulnerability scans provide a snapshot of the networks security posture at the time they were taken, so they do need to be run regularly. The scan profiles offer a simple solution allowing us to set them to run continuously or schedule them at regular intervals.

The web console is easy to navigate and after setting up the discovery processes we moved to the Analyze section to examine what Tripwire IP360 had discovered. It didn't disappoint, and provided a treasure trove of information about discovered hosts and their vulnerabilities.

A set of predefined reports are provided, which allowed us to compare datasets from different scans, examine specific time periods and view the results from the latest scans. Each report is broken down for easy digestion with graphical summaries of vulnerabilities by host and OS, a list of all hosts, and discovered applications.

We could view all our security leaks, select one and drill down deeper for more information. From the Focus section we could search the report database using details such as an IP address, app name, specific vulnerability or even a port number to identify affected systems.

The Focus results can also be drilled into for more detail, and selecting one system displays all of its properties and a scan timeline chart offered trending scores, which helps to reduce vulnerability risk over time. There is also a full list of vulnerabilities and each is accompanied by a clear description, an impact assessment, advisories and sage advice on threat mitigation.

All reports can be saved for later use and the Respond section allows a ticketing system to be implemented for event management and problem resolution. Tripwire IP360 also provides extensive alerting facilities and it can send out emails and SNMP traps for events such as excessively high vulnerability scores.

Along with swift deployment, we were impressed with the high levels of information that Tripwire IP360 provides. Its sophisticated discovery and analysis tools look capable of plugging the security gaps other scanning solutions leave behind. NC

Product: Tripwire IP360
Supplier: Tripwire Inc.
Price: Starts at £17,367 excluding VAT
Web site: www.tripwire.com
Telephone: +44 (0)162 877 5850
Email: emea_sales@tripwire.com