In a recent report by Forbes and BMC, known vulnerabilities were cited as the leading cause of data breaches, accounting for 44 percent of security incidents. These statistics underscore the importance of proper vulnerability management; judging by the continued failure of organizations to properly patch/update their software and systems, the practice is easy in theory but hard in practice. Tripwire and Qualys are two cybersecurity vendors with a keen focus on keeping vulnerabilities in check—let's see how they stack up in this comparison.
Layered digital defenses are a firm's best bet for thwarting cyber attacks—to this end, both Tripwire and Qualys combine several key cybersecurity technologies into comprehensive offerings for enterprise threat protection. For example, with Tripwire Enterprise and IP360, enterprises get policy management, change management and file integrity monitoring (FIM) along with vulnerability detection/protection. Similarly, Qualys' suite includes both its market leading vulnerability management solution and tools for compliance monitoring, malware detection and more.
At its core, Tripwire Enterprise is a host-based intrusion detection system (HIDS) designed to monitor systems for file and configuration changes. The company offers a suite of tools for rounding out its platform's capabilities—for example, Tripwire IP360 and Tripwire Log Center can be implemented (at a cost) with Tripwire Enterprise for vulnerability management and log intelligence, respectively. The company also Tripwire Open Source, a free barebones version of its enterprise counterpart.
The Tripwire UI. Source: softwareasia.com.
A relatively newer offering from Tripwire are Apps for extending the platform's capabilities (e.g., to connect/update a CMDB, integrate with an SIEM, create/update service tickets). These components essentially enable Tripwire Enterprise to easily work with various third party solutions: Remedy, ServiceNow, Jira, Splunk, ArcSight, and more.
Qualys was one of the first movers in the vulnerability management space—the company now offers a comprehensive suite of consumer/SMB-focused tools, enterprise security solutions as well as subscription-based security services. Qualys Enterprise (alternatively, the Qualys Cloud Platform)—formerly known as QualysGuard—is the company's flagship product.
The QualysGuard interface. Source: qualys.com.
QualysGuard Enterprise provides a set of tools for vulnerability management, asset discovery, network security, web app security, threat protection, and compliance monitoring—all accessible under a single management console.
Side-by-Side Scoring: Tripwire vs. Qualys
1. Capability Set
Tripwire Enterprise's capabilities revolve around its robust file and configuration monitoring capabilities for intrusion detection and threat protection, with vulnerability and security risk management management are available with IP360. Qualys ThreatPROTECT is competent solution for detecting and prioritizing vulnerabilities and features a Live Threat Intelligence Feed for getting real-time security updates from experts. Additionally, QualysGuard Enterprise has strong asset management and cloud/web app security capabilities.
2. Ease of Use
Though Tripwire Enterprise's management console is usable, moving through the various interfaces for rules, tasks and reports can get cumbersome. Users may feel overwhelmed if using it to view large environments with an expansive number of nodes. Similary, QualysGuard Enterprise's web-based interface is easy to get up to speed with but feels overmodularized due to the amount of moving, interacting parts in the solution suite.
3. Community Support
Tripwire doesn't provide or host any product forums or community portals—despite this, its Open Source offering has a decent share of third-party generated tutorials and guides available on the web. Qualys hosts an active community website with forums, product training resources, and more.
4. Release Rate
Tripwire Enterprise is currently on version 8.5, while its open source version hasn't been updated since 2013. Qualys' vulnerability scanner and cloud-based security platform (currently at 8.7) has also undergone regular updates over the years, despite several confusing rebranding and product consolidation efforts. QualysGuard Enterprise was recent rebundled as the Qualys Cloud platform, though the two names are apparently interchangable.
5. Pricing and Support
Tripwire Enterprise's pricing is by any measure prohibitively expensive for non-enteprise shops and SMBs. Addition components and add-ons such as cloud-based monitoring and compliance management will make deploying the platform an even costlier endeavor.
Available as both an on-premise and SaaS-based offering, QualysGuard Enterprise is sold on an annual subscription basis, with pricing in the past has ranging from $295 for small businesses to $1,995 for larger enterprises, depending on the number of endpoints monitored. Both vendors offer premium phone, web, and onsite support options, as well as a range of professional services to boot.
6. API and Extensibility
Tripwire Enterprise offers a SOAP API for accessing various platform capabilities such as integrity checks, change reconciliation, version promotion, and report generation. Qualys also offers a non-REST, XML-based interface for integrating custom applications with its security and compliance solutions.
7. 3rd Party Integrations
Tripwire integrates with various third-party systems, from change and incident management systems to SIEM solutions: ServiceNow, Splunk, and Lastline, and more. Additionally, its Apps extend the platform to allow for CMDB connectivity and service ticket automation. Qualys also integrates with ServiceNow and Splunk, along with BMC, ForeScout, to name a few.
8. Companies that Use It
Tripwire has been around the block a few times and has an impressive customer list to show for it. Not to be outdone, Qualys claims to have more than 60% of the Forbes Global 50 as its customers, including prominent names such as Cisco, DuPont, Microsoft, Sabre, and Sony Network Entertainment.
9. Learning Curve
Tripwire Enterprise users may feel overwhelmed by the amount of data presented—additionally, proper set up/configuration, tuning, and policy refinement can be a challenge to pick up. In contrast, Qualys has a somewhat flatter learning curve, mosty due to the solutions' streamlined web interfaces and detailed product documentation.
Tripwire scored an average CSTAR Score of 694, with various website perimeter security flaws like server header information leakage and lack of DNSSEC/DMARC making it prone to exploitation. Qualys scores higher in this category with a CSTAR Score of 882 CSTAR score, despite having similar flaws such as lack of DMARC/DNSSEC.
Scoreboard and Summary
|Ease of Use|
|Pricing and Support|
|API and Extensibility|
|3rd Party Integrations|
|Companies that Use It|
|Total||3.3 out of 5||4.3 out of 5|
At the end of the day, vulnerability management is just one aspect of enterprise cybersecurity and both platforms are competent in this regard. For a focus on FIM and security configuration management (SCM), Tripwire Enterprise is a safe bet. Qualys sports some impressive IT asset management capabilities that budget-minded firms will certainly find more managable from a cost perspective. And as a critical component of an enterprise's cybersecurity toolchain, UpGuard's resilience platform provides the crucial layer for validating that all IT assets in your environment are configured optimally and free from vulnerabilities. Try it today, it's free for the first 10 nodes.
Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.
As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.