Tripwire vs Qualys

September 8, 2017

Estimated Time to Read:10 minute read

In a recent report by Forbes and BMC, known vulnerabilities were cited as the leading cause of data breaches, accounting for 44 percent of security incidents. These statistics underscore the importance of proper vulnerability management; judging by the continued failure of organizations to properly patch/update their software and systems, the practice is easy in theory but hard in practice. Tripwire and Qualys are two cybersecurity vendors with a keen focus on keeping vulnerabilities in check—let's see how they stack up in this comparison. 

Layered digital defenses are a firm's best bet for thwarting cyber attacks—to this end, both Tripwire and Qualys combine several key cybersecurity technologies into comprehensive offerings for enterprise threat protection. For example, with Tripwire Enterprise and IP360, enterprises get policy management, change management and file integrity monitoring (FIM) along with vulnerability detection/protection. Similarly, Qualys' suite includes both its market leading vulnerability management solution and tools for compliance monitoring, malware detection and more. 

 

Tripwire

At its core, Tripwire Enterprise is a host-based intrusion detection system (HIDS) designed to monitor systems for file and configuration changes. The company offers a suite of tools for rounding out its platform's capabilities—for example, Tripwire IP360 and Tripwire Log Center can be implemented (at a cost) with Tripwire Enterprise for vulnerability management and log intelligence, respectively. The company also Tripwire Open Source, a free barebones version of its enterprise counterpart.

Tripwire UI
The Tripwire UI. Source: softwareasia.com.

A relatively newer offering from Tripwire are Apps for extending the platform's capabilities (e.g., to connect/update a CMDB, integrate with an SIEM, create/update service tickets). These components essentially enable Tripwire Enterprise to easily work with various third party solutions: Remedy, ServiceNow, Jira, Splunk, ArcSight, and more.

Qualys

Qualys was one of the first movers in the vulnerability management space—the company now offers a comprehensive suite of consumer/SMB-focused tools, enterprise security solutions as well as subscription-based security services. Qualys Enterprise (alternatively, the Qualys Cloud Platform)—formerly known as QualysGuard—is the company's flagship product.

qualys.pngThe QualysGuard interface. Source: qualys.com.

QualysGuard Enterprise provides a set of tools for vulnerability management, asset discovery, network security, web app security, threat protection, and compliance monitoring—all accessible under a single management console.

Side-by-Side Scoring: Tripwire vs. Qualys

1. Capability Set

Tripwire Enterprise's capabilities revolve around its robust file and configuration monitoring capabilities for intrusion detection and threat protection, with vulnerability and security risk management management are available with IP360. Qualys ThreatPROTECT is competent solution for detecting and prioritizing vulnerabilities and features a Live Threat Intelligence Feed for getting real-time security updates from experts. Additionally, QualysGuard Enterprise has strong asset management and cloud/web app security capabilities.

Tripwire score_570.png
Qualys score_570.png

2. Ease of Use

Though Tripwire Enterprise's management console is usable, moving through the various interfaces for rules, tasks and reports can get cumbersome. Users may feel overwhelmed if using it to view large environments with an expansive number of nodes. Similary, QualysGuard Enterprise's web-based interface is easy to get up to speed with but feels overmodularized due to the amount of moving, interacting parts in the solution suite.

Tripwire score_3.png
Qualys score_4.png

3. Community Support

Tripwire doesn't provide or host any product forums or community portals—despite this, its Open Source offering has a decent share of third-party generated tutorials and guides available on the web. Qualys hosts an active community website with forums, product training resources, and more.

Tripwire score_2.png
Qualys score_3.png

4. Release Rate

Tripwire Enterprise is currently on version 8.5, while its open source version hasn't been updated since 2013. Qualys' vulnerability scanner and cloud-based security platform (currently at 8.7) has also undergone regular updates over the years, despite several confusing rebranding and product consolidation efforts. QualysGuard Enterprise was recent rebundled as the Qualys Cloud platform, though the two names are apparently interchangable.

Tripwire score_570.png
Qualys score_570.png

5. Pricing and Support

Tripwire Enterprise's pricing is by any measure prohibitively expensive for non-enteprise shops and SMBs. Addition components and add-ons such as cloud-based monitoring and compliance management will make deploying the platform an even costlier endeavor. 

Available as both an on-premise and SaaS-based offering, QualysGuard Enterprise is sold on an annual subscription basis, with pricing in the past has ranging from $295 for small businesses to $1,995 for larger enterprises, depending on the number of endpoints monitored. Both vendors offer premium phone, web, and onsite support options, as well as a range of professional services to boot.

Tripwire score_2.png
Qualys

score_2.png

6. API and Extensibility

Tripwire Enterprise offers a SOAP API for accessing various platform capabilities such as integrity checks, change reconciliation, version promotion, and report generation. Qualys also offers a non-REST, XML-based interface for integrating custom applications with its security and compliance solutions.

Tripwire score_4.png
Qualys score_4.png

7. 3rd Party Integrations

Tripwire integrates with various third-party systems, from change and incident management systems to SIEM solutions: ServiceNow, Splunk, and Lastline, and more. Additionally, its Apps extend the platform to allow for CMDB connectivity and service ticket automation. Qualys also integrates with ServiceNow and Splunk, along with BMC, ForeScout, to name a few.

Tripwire score_4.png
Qualys score_4.png

8. Companies that Use It

Tripwire has been around the block a few times and has an impressive customer list to show for it. Not to be outdone, Qualys claims to have more than 60% of the Forbes Global 50 as its customers, including prominent names such as Cisco, DuPont, Microsoft, Sabre, and Sony Network Entertainment. 

Tripwire score_570.png
Qualys score_570.png

9. Learning Curve

Tripwire Enterprise users may feel overwhelmed by the amount of data presented—additionally, proper set up/configuration, tuning, and policy refinement can be a challenge to pick up. In contrast, Qualys has a somewhat flatter learning curve, mosty due to the solutions' streamlined web interfaces and detailed product documentation. 

Tripwire score_3.png
Qualys score_4.png

10. CSTAR

Tripwire scored an average CSTAR Score of 694, with various website perimeter security flaws like server header information leakage and lack of DNSSEC/DMARC making it prone to exploitation. Qualys scores higher in this category with a CSTAR Score of 882 CSTAR score, despite having similar flaws such as lack of DMARC/DNSSEC.

Tripwire

Tripwire CSTAR

Qualys

Screen Shot 2017-01-02 at 9.21.27 PM.png


Scoreboard and Summary

  Tripwire Qualys
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
CSTAR

Tripwire CSTAR

Screen Shot 2017-01-02 at 9.21.27 PM.png

Total  3.3 out of 5  4.3 out of 5 


At the end of the day, vulnerability management is just one aspect of enterprise cybersecurity and both platforms are competent in this regard. For a focus on FIM and security configuration management (SCM), Tripwire Enterprise is a safe bet. Qualys sports some impressive IT asset management capabilities that budget-minded firms will certainly find more managable from a cost perspective. And as a critical component of an enterprise's cybersecurity toolchain, UpGuard's resilience platform provides the crucial layer for validating that all IT assets in your environment are configured optimally and free from vulnerabilities. Try it today, it's free for the first 10 nodes.

 

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

Share this post:

UpGuard Inc

The world's first cyber resilience platform.

Learn More
ADP Rackspace New York Stock Exchange PayTrace Backcountry CFA Institute