Tripwire vs RedSeal

Posted by UpGuard

Tripwire vs RedSeal

To survive in today's cyber threat landscape, enterprises increasingly rely on layered defenses to smooth out attack surfaces. A variety of tools are available to cover all parts of the security continuum: security information and event management (SIEM), security configuration management (SCM), vulnerability detection, and more. Tripwire and RedSeal are two platforms that cover different, but equally important, aspects of enterprise security—let's see how they stack up in this comparison.

Increasing cyber attacks and data breaches have propelled cybersecurity into a renaissance of sorts: in response to the rising demand for more effective solutions, security vendors are taking innovative approaches to helping firms shore up enteprise security. For example, RedSeal combines network visualizations with security analytics to protect infrastructures against attacks. Other vendors like Tripwire continue to focus on traditional measures like file and configuration changes as the basis for detecting threats and securing the enterprise.

Get the Digital Resilience eBook

Tripwire

Both Tripwire Enterprise and the free Tripwire Open Source are at their core host-based intrusion detection systems that monitor for file and configuration changes. The enterprise offering includes support for Windows and *NIX, centralized management and reporting of multiple Tripwire installations, and out-of-the-box policies for compliance with regulations like PCI DSS and NIST, among others. Vulnerability management (Tripwire IP360) and log intelligence (Tripwire Log Center) are also available as paid add-ons to round out the the platform's capabilities.

Tripwire UI
The Tripwire UI. Source: softwareasia.com.

Tripwire also offers Apps to further extend the platform's capabilities. These components allow Tripwire Enterprise deployments to connect/update a CMDB, integrate with an SIEM, create/update service tickets, and more. Tools such as Remedy, ServiceNow, Jira, Splunk, and ArcSight are currently supported.

RedSeal

RedSeal was founded in 2004 as a security risk management (SRM) solutions provider and was recently relaunched to include network modeling, risk and fix prioritization, support for cloud and mobile assets, and digital resilience scoring in its offering. The solution gathers data about network devices and cloud resources to assess and rank corporate IT risks, as quantified in its RedSeal Digital Resilience Score. 

redseal.jpgThe RedSeal interface. Source: redseal.net.

The RedSeal platform uses internal network infrastructure-based cybersecurity analytics to measure an enterprise’s digital resilience. The platform also offers infrastructure modeling for visualizing corporate network topologies, end-to-end access paths, and hidden areas of the network (i.e., dark space).

Side-by-Side Scoring: Tripwire vs. RedSeal

1. Capability Set

Tripwire Enterprise relies on its robust file and configuration monitoring capabilities for intrusion detection and threat protection, with compliance features and advanced capabilities at a cost (e.g., cloud-based scanning, compliance assessment, and more). RedSeal—heavy on security analytics and network visualization for assessing risk and hardening networks—falls short when compared to Tripwire's comprehensive feature set.

Tripwire score_570.png
RedSeal score_570.png

2. Ease of Use

Tripwire Enterprise offers an enterprise GUI console for visual management—albeit, users may quickly get bogged down after moving throught the various interfaces for rules, tasks and reports. Additionally, certain screens can get unwieldy with large environments with an expansive number of nodes. In contrast, RedSeal's management consoles and reporting/visualization capabilities are easy to use and provide intuitive dashboards for presenting high-level, key decision-making information.

Tripwire score_3.png
RedSeal score_4.png

3. Community Support

Tripwire users are out of luck in this department, as the company doesn't provide or host any product forums or community portals. However, Tripwire Open Source—as a free, open source offering—has a fair amount of third-party generated tutorials and guides on the web. When it comes to Tripwire Enterprise, only white papers and case studies are available off the corporate website. RedSeal's community support resources are equally lacking, though it does host its own community website

Tripwire score_2.png
RedSeal score_3.png

4. Release Rate

Unfortunately, a full release history is unavailable for both solutions. Tripwire Enterprise is currently on version 8.5, while its open source version hasn't been updated since 2013. RedSeal's platform is currently on version 8.

 

Tripwire score_570.png
RedSeal score_570.png

5. Pricing and Support

Tripwire Enterprise's pricing is even less opaque than its release rate—notwithstanding, the solution is by any measure prohibitively expensive for non-enteprise shops and SMBs. Additionally, opting for components and add-ons such as cloud-based monitoring and compliance management will make deploying the platform a costly endeavor. Paid-for support options and professional services are available from the vendor. 

Pricing for RedSeal is based on the number of layer 3 and 2 devices in the network and runs around $1,000 per managed network device, with support and maintenance costing 20% of perpetual software licenses per year.

Tripwire score_2.png
RedSeal

score_2.png

6. API and Extensibility

Tripwire Enterprise offers a SOAP API for accessing various platform capabilities such as integrity checks, change reconciliation, version promotion, and report generation. Similarly, RedSeal offers a REST API for interacting with its platform through custom integrations.

Tripwire score_4.png
RedSeal score_4.png

7. 3rd Party Integrations

Tripwire integrates with various third-party systems, from change and incident management systems to SIEM solutions: ServiceNow, Splunk, and Lastline, and more. Additionally, its Apps extend the platform to allow for CMDB connectivity and service ticket automation. RedSeal also integrates with a myriad of 3rd party vendors, from AWS to Aruba and McAfee—not to mention Tripwire.

 

Tripwire score_4.png
RedSeal score_4.png

8. Companies that Use It

With almost two decades of enterprise security experience under its belt, Tripwire has built up an impressive customer list of many of the world's most recognizable brands and Fortune 500s. Not to be outdone, RedSeal boasts a customers list of Forbes Global 2000 corporations and government agencies.

 

Tripwire score_570.png
RedSeal score_570.png

9. Learning Curve

In the case of Tripwire Enterprise, users may feel overwhelmed by the amount of data presented—additionally, proper set up/configuration, tuning, and policy refinement can be a challenge to pick up. RedSeal's interface—though also awash in data—offer intuitive reporting and visualization features that make it easier to learn.

 

Tripwire score_3.png
RedSeal score_4.png

10. CSTAR

Tripwire scored an average CSTAR Score of 694, with various website perimeter security flaws like server header information leakage and lack of DNSSEC/DMARC making it prone to exploitation. RedSeal scores higher in this category with its 789 CSTAR score; that said, lack of HTTP strict transport security, secure cookies, and DMARC/DNSSEC could also result in compromises.

Tripwire

Tripwire CSTAR

RedSeal

RedSeal CSTAR

 

Scoreboard and Summary

  Tripwire RedSeal
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png
CSTAR

Tripwire CSTAR

RedSeal CSTAR

Total  3.3 out of 5  3.6 out of 5

In short, both solutions offer critical layers of protection for the enterprise: Tripwire focuses on configuration and file monitoring, RedSeal on security data analytics. Vigilant organizations more often combine these security mechanisms and others to fill out their continuous security toolchains—as mentioned previously, RedSeal even offers an integration with Tripwire. And as a critical component of the toolchain, UpGuard's enterprise resilience platform provides the crucial layer for validating that all IT assets in your environment are configured optimally and free from vulnerabilities. Try it today, it's free for the first 10 nodes.

Free eBooks on DevOps and Security

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

 

 

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

 

Topics: vulnerabilities, continuous security

UpGuard customers