To survive in today's cyber threat landscape, enterprises increasingly rely on layered defenses to smooth out attack surfaces. A variety of tools are available to cover all parts of the security continuum: security information and event management (SIEM), security configuration management (SCM), vulnerability detection, and more. Tripwire and RedSeal are two platforms that cover different, but equally important, aspects of enterprise security—let's see how they stack up in this comparison.
Increasing cyber attacks and data breaches have propelled cybersecurity into a renaissance of sorts: in response to the rising demand for more effective solutions, security vendors are taking innovative approaches to helping firms shore up enteprise security. For example, RedSeal combines network visualizations with security analytics to protect infrastructures against attacks. Other vendors like Tripwire continue to focus on traditional measures like file and configuration changes as the basis for detecting threats and securing the enterprise.
Both Tripwire Enterprise and the free Tripwire Open Source are at their core host-based intrusion detection systems that monitor for file and configuration changes. The enterprise offering includes support for Windows and *NIX, centralized management and reporting of multiple Tripwire installations, and out-of-the-box policies for compliance with regulations like PCI DSS and NIST, among others. Vulnerability management (Tripwire IP360) and log intelligence (Tripwire Log Center) are also available as paid add-ons to round out the the platform's capabilities.
The Tripwire UI. Source: softwareasia.com.
Tripwire also offers Apps to further extend the platform's capabilities. These components allow Tripwire Enterprise deployments to connect/update a CMDB, integrate with an SIEM, create/update service tickets, and more. Tools such as Remedy, ServiceNow, Jira, Splunk, and ArcSight are currently supported.
RedSeal was founded in 2004 as a security risk management (SRM) solutions provider and was recently relaunched to include network modeling, risk and fix prioritization, support for cloud and mobile assets, and digital resilience scoring in its offering. The solution gathers data about network devices and cloud resources to assess and rank corporate IT risks, as quantified in its RedSeal Digital Resilience Score.
The RedSeal interface. Source: redseal.net.
The RedSeal platform uses internal network infrastructure-based cybersecurity analytics to measure an enterprise’s digital resilience. The platform also offers infrastructure modeling for visualizing corporate network topologies, end-to-end access paths, and hidden areas of the network (i.e., dark space).
Side-by-Side Scoring: Tripwire vs. RedSeal
1. Capability Set
Tripwire Enterprise relies on its robust file and configuration monitoring capabilities for intrusion detection and threat protection, with compliance features and advanced capabilities at a cost (e.g., cloud-based scanning, compliance assessment, and more). RedSeal—heavy on security analytics and network visualization for assessing risk and hardening networks—falls short when compared to Tripwire's comprehensive feature set.
2. Ease of Use
Tripwire Enterprise offers an enterprise GUI console for visual management—albeit, users may quickly get bogged down after moving throught the various interfaces for rules, tasks and reports. Additionally, certain screens can get unwieldy with large environments with an expansive number of nodes. In contrast, RedSeal's management consoles and reporting/visualization capabilities are easy to use and provide intuitive dashboards for presenting high-level, key decision-making information.
3. Community Support
Tripwire users are out of luck in this department, as the company doesn't provide or host any product forums or community portals. However, Tripwire Open Source—as a free, open source offering—has a fair amount of third-party generated tutorials and guides on the web. When it comes to Tripwire Enterprise, only white papers and case studies are available off the corporate website. RedSeal's community support resources are equally lacking, though it does host its own community website.
4. Release Rate
Unfortunately, a full release history is unavailable for both solutions. Tripwire Enterprise is currently on version 8.5, while its open source version hasn't been updated since 2013. RedSeal's platform is currently on version 8.
5. Pricing and Support
Tripwire Enterprise's pricing is even less opaque than its release rate—notwithstanding, the solution is by any measure prohibitively expensive for non-enteprise shops and SMBs. Additionally, opting for components and add-ons such as cloud-based monitoring and compliance management will make deploying the platform a costly endeavor. Paid-for support options and professional services are available from the vendor.
Pricing for RedSeal is based on the number of layer 3 and 2 devices in the network and runs around $1,000 per managed network device, with support and maintenance costing 20% of perpetual software licenses per year.
6. API and Extensibility
Tripwire Enterprise offers a SOAP API for accessing various platform capabilities such as integrity checks, change reconciliation, version promotion, and report generation. Similarly, RedSeal offers a REST API for interacting with its platform through custom integrations.
7. 3rd Party Integrations
Tripwire integrates with various third-party systems, from change and incident management systems to SIEM solutions: ServiceNow, Splunk, and Lastline, and more. Additionally, its Apps extend the platform to allow for CMDB connectivity and service ticket automation. RedSeal also integrates with a myriad of 3rd party vendors, from AWS to Aruba and McAfee—not to mention Tripwire.
8. Companies that Use It
With almost two decades of enterprise security experience under its belt, Tripwire has built up an impressive customer list of many of the world's most recognizable brands and Fortune 500s. Not to be outdone, RedSeal boasts a customers list of Forbes Global 2000 corporations and government agencies.
9. Learning Curve
In the case of Tripwire Enterprise, users may feel overwhelmed by the amount of data presented—additionally, proper set up/configuration, tuning, and policy refinement can be a challenge to pick up. RedSeal's interface—though also awash in data—offer intuitive reporting and visualization features that make it easier to learn.
Tripwire scored an average CSTAR Score of 694, with various website perimeter security flaws like server header information leakage and lack of DNSSEC/DMARC making it prone to exploitation. RedSeal scores higher in this category with its 789 CSTAR score; that said, lack of HTTP strict transport security, secure cookies, and DMARC/DNSSEC could also result in compromises.
Scoreboard and Summary
|Ease of Use|
|Pricing and Support|
|API and Extensibility|
|3rd Party Integrations|
|Companies that Use It|
|Total||3.3 out of 5||3.6 out of 5|
In short, both solutions offer critical layers of protection for the enterprise: Tripwire focuses on configuration and file monitoring, RedSeal on security data analytics. Vigilant organizations more often combine these security mechanisms and others to fill out their continuous security toolchains—as mentioned previously, RedSeal even offers an integration with Tripwire. And as a critical component of the toolchain, UpGuard's enterprise resilience platform provides the crucial layer for validating that all IT assets in your environment are configured optimally and free from vulnerabilities. Try it today, it's free for the first 10 nodes.
Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.
As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.