Data analytics continue to play an integral function in cybersecurity—from SIEM to advanced network-based intrusion detection (NID), today's leading solutions are heavily reliant on data science-backed, actionable threat intelligence to detect and mitigate cyber attacks. Varonis is one such vendor whose platform revolves around cybersecurity data analytics; let's see how it holds up against leading security vendor Tripwire.
2 out of 5 key Experian data breach predictions for 2017 elude to a future of sophisticated adversaries and cyber intrusions. The firm predicted the continued escalation of state-sponsored attacks from espionage to war and continued international data breaches significantly affecting multinational companies. In this grim digital landscape, what can organizations do to better protect their most critical IT assets against attackers?
Enterprises are better positioned to prevent or minimize security incidents if a layered cybersecurity framework is in place, usually combining several different technologies such as resilience monitoring, vulnerability detection/management, endpoint protection, SIEM/log analysis, and more. To this end, Tripwire focuses on FIM as the basis for its security configuration management platform, while Varonis employs user behavior analytics to power its threat protection suite.
Tripwire was founded in 1997 as an IT security software developer specializing in file monitoring and host-based intrusion detection. Today, the company offers both an Enterprise offering and a free Tripwire Open Source tool for monitoring file and configuration changes. The platform is rounded out with premium add-ons such as Tripwire IP360's for vulnerability management and Tripwire Log Center for SIEM/log intelligence.
The Tripwire UI. Source: softwareasia.com.
Tripwire Enterprise supports both Windows and *NIX and ships with out-of-the-box policies for compliance with regulations like PCI DSS and NIST, and more. More recently, the company introduced Apps for extending the platform's capabilities to support third party offerings like Splunk, Remedy, ServiceNow, Jira, and ArcSight, to name a few.
New York City-based Varonis bills itself as a security platform for protecting data against insider threats and cyberattacks. Like Tripwire, the solution looks to file state for signs of compromise, using machine learning and user behavior analytics (UBA) to detect suspicious activity and malware. Its suite of products include its Datadvantage solution for data audit and protection and Datalert for UBA.
The Varonis DatAlert interface. Source: varonis.com.
One of Varonis' specializations is insider threat detection and protection for unstructured data residing on file and email servers. Because most security incidents involve threats on the inside (e.g., the theft of documents, spreadsheets, images, videos), the software suite focuses on detecting users or computers accessing unauthorized data and/or using it inappropriately.
Side-by-Side Scoring: Tripwire vs. Varonis
1. Capability Set
Both offerings feature an array of capabilities for protecting enterprise IT assets, but each takes a different approach to security. For example, Varonis specializes in unstructured data analytics and user behavior analysis while Tripwire Enterprise relies on file and configuration monitoring for intrusion detection and threat protection. Products and add-ons are available to broaden the capabilities of each vendors' offerings (e.g., Varonis Dataprivilege and Tripwire Configuration Compliance Manager for compliance and data access governance).
2. Ease of Use
Varonis offers an intelligently-designed management console that makes the platform easy to grasp off the cuff. Tripwire Enterprise's enterprise GUI can be a challenge to work with, especially when navigating through various rule, task and report interfaces. The solution can also become unwieldy in expansive environments with a large number of nodes.
3. Community Support
Tripwire doesn't provide any forums or community portals to its users, but its open source offering has a fair amount of third-party generated tutorials and guides available on the web. In contrast, Varonis Connect is a vendor-managed platform for its online community of customers, partners, and experts. The resource features open Q&A forums, an extensive knowledgebase, channels for information exchange, and more.
4. Release Rate
Currently, Varonis Datadvantage is at version 6—a release history of Varonis products is available via its Varonis Connect community portal (secured access). Tripwire Enterprise is currently on version 8.5, and its open source version hasn't been updated since 2013.
5. Pricing and Support
Public pricing is unavailable for both products, though Varonis Datadvantage reportedly will run around $17,000, with its Data Classification Framework costing about $8,000 for 100 users. Support costs 20 percent of the purchase price, annually and is available 9-5 p.m., five days/week by email or phone. Tripwire also offers its customers paid-for support and professional services.
Both solutions are prohibitively expensive for smaller scale IT operations, and opting for components and add-ons (e.g., cloud-based monitoring, compliance management) will certainly make the solution an even costlier endeavor.
6. API and Extensibility
Varonis offers limited API access across its suite of products, but only provides a full-realized REST interface for its DatAnywhere offering. Tripwire Enterprise doesn't offer a REST API, but offers a SOAP API for access to platform capabilities such as integrity checks, change reconciliation, version promotion, and report generation.
7. 3rd Party Integrations
Varonis has several prominent technology partnerships/integrations, but its efforts here pale in comparison to Tripwire's 3rd party integrations, from change and incident management systems to SIEM solutions: ServiceNow, Splunk, and Lastline, and more. In addition, Tripwire Apps allow for connectivity with popular IT service management solutions (e.g., CMDB connectivity, service ticket automation).
8. Companies that Use It
Varonis' customers include some of the world's leading enterprises: AXA Wealth, Miramax, Grant Thornton, and Rabobank, among others. Not to be outdone, Tripwire also has an impressive list of customers—AAA, Allstate, Capital One, Chevron, PayPal, Walmart, and Sony, to name a few.
9. Learning Curve
Tripwire Enterprise is a powerful solution for monitoring files and provides a wealth of data in this capacity that can be overwhelming for learners. Set up/configuration, tuning, and policy refinement can also pose difficulties for users new to the platform. Varonis is easier to learn and get up to speed with, especially for Windows administrators and professionals.
Tripwire scored an average CSTAR Score of 684 due to website perimeter security flaws that make it prone to exploitation: server header information leakage, lack of DNSSEC/DMARC, and more. Varonis' 798 CSTAR score also reflects a series of security gaps in its website perimeter security—namely, lack of HTTP strict transport security, HttpOnly/Secure cookies, and DNSSEC.
Scoreboard and Summary
|Ease of Use|
|Pricing and Support|
|API and Extensibility|
|3rd Party Integrations|
|Companies that Use It|
|Total||3.3 out of 5||3.7 out of 5|
In short, both platforms offer competent (albeit expensive) platforms with a penchant for a specific cybersecurity function, namely, Tripwire's file monitoring and Varonis' data/file protection analytics. A comprehensive enterprise framework for cyber resilience will include these and other layers of protection, such as UpGuard's resilience platform to validate that all IT assets in your environment are configured optimally and free from vulnerabilities. Try it today, it's free for the first 10 nodes.
Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.
As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.