Tripwire vs Varonis

By UpGuard on December 13, 2016

Filed under: security, vulnerabilities, tripwire, continuous security, Varonis

Tripwire vs Varonis

Data analytics continue to play an integral function in cybersecurity—from SIEM to advanced network-based intrusion detection (NID), today's leading solutions are heavily reliant on data science-backed, actionable threat intelligence to detect and mitigate cyber attacks. Varonis is one such vendor whose platform revolves around cybersecurity data analytics; let's see how it holds up against leading security vendor Tripwire.

2 out of 5 key Experian data breach predictions for 2017 elude to a future of sophisticated adversaries and cyber intrusions. The firm predicted the continued escalation of state-sponsored attacks from espionage to war and continued international data breaches significantly affecting multinational companies. In this grim digital landscape, what can organizations do to better protect their most critical IT assets against attackers?

Get the Digital Resilience eBook

Enterprises are better positioned to prevent or minimize security incidents if a layered cybersecurity framework is in place, usually combining several different technologies such as resilience monitoring, vulnerability detection/management, endpoint protection, SIEM/log analysis, and more. To this end, Tripwire focuses on FIM as the basis for its security configuration management platform, while Varonis employs user behavior analytics to power its threat protection suite. 


Tripwire was founded in 1997 as an IT security software developer specializing in file monitoring and host-based intrusion detection. Today, the company offers both an Enterprise offering and a free Tripwire Open Source tool for monitoring file and configuration changes. The platform is rounded out with premium add-ons such as  Tripwire IP360's for vulnerability management and Tripwire Log Center for SIEM/log intelligence.

Tripwire UI

The Tripwire UI. Source:

Tripwire Enterprise supports both Windows and *NIX and ships with out-of-the-box policies for compliance with regulations like PCI DSS and NIST, and more. More recently, the company introduced Apps for extending the platform's capabilities to support third party offerings like Splunk, Remedy, ServiceNow, Jira, and ArcSight, to name a few.


New York City-based Varonis bills itself as a security platform for protecting data against insider threats and cyberattacks. Like Tripwire, the solution looks to file state for signs of compromise, using machine learning and user behavior analytics (UBA) to detect suspicious activity and malware. Its suite of products include its Datadvantage solution for data audit and protection and Datalert for UBA.

Varonis UIThe Varonis DatAlert interface. Source:

One of Varonis' specializations is insider threat detection and protection for unstructured data residing on file and email servers. Because most security incidents involve threats on the inside (e.g., the theft of documents, spreadsheets, images, videos), the software suite focuses on detecting users or computers accessing unauthorized data and/or using it inappropriately. 

Side-by-Side Scoring: Tripwire vs. Varonis

1. Capability Set

Both offerings feature an array of capabilities for protecting enterprise IT assets, but each takes a different approach to security. For example, Varonis specializes in unstructured data analytics and user behavior analysis while Tripwire Enterprise relies on file and configuration monitoring for intrusion detection and threat protection. Products and add-ons are available to broaden the capabilities of each vendors' offerings (e.g.,  Varonis Dataprivilege and Tripwire Configuration Compliance Manager for compliance and data access governance).


Tripwire score_570.png
Varonis score_570.png

2. Ease of Use

Varonis offers an intelligently-designed management console that makes the platform easy to grasp off the cuff. Tripwire Enterprise's enterprise GUI can be a challenge to work with, especially when navigating through various rule, task and report interfaces. The solution can also become unwieldy in expansive environments with a large number of nodes.


Tripwire score_3.png
Varonis score_4.png

3. Community Support

Tripwire doesn't provide any forums or community portals to its users, but its open source offering has a fair amount of third-party generated tutorials and guides available on the web. In contrast, Varonis Connect is a vendor-managed platform for its online community of customers, partners, and experts. The resource features open Q&A forums, an extensive knowledgebase, channels for information exchange, and more.


Tripwire score_2.png
Varonis score_4.png

4. Release Rate

Currently, Varonis Datadvantage is at version 6—a release history of Varonis products is available via its Varonis Connect community portal (secured access). Tripwire Enterprise is currently on version 8.5, and its open source version hasn't been updated since 2013. 


Tripwire score_570.png
Varonis score_570.png

5. Pricing and Support

Public pricing is unavailable for both products, though Varonis Datadvantage reportedly will run around $17,000, with its Data Classification Framework costing about $8,000 for 100 users. Support costs 20 percent of the purchase price, annually and is available 9-5 p.m., five days/week by email or phone. Tripwire also offers its customers paid-for support and professional services. 

Both solutions are prohibitively expensive for smaller scale IT operations, and opting for components and add-ons (e.g., cloud-based monitoring, compliance management) will certainly make the solution an even costlier endeavor. 


Tripwire score_2.png


6. API and Extensibility

Varonis offers limited API access across its suite of products, but only provides a full-realized REST interface for its DatAnywhere offering. Tripwire Enterprise doesn't offer a REST API, but offers a SOAP API for access to platform capabilities such as integrity checks, change reconciliation, version promotion, and report generation. 


Tripwire score_4.png
Varonis score_4.png

7. 3rd Party Integrations

Varonis has several prominent technology partnerships/integrations, but its efforts here pale in comparison to Tripwire's 3rd party integrations, from change and incident management systems to SIEM solutions: ServiceNow, Splunk, and Lastline, and more. In addition, Tripwire Apps allow for connectivity with popular IT service management solutions (e.g., CMDB connectivity, service ticket automation).


Tripwire score_4.png
Varonis score_3.png

8. Companies that Use It

Varonis' customers include some of the world's leading enterprises: AXA Wealth, Miramax, Grant Thornton, and Rabobank, among others. Not to be outdone, Tripwire also has an impressive list of customers—AAA, Allstate, Capital One, Chevron, PayPal, Walmart, and Sony, to name a few.


Tripwire score_570.png
Varonis score_570.png

9. Learning Curve

Tripwire Enterprise is a powerful solution for monitoring files and provides a wealth of data in this capacity that can be overwhelming for learners. Set up/configuration, tuning, and policy refinement can also pose difficulties for users new to the platform. Varonis is easier to learn and get up to speed with, especially for Windows administrators and professionals.  

Tripwire score_3.png
Varonis score_4.png


Tripwire scored an average CSTAR Score of 684 due to website perimeter security flaws that make it prone to exploitation: server header information leakage, lack of DNSSEC/DMARC, and more. Varonis' 798 CSTAR score also reflects a series of security gaps in its website perimeter security—namely, lack of HTTP strict transport security, HttpOnly/Secure cookies, and DNSSEC.



Tripwire CSTAR


Screen Shot 2016-12-14 at 9.29.01 PM.png

Scoreboard and Summary

  Tripwire Varonis
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png

Tripwire CSTAR

Screen Shot 2016-12-14 at 9.29.01 PM.png

Total  3.3 out of 5  3.7 out of 5

In short, both platforms offer competent (albeit expensive) platforms with a penchant for a specific cybersecurity function, namely, Tripwire's file monitoring  and Varonis' data/file protection analytics. A comprehensive enterprise framework for cyber resilience will include these and other layers of protection, such as UpGuard's resilience platform to validate that all IT assets in your environment are configured optimally and free from vulnerabilities. Try it today, it's free for the first 10 nodes.

Free eBooks on DevOps and Security

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.



Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 


The World's First Cyber Resilience Platform

Whether your infrastructure is traditional, virtualized, or totally in the cloud, UpGuard provides the crucial visibility and validation necessary to ensure that IT environments are secured and optimized for consistent, quality software and services delivery.

See how it works at