When it comes to compliance, passing audits means providing adequate documentation that you've taken the necessary steps to secure your environment. Sometimes creating this documentation can be just as difficult as enacting the security measures themselves, so software solutions exist that are supposed to streamline the compliance documentation process and make it easy for both companies and auditors to determine compliance. Tripwire offers a compliance solution with their suite of products, while Industrial Defender, now owned by defense contractor Lockheed Martin, offers their Automated Systems Manager (ASM) product.
You can't really call yourself a compliance solution unless you can check the boxes off in an audit. So comparing compliance solutions really comes down to how they check the boxes and whether the effort put in to compliance documentation can have any additional value outside of auditing. We'll take a look at what Tripwire products are required for compliance, as well as what Industrial Defender has to offer.
Tripwire has been around for some time and made their name in the compliance game by offering one of the earliest File Integrity Monitoring (FIM) solutions. Now they've expanded their compliance offering to PCI, HIPAA, and SOX, among others. According to their site, they offer FIM, asset inventory, vulnerability and configuration assessement and log management.
Tripwire Enterprise Console
Cybersecurity firm Industrial Defender was purchased by Lockheed Martin in 2014. Lockheed has continued offering Industrial Defender as a compliance solution as part of the cybersecurity branch of their multifaceted corporation. Using their integral relationship with the government, Lockheed is focusing their compliance on infrastructure controls and security, such as NERC standards.
Industrial Defender Interface
Side-by-Side Scoring: Tripwire vs. Industrial
1. Capability Set
Both Tripwire and Industrial Defender offer large feature sets in an attempt to cover the bases for multiple compliance standards. Lockheed touts automation as a strong suit for their Industrial Defender ASM product, but mostly it's the data gathering and reporting that is "automated," not actual remediation. Tripwire's feature set is large, but it requires multiple products (360, Enterprise and Log Center) to cover many of the standards.
2. Ease of Use
Unfortunately, despite their feature sets, neither Tripwire nor Industrial Defender is particularly easy to use. Tripwire's reputation for complexity follows them into compliance and the initial roll out (especially for non-Tripwire customers) of the necessary architecture can be cumbersome and involved. Industrial Defender has a similar but slightly less difficult implementation and its interface is similar to Tripwire's (see above), lacking some of the slickness expected of modern applications.
Ease of Use
3. Community Support
If you come from the open source world, you'll be disappointed with the community support available for both of these products. There's little available to non-customers looking to learn more, and while Tripwire at least has a customer portal where there might be a knowledge base or FAQ, but neither has the kind of crowdsourced troubleshooting or product discussion as one might find with other software. Both companies offer professional services as part of their package, so companies looking to utilize their software should prepare for additional support expenses when attempting compliance.
4. Release Rate
As enterprise closed-source products, both Tripwire and Lockheed play their cards close to the chest regarding their release cycle, but release is releatively slow, especially in a DevOps world, with Lockheed's major version updates making news.
5. Pricing and Support
Compliance is both mandatory and a niche market, so prices for solutions can be steep, especially from large companies like Tripwire and Lockheed. Expect a low to mid five figure quote, minimum, for both of these products. Keep in mind that Tripwire's compliance solution requires multiple Tripwire products, each of which is licensed separately. And as mentioned above, professional services come at an additional cost and for complex integrations could be a necessity. In the past, companies have weighed the cost of compliance with the cost of non-compliance to determine which course would best serve the business. Making compliance expensive, even if it makes it easier, does little to move organizations to a more secure environment.
Pricing and Support
6. API and Extensibility
Tripwire offers a SOAP API for programmability and tie-ins with other solutions. Industrial Defender has an API as well, though little information about it is available. API use of both products seems to be secondary to GUI based management.
API and Extensibility
7. 3rd Party Integrations
Tripwire does offer integration to some degree, through the previously mentioned API. On the professional services portion of their site, Tripwire claims to "integrate with numerous third-party systems, from change and incident management systems to SIEM solutions." Lockheed has not advertised what kind of integrations customers can expect, but it's reasonable to expect that they can provide the same type of custom integration programming as Tripwire-- likely with the same type of price tag.
3rd Party Integrations
8. Companies that Use It
Tripwire's early appearance in the compliance field and their reputation as the de facto solution have earned them a huge customer base. According to their website, over half the companies on the Fortune 500 are Tripwire customers. Industrial Defender is a bit more difficult to gauge, as Lockheed is unsurprisingly secretive about which of their customers use which products, but needless to say Lockheed Martin is a multibillion dollar enterprise and their customer list likely reflects this.
Companies that Use It
9. Learning Curve
Anything with the complexity of compliance auditing is going to have some learning curve. Tripwire's products are notoriously complicated, often offering a deluge of data with major tweaking required to make it usable. With interfaces more like traditional thick clients and less like the streamlined webapps of today, neither Industrial Defender nor Tripwire has truly conquered the learning curve or ease of use problem. Organizations will require experts in these products, with previous experience and receiving regular training on both the standards and the software.
10. CSTAR Score
UpGuard's external risk grader measures a site's external resiliency by testing security mechanisms such as SSL and SPF, and analyzing business data such as breach history, CEO and company approval, and industry averages. Tripwire recently improved their score from a 542 and are currently doing well at 779. Surpisingly, Lockheed's site has relatively poor security, lacking sitewide SSL on their website and SPF and DMARC for their email, troubling for a (cyber-) security corporation. Learn more about CSTAR here.
Scoreboard and Summary
|Ease of Use|
|Pricing and Support|
|API and Extensibility|
|3rd Party Integrations|
|Companies that Use It|
|Total||3.2 out of 5||2.7 out of 5|
In the end, both Tripwire and Industrial Defender are traditional compliance products with complex features, legacy interfaces, little public documentation and big price tags. Additionally, standards are constantly updated, which means hardcoded compliance software will need to be updated to support the newest versions-- that is, after the software developers understand the changes and standard mappings and recode the project. UpGuard offers a new kind of compliance solution: total environment visibility in a single pane, an intuitive graphical interface with simple visualizations, a powerful and easy to use search engine, and adapable change tracking policies, all at a fraction of the cost of traditional compliance solutions. Your first 10 nodes are free to try for yourself, or you can request a demo and our team will show you why UpGuard is different from other compliance software.
Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.
As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.