Vulnerability & Risk Management
Tripwire IP360, the world's leading vulnerability and risk management solution, has enabled thousands of enterprises and government agencies to cost-effectively measure and manage their security risk. Using agentless technology, Tripwire IP360 has set the industry standard for depth and breadth of discovery and coverage. It comprehensively profiles all networked devices and includes up-to-date coverage of the latest operating systems, applications, and vulnerabilities, providing the ideal foundation for assessing every system on the network. Tripwire IP360’s agentless architecture is designed for rapid deployment and ease of management across large, globally-distributed networks.
The Tripwire IP360 vulnerability and risk management solution delivers:
- Comprehensive, agentless discovery and profiling of all network assets
- Enterprise scalability, ease of deployment and operational effectiveness
- Integrated web application scanning to identify security risk in web applications
- Flexible reporting across all levels of the enterprise
Application Inventory and Assessment
Tripwire IP360 discovers all networked hosts, applications, services, vulnerabilities, and configurations providing a comprehensive view of your network and building the foundation for effective risk management and compliance processes. Only Tripwire IP360 provides host and network profiling through an agentless, non-intrusive, and low bandwidth solution.
Security Risk Prioritization
Tripwire IP360 discovers a wealth of data about the hosts that reside on your network, but rather than provide that data in an endless list like traditional solutions, Tripwire IP360 prioritizes remediation tasks, enabling users to focus on the items that will most effectively reduce risk on critical systems. This prioritization enables security teams to best use their valuable resources to reduce their highest risk. Reports are available for all audiences, from technically-focused users to executives, providing a customized view into the state of the network.
Ease of Integration
Tripwire IP360 utilizes open standards, enabling the integration of vulnerability and risk management into existing business processes and IT systems such as help desk, asset management, and other security solutions. The comprehensive endpoint intelligence gathered by Tripwire IP360 can be leveraged to enhance existing solutions and drive automation within the security ecosystem.
Distributed, Appliance-Based Architecture
Tripwire IP360 is a secure, easy-to-maintain solution, utilizing a multi-tier, hardened appliance architecture designed for security, ease of installation, and centralized management. It utilizes a locked-down, non-Windows operating system, strong encryption for communications between devices, and frequent system and vulnerability signature updates provided by Tripwire VERT.
Tripwire's appliances are designed with the environment and recycling in mind, and comply with RoHS and WEEE European Union environmental directives, which restrict the use of hazardous substances within computer equipment and requires recycling.
Tripwire offers the most options and greatest flexibility on the market to help meet the varying needs of enterprises. Tripwire purchase and service offerings are designed to provide IT teams with choice, regardless of their financing or administrative requirements.
TRIPWIRE IP360 v7.2
ENTERPRISE-CLASS VULNERABILITY AND RISK MANAGEMENT
Understanding security risk on the global enterprise network is essential to comprehensive IT risk management. However, the high rate of change on enterprise networks, the constantly changing threat environment, and increased focus on internal and regulatory compliance have made this task increasingly difficult. The solution is Tripwire® IP360™, the leading vulnerability and security risk management system that enables organizations to cost-effectively measure and manage their network security risk.
Tripwire® IP360 provides complete visibility into the enterprise network including all networked devices and their associated operating systems, applications and vulnerabilities. It’s an ideal foundational control for effective security risk management. Tripwire’s industry-leading vulnerability and exposure research team (VERT) keeps Tripwire IP360 up-to-date with accurate, non-intrusive discovery signatures that are both current and relevant to large enterprises.
Tripwire IP360 then uses advanced analytics and a unique quantitative scoring algorithm based on several factors— including the vulnerability score and business-relevant asset value—to prioritize the vulnerabilities for remediation. The result is actionable data that enables IT security teams to focus on the tasks that will quickly and effectively reduce overall network risk with the fewest possible resources.
The Tripwire IP360 security risk management solution delivers:
- Comprehensive, agentless discovery and profiling of all network assets;
- Highly scalable architecture with low network and system impact;
- Advanced prioritization metrics combine asset value and vulnerability score; and
- Actionable reporting designed for all enterprise audiences.
Tripwire IP360 discovers all networked hosts, applications, services, vulnerabilities and configurations, which provides a comprehensive view of your network and sets the foundation for effective risk management and compliance processes. Only Tripwire IP360 provides host and network profiling through an agentless, non-intrusive and low bandwidth solution.
Tripwire IP360 discovers a wealth of data about the hosts that reside on your network, but rather than provide that data in an endless list, it prioritizes remediation tasks, which enables users to focus on the items that will most effectively reduce risk on critical systems.
Reports are available for all audiences— from technically-focused users to executives—providing a customized view into the state of the network.
CENTRALIZED REPORTING AND ADMINISTRATION
Tripwire IP360 provides an easy-touse web interface for administration, configuration, reporting and workflow. Highly granular access controls and user roles enable the solution to conform to existing security processes. Customized reports that provide thorough, objective and comprehensive views of risk on the network are available for all audiences— from technically-minded security teams to executives and audit teams.
DISTRIBUTED, APPLIANCE-BASED ARCHITECTURE
Tripwire IP360 utilizes a hardened appliance architecture designed for security, ease of installation and centralized management that is scalable to the largest global enterprises. Utilizing a lockeddown, non-Windows operating system, strong encryption for communications between devices and system and vulnerability signature updates provided consistently by Tripwire, IP360 is a secure, easy-to-maintain solution.
Tripwire IP360 is built on open standards that enable the integration of vulnerability and risk management into existing business processes and IT systems such as help desk, asset management, SIEM, intrusion detection/ prevention and other security solutions. The comprehensive endpoint intelligence gathered by Tripwire IP360 can be leveraged to enhance existing information management solutions and drive automation across the security ecosystem.
TRIPWIRE IP360 HIGHLIGHTS
- Comprehensive discovery and profiling of all network assets
- Customer-designated asset values to place security risk in the context of the business
- Objective risk metrics and automated reporting to measure network security risk and track progress over time
Integrated web application scanning:
WebApp360: Enterprise Class Web Application Scanning
Online systems such as banking, healthcare, e-commerce, and customer support portals increasingly collect and provide access to extremely sensitive data and internal systems that provide a juicy target for opportunistic hackers. Since mid-2006, web application vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection attacks have made up an increasing percentage of newly discovered vulnerabilities and actual reported intrusions.
The commonly held solution to securing web applications has been to perform security testing during development and QA. But what if the application was developed by a third party, and not the enterprise? What if an emergency code change occurred and the security analysis was insufficient? And what about the underlying operating system, adjacent applications, and databases connected to the web applications – none of which are tested by traditional web application scanners? Security assessments that occur during production are the only assessments that give enterprises real time, continuous knowledge of the security posture of their web applications. WebApp360 is designed for exactly that -- web application security testing for production environments.
- Complete web application infrastructure assessment , including web applications, underlying operating systems, and adjacent applications in production environments
- Comprehensive security risk analysis, combining web application coverage with network, operating system, and infrastructure exposure intelligence
- Leverages Tripwire's appliance-based architecture, eliminating the high cost of deployment and maintenance associated with other solutions
WebApp360 extends Tripwire’s market-leading security risk management platform, IP360, to include assessment of enterprise web applications, offering the industry’s most comprehensive view of IT security risk. WebApp360 enables enterprises to automatically and continuously detect critical web application vulnerabilities within the context of overall IT risk, enabling security teams to focus resources on the most important risks. Available as an integrated add-on module to IP360, WebApp360 benefits from IP360’s market-leading scalability, manageability, appliance-based architecture and vulnerability coverage. Together, WebApp360 and IP360 offer customers an unprecedented, prioritized assessment of IT security risk, from web applications to the underlying IT infrastructure supporting them.
Download the Tripwire IP360 Datasheet (PDF).
- Pricing and product availability subject to change without notice.