Tripwire IP360

Tripwire IP360 is a vulnerability management solution which discovers assets, identifies vulnerabilities, and helps to prioritize cyberthreat risks. Tripwire IP360 is marketed by Portland, Oregon based Tripwire Inc. Tripwire has over 40+ patents and considerable intellectual property which makes IP360 unique and highly capable. 

Tripwire IP360 is an enterprise-class vulnerability and risk management platform. Tripwire IP360 enables the reduction of cyber risk by identifying the highest risks, and then helping to remediate them. Tripwire IP360 provides a comprehensive risk-based vulnerability assessment with vulnerability scoring and endpoint intelligence integration. Tripwire IP360 is designed to rapidly integrate with existing IT systems like help desk, SIEM, intrusion detection, and more. Endpoint data gathered by Tripwire IP360 can also support automation across your security ecosystem.

Tripwire IP360 fits into any organization fairly easily. It requires at least one hardened Linux-based virtual or physical appliance. it also provides a web interface for configuration, administration, reporting and more. 

Tripwire IP360 provides discovery of all network assets in the cloud and on-premise. It provides network visibility which includes all devices and their associated operating systems, resident applications and identified vulnerabilities. Tripwire IP360 is supplemented by discovery signatures provided by the Tripwire Vulnerability and Exposure Research Team (aka the VERT).

Tripwire IP360 discovers networked hosts, applications and services and then searches for specific vulnerabilities based on the identified operating system, applications and services. Agent-based vulnerability management provides an accurate assessment such as laptops and other devices. It is also available in the AWS and Azure marketplaces for authorized scanning. Tripwire IP360 can discover and assess both stopped and running containers which is important to organizations invested in DevOps procedures.

Scanners are often distributed for the consolidation of reporting. You can use out-of-the-box scan profile options or build and customize your own. Scan scheduling allows you to select the time windows for scanning that work best for your organization. 

You will have to check with Tripwire directly to find out exactly what reporting is available with respect to compliance. Important compliance reporting is provided for PCI-DSS, IAVA, and SCAP/CyberScope standards:

• The Payment Card Industry Data Security Standard is an information security standard for organizations that use credit cards. The PCI Standard was developed by the major founding card brands and administered by the Payment Card Industry Security Standards Council. 
• An information assurance vulnerability alert (IAVA) is an announcement of a computer application software or operating system vulnerability notification in the form of alerts, bulletins, and technical advisories identified by US-CERT, https://www.us-cert.gov/. 
• The Security Content Automation Protocol (SCAP) is a method for using specific standards to enable automated vulnerability management, measurement, and policy compliance evaluation of systems deployed in an organization, including e.g., FISMA (Federal Information Security Management Act, 2002) compliance.

Vulnerabilities are reported in standard CVE and CVSS formats. Reporting templates are Windows-based and leverage a SQL database.

Tripwire IP360 assigns a numerical rank to vulnerabilities. This makes it obvious as to the high risk vulnerabilities that require attention. Tripwire subsequently reviews each vulnerability for how easily it can be exploited. Tripwire also considers the privileges that an attacker can acquire during a successful exploitation. This creates two vectors, ease of exploit, and impact of exploit, that can be used to assess overall greatest risk. These two vectors are combined with the age of the vulnerability to provide a vulnerability risk score. This risk score can now be applied to the process of prioritizing and mitigating risk. 

Best practices are important when using any software tool. These are areas which are often reviewed to the user’s benefit. This analysis can be provided as a professional services deliverable. Areas of importance to the best practice use of Tripwire IP360 include:

• Mapping the Tripwire IP360 deployment to the target network architecture
• Optimizing configuration parameters such as Dynamic Host Tracking
• Managing credentials 
• Interpreting results from vulnerability scan reports
• Correcting load balancing
• Adjusting configuration settings to remediate scan errors, incomplete scans, and problems, often related to misconfiguration
• Addressing operational issues around backup
• Upgrading your installed versions of Tripwire IP360 – this is critical to have the most recent version
• Integration of Tripwire IP360 with other systems

Tripwire IP360 is one of several security management solutions offered by Tripwire, including:  

• Tripwire Enterprise. Tripwire’s Enterprise is a security configuration management (SCM) suite that provides fully integrated solutions for policy, file integrity and remediation management. It includes fully-integrated solutions for policy, file integrity monitoring (FIM) and remediation management. 
• Tripwire File Analyzer. Tripwire File Analyzer allows your team to assess if new files introduced in your environment include malware. 
• Tripwire Configuration Manager. Tripwire Configuration Manager enforces the configuration of your cloud assets based on Amazon Web Services (AWS) and Microsoft Azure. Cloud misconfiguration is a major source of cloud data breaches and so this software tool can potentially reduce risk in many areas.
• Tripwire IP360. This is Tripwire’s vulnerability management solution which discovers assets, identifies vulnerabilities and helps to prioritize risks. Vulnerability management solutions enable cost-effective reduction of cyberthreat risk by bringing attention to the highest risks and protection for the most critical assets.
• Tripwire Connect. This is a visualization and reporting platform for Tripwire Enterprise.
• Tripwire Log Center. Log Center collects, analyzes and correlates log data from various devices, servers and applications across your enterprise. Log Center’s correlation engine identifies and responds to events of interest. Responses can include creating a ticket, executing a command, or sending a notification or alert email. Tripwire Log Center integrates with Tripwire IP360 and  Tripwire Enterprise.
• Tripwire ExpertOps. Tripwire ExpertOps is a professional services offering that can help you get everything running rapidly and then maintain operations and synchronization with your internal staff. 
• Tripwire Industrial Visibility. Tripwire Industrial Visibility brings industrial control system operator high visibility into the devices and activity on their network. Industrial Visibility includes event logging, change management, deep packet inspection, and threat detection. 

Want to learn more? Check out our FREE Bugcrowd University to sharpen your hacking skills.

Organizations the world over need your help! Join our researcher community to connect with hundreds of organization programs focused on finding their security vulnerabilities. Our vast directory includes programs for all skill levels, across many industries and from around the world.