IBM DataPower XML Security Gateway XS40

Risk and policy management

Gold Award:

Tripwire Enterprise

Tripwire Enterprise

Information security professionals have to deal with more than traditional Internet threats; more than ever they're evaluating and managing risk from a business perspective, which means vulnerability management tools touted for risk management use just won't cut it. Security managers need tools that can keep tabs on incremental changes to the network that could cause irreparable damage.

That's part of what David Lewis, head of security at the Independent Electricity System Operator in Ontario, Canada, was looking for in a tool to help with risk and policy management processes. His organization chose Tripwire Enterprise, the Readers' Choice gold medal winner for risk and policy management.

A longtime user of Tripwire's TSS tool, Lewis has used Enterprise at IESO for approximately seven months. He says it's easy to use, and enjoys that it's Web-enabled and provides tiered-access control.

While many enterprises mitigate risks once they are discovered, with Tripwire, security staff can proactively assess and mitigate risks. Tripwire monitors files, directories, registry settings, directory server objects and configuration files on file and directory servers and network devices, in real time.

Security management will also appreciate Tripwire's "reconciliation techniques" that map to any organization's change policies. These techniques use multiple acceptance criteria, change categories and conditional change actions, making it easier for policymakers to ensure that an authorized person implemented a change and that the change occurred within a defined change window.

Its online dashboards and reports can also be customized for any environment to show status and history across an enterprise. Readers say one area Tripwire could improve is its ability to determine who made a change.

Despite this, Lewis says one major draw of Enterprise is its ability to take the guesswork out of monitoring the system, a feature that will appeal to multitasking managers charged with investigating and mitigating enterprise risks from every angle.

View all Risk and policy management