Qualys TruRisk Platform vs. Tripwire IP360

It is well suited for environments that are looking for a solution that is top notch for vulnerability scanning, and is the most accurate at doing so. It would also fit environments that have a lot of endpoints to scan or like to have scanning done on an automatic basis. It is less appropriate in environments that want to use a platform right away, without getting training in how to use it, or reading documentation on the product.

Incentivized

I think Tripwire IP360 is suited for any environment as long as the leadership is willing to support the outcome.

Incentivized

• Attestation is so easy with Qualys. I find this one feature makes the investment worth the cost
• Ease of use. Within an hour of first installing, a person can be running compliance tests without a hitch.
• Great training materials and support. I have never had to take more than twenty minutes to solve a problem either through support or the forums.

Incentivized

• I find the Tripwire IP360 reporting features extraordinary. I can run various audit and inventory reports at any point since the inception of the tool. For example, I can execute a report on the history of an asset, which establishes a baseline and can be used to support many security objectives.
• Scan scheduling. This feature allows the tool to run independently without human intervention. I don’t have time to manually run scans of different departments. Therefore, I schedule all my audits and check the report the next day. This has worked brilliantly for 3 years now.
• Automated update of the vulnerability rules. Automatically updating these rules and binding them to the scans preserves the tool relevancy during audits

Incentivized

• Notices some findings which were not clear why they appear(suspected false positive).
• Working with Qualys support(for example due to the previous point) wasn't the best experience. the response was very slow.
• Qualys limit the daily API requests. In case you need more, it will cost.

Incentivized

• I’d like to see IP360 have the ability to discover additional security appliances such as PaloAlto and Fortinet appliances.

Incentivized

Again, the usability of Qualys has been a pinpoint for this entire review. It was easily the worst thing about the product and because of this, I would not recommend Qualys to anybody in my field. This should be something that Qualys strives to improve if they wish to stay in business.

Incentivized

They had a support page within the WAS to report any concerns or seek help. But the UI of that is not smooth. Regardless support staff were pretty responsive and helpful. They scheduled calls to understand and address our problems. Email support is good as well.

Incentivized

We find that Nessus is a great product, on par if not slightly better compared to Qualys in terms of their pricing model. However, Qualys Cloud Platform has better quality reporting, and offers great tips and suggestions on quickly closing a gap and eliminating the risk. In our organization, both products are great and meet our expectations, but due to pricing, we favor Nessus slightly more.

Incentivized

I chose Tripwire IP360 because of its flexible reporting features

Incentivized

• The most important thing that happens with this program is to automate one hundred percent the security of my system since this program is in charge of supervising each of the applications and websites in detail.
• One of the purposes for which we trust Qualys Cloud Platform is to keep our system clean and secure; the ability of this software to manage our vulnerability makes us more cautious about working with it.

Incentivized

• The biggest impact Tripwire has had in the organization is risk reduction. Since the inception of the tool our vulnerabilities have been reduced by 40%.

Incentivized