7 Replies Latest reply on Oct 17, 2012 5:31 PM by byrona

    LEM versus Tripwire

    byrona

      I would be curious to hear from folks that have worked with both LEM and Tripwire to get an idea of how they stack up against each other ?

        • Re: LEM versus Tripwire
          nicole pauls

          I know there are some out there, but I don't know where they are...

           

          In general, Tripwire took a more log-centric approach, whereas LEM took a more SIEM-centric approach. I don't want to get too far in the weeds because we're obviously biased in this regard...

           

          Tripwire does have great file integrity and change monitoring, which is their roots going back pretty far now (15 years? I feel old). They acquired log management much later, but they are of course a bit like peas and carrots these days thanks to PCI.

            • Re: LEM versus Tripwire
              byrona

              Thanks for the info.  To provide some background on the question...

               

              Our company is in the process of building security services and log management services (we are a service provider if it isn't obvious) and currently we are using LEM as the technology behind the log management component deploying a LEM appliance for each customer that is interested in the service.  We have recently been asked to take a look at Tripwire to see how it would fit into the mix.

            • Re: LEM versus Tripwire
              phil.garcia

              We have both. 

               

              In general, our security group loves Tripwire and hates LEM.  They are significantly concerned about the default root account and password built-in to LEM which they cannot alter.  They have labeled it a  "backdoor" vulnerability and run around appropriately screaming about it with hair ablaze.

               

              Also in general, our Network group loves LEM and that it integrates with the SolarWinds Orion dashboard.

               

              I believe we can responsibly mitigate the challenges of a default root account and benefit from the holistic single pane of glass.  I'll bet you can guess which group I'm in.

                • Re: LEM versus Tripwire
                  nicole pauls

                  Hey Phil, just to give you some ammo if you don't already have it, the default root password is UNIQUE per LEM appliance and encoded in the "product key". So yes, they can't access or change it, but it's NOT a global password that every LEM install shares, and the key is generated using unique factors to your environment (and some entropy) at deploy time. 99% of customers never really have to get that dirty, so we chose to do it this way instead of requiring everyone to know and love the linux command line and manage another password.

                   

                  Hopefully we can win them over with our featureset

                  1 of 1 people found this helpful
                    • Re: LEM versus Tripwire
                      byrona

                      I did see that the connector was available to mix and match so I was actually thinking that would be a good solution.  I am concerned that doing a per customer install of Tripwire Log Center would be less cost effective than LEM considering you need to also license a Windows OS as well as SQL.

                    • Re: LEM versus Tripwire
                      byrona

                      This is great info Phil, thanks for sharing!