Tripwire IP360 is a vulnerability management solution that gives organizations control over their VM program. It addresses 10 key questions around control of sensitive data storage and updates, flexible reporting, accurate asset inventory, prioritizing vulnerabilities, and detecting both published and unpublished threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence to enable security automation and comprehensive risk analysis.

1. SOLUTION BRIEFCONFIDENCE: SECURED
ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE
TOP 10 QUESTIONS TO ASK
YOUR VULNERABILITY
MANAGEMENT PROVIDER
GAIN CONTROL OF YOUR VM SOLUTION
uu Tripwire solutions
capture activity data from
monitored assets in order to
meet foundational security
controls—regardless of your
preferred framework. No
matter if you rely on physical,
virtual or cloud-based IT
infrastructure, Tripwire
provides centrally-managed
controls and information you
need to protect your sensitive
data and evaluate risk. u
Threats and vulnerabilities continue to evolve—along with the
technological responses and security controls that manage these
risks. Vulnerability Management (VM), recognized as a critical security
control by the SANS Institute, is likely already a weapon in your IT
security arsenal. Periodically, it’s wise to reevaluate your current
solution to see how it measures up to the latest technology.
Whether or not your solution is coming up on renewal, it’s never
too soon to determine whether your Vulnerability Management
program provides the level of control that your organization’s
IT security team needs. The following checklist provides a “Top
10” list of questions you should be asking about your current VM
solution—and how Tripwire® IP360 addresses each area.

2. Our Current VM Solution Tripwire IP360
1. Do you have control over the storage and trans-
mission of sensitive data used and created
by your vulnerability solution? Vulnerability
scans produce volumes of information about
the security posture of your network that
could be used maliciously if it fell into the
wrong hands. In addition, many VM applica-
tions provide better results when credentials
are used to scan hosts—are your “keys to the
kingdom” stored safely and under your control?
Tripwire IP360 uses hardened appliances with
no data persistence and utilizes encrypted
communications with client certificates.
Most importantly, Tripwire IP360 can be
deployed entirely on your premises, keeping
the data where you want it: in your control.
2. Do you have control over when updates are
applied to your VM solution? Does your VM
provider force automatic updates on you, or
do you get a chance to vet changes to your
VM before rolling them into production?
Tripwire IP360 gives you complete control over
when updates are installed. You can set the
system to automatically update vulnerability
rules if connected to the Internet, or manually
install updates for change-sensitive environ-
ments and air-gapped networks. You can plan
updates around your change windows and
maintenance schedules, not someone else’s.
3. Do you have control over how your
reports are structured to meet the
needs of different stakeholders (execs,
auditors, IT, security teams, etc.)?
Tripwire IP360 helps you connect security
to the business by providing flexible report-
ing across all levels of the enterprise,
tied to flexible, business relevant asset
context that you create and manage.
4. Do you have control over how vulner-
abilities are measured and reported?
Tripwire IP360 provides a choice between
standard CVSS scores or Tripwire’s granular
Vulnerability Risk Scores for actionable intel-
ligence and efficient remediation. Tripwire
IP360 also provides you with the underly-
ing components of the score, so you can
filter results to suit your requirements.
5. Are you in control over your device and
application inventory? Is your asset
inventory accurate and up to date?
Tripwire IP360 not only detects critical
vulnerabilities in your environment, but
it also inventories all the devices, operat-
ing systems and applications present,
providing you with unprecedented aware-
ness of your overall risk posture.
ARE YOU IN CONTROL OF YOUR VULNERABILITY MANAGEMENT SOLUTION?
Ask these questions of your current solution and find out how it measures up to Tripwire IP360

3. Our Current VM Solution Tripwire IP360
6. Can your IT operations team control their
workload by focusing on what’s most
important? Do they know the vulnerabili-
ties that they should fix right now to have
the greatest impact on reducing risk?
Tripwire’s granular Vulnerability Risk
Scores help prioritize the vulner-
abilities you should immediately fix
for the greatest reduction in risk.
7. Do you have control over your perim-
eter, remote and partner networks?
Tripwire IP360 offers both on-premise and
cloud-based vulnerability scanning for scalable
and quick-to-deploy coverage for your inter-
nal, perimeter and partner networks.
8. Do you still have control when new threats and
vulnerabilities are discovered? How quickly is
your VM solution updated to detect them?
Tripwire IP360 offers a 24-hour SLA on
Microsoft security bulletins that include both
authenticated and unauthenticated rules.
9. Can you control your VM solution in the
same way your business is controlled?
Tripwire IP360 integrates asset and network
values to assign business context to report-
ing to match the structure of your business
10. Do you have control over unpublished
vulnerabilities in not only off-the-shelf but
custom-built web applications as well?
Tripwire IP360 includes web applica-
tion coverage with network, operating
system, and infrastructure exposure intel-
ligence to provide comprehensive security
risk analysis—at no additional cost..

4. u Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service provid-
ers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based
on high-fidelity asset visibility and deep endpoint intelligence combined with business-context, and enable security auto-
mation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and
policy management, file integrity monitoring, vulnerability management and log intelligence. Learn more at tripwire.com. u
SECURITY NEWS, TRENDS AND INSIGHTS AT TRIPWIRE.COM/BLOG u FOLLOW US @TRIPWIREINC ON TWITTER
©2014 Tripwire, Inc. Tripwire is a registered trademark of Tripwire, Inc.
All other product and company names are property of their respective owners. All rights reserved. SBGCVM1a 201309