Friday, March 27, 2009

NYTimes calls Tripwire a fall hazard

The venerable NY Times is reporting that the Tripwire used at home can be a fall hazard. However, Tripwire at home offers many advantages (health and emotional benefits) unlike the product used in the Enterprise which has often delivered severe emotional shocks to many customers.

Solidcore has ample evidence that Tripwire Enterprise customers have suffered from different types of shocks including, but not limited to, sticker-shock, pci-coverage-shock and bloatware-shock. Sticker shock hits the customers when they are presented the first quote after the initial demo. Tripwire has recently managed to alleviate the pain caused by this shock through deep discounting of prices.

PCI coverage shock is a recent phenomenon and affects customers who are looking for PCI compliance solutions. At the outset, this shock makes everyone think they were stupid to deploy anti-virus and run vulnerability scans and penetration testing as mandated in PCI DSS sections 5, 11.2 and 11.3. After all, they could have achieved the same using Tripwire had they thought about it at first. However, this shock dampens once the QSAs and other vendors point out that Tripwire's PCI coverage whitepaper is not worth the paper it is printed on.

Bloatware shock is experienced only by customers who have used Tripwire in the past. After-effects of this shock include incredulity and deep anger that Tripwire has not introduced any significant changes to their UI or feature set in the last 10+ years in business. The few features that were added, including Configuration Assessment capability, have made the product more complicated and difficult to use than ever before. Tripwire's marketing department claims that only a minority of customers will suffer from this shock as there are more people who have not used Tripwire than those who have.

These reports have been confirmed by analysts from top-tier firms like Gorretner and the 911 group. Tim Ikestotalk from Gorretner says "It is unrealistic for customers to expect that a product named Tripwire will not deliver shocks. The name itself was chosen to signify how administrators will be shocked whenever they perform tasks that are anything but the most standard and mundane ones". The 911 group adds "Tripwire has been extremely successful in pulling the wool over customers eyes when it comes to PCI coverage. We have been receiving many calls from customers who feel cheated by Tripwire, but we can understand Tripwire's behavior. In these hard economic times, it is indeed very difficult to sell a product that offers so little to so few for such a high cost". Clearly, as the NYTimes puts it "no one had looked at this. It was all anecdotal." Until now, that is.

Names of all characters in this article have been changed to protect them from receiving shocks