Last week’s announcement that Tripwire will be acquiring nCircle, a leader in risk and security performance, created quite a stir in the security industry – and rightly so. The move represents a definitive step forward in Tripwire’s ongoing mission to enable organizations to dynamically align their security posture with their primary business objectives.

While we cannot comment further on the deal for a while due to regulatory restrictions, others not associated with either company certainly can – like the analysts from the 451 Research group.

As background for this storyline, early last fall Tripwire initiated a Connect > Protect > Detect enterprise security strategy when we announced a trio of updates to our Tripwire Enterprise, VIA Data Mart, and Tripwire Log Center products, creating a powerful integrated security solutions platform. By doing so, Tripwire demonstrated our concerted effort to respond to our customers’ desire to close the gap between security efforts and core business activities.

“The commitment that Tripwire has shown to closing the technology-business divide is evidenced in its tri-product update – rather than delving into technical nitpicking, almost all of the updates have been designed with the business user in mind, giving it an air of ‘total GRC,” a 451 Research Report released last September said of the enhancements. “The biggest benefit we see with this release is Tripwire’s ability to speak directly to the business and present information in an executive-friendly manner about what is and isn’t of importance.”

“With its revamped focus on the business and a shift toward GRC capabilities, Tripwire could continue to expand its portfolio into new markets,” the 451 Research report continued. The author, an up and coming analyst named Javvad something-or-another, seems to be a fairly bright chap, as that is exactly what the nCircle acquisition does for our market relevance.

451 Research Report on Tripwire's nCircle Acquisition

451 Research Report on Tripwire’s nCircle Acquisition

That seemingly clairvoyant Javvad character over at 451 Research, and his cohort Brenon Daly, recently followed up on the earlier analysis of Tripwire with a report examining the implications of the nCircle deal, saying of the move: “From a company standpoint, we believe this acquisition brings together extremely complementary technologies under one roof.”

Yes, indeed it does.

Javvad went on to say, via an email conversation, that “beyond becoming a bigger player in the market, Tripwire’s ambition is to benefit organizations by linking security risks to business objectives, the acquisition of nCircle being a step in that direction.” I tell you, this guy are pretty darn sharp.

Tripwire was founded back in 1997 by Gene Kim, who had several years earlier developed the core technology that drives the company’s solutions while a graduate student at Purdue University studying under the tutelage of Eugene Spafford. The company first concentrated on configuration and change management, then moved on to offer FIM and log/policy management solutions.

nCircle was founded in 1998 with a focus on vulnerability management technologies and automating compliance in order to reduce risk, providing solutions that also allow organizations the ability to measure the performance of their IT security programs against objective benchmarks.

“Looking at the combined entity from a financial and operational perspective, the deal forms a company with approximately 500 employees and some $140m in sales. The transaction allows Tripwire to break into the adjacent vulnerability assessment (VA) sector as well as expand its offering broadly, both in terms of feature set and deployment options,” the 451 report aptly explains.

“The vulnerability management space is experiencing a resurgence as enterprise infrastructures have not only become more distributed, but in some cases also no longer operate under the control of the enterprise at all. We’re witnessing a shifting landscape where the future of vulnerability management perhaps looks like a commoditized piece of a larger security portfolio play,” the 451 Research report continued.

We can’t say it ourselves at this point in the acquisition process – but if we could, we certainly could not sum it up better than the 451 analysts did when they concluded that “with the acquisition of nCircle, Tripwire is casting its net wider while not losing its firm grip on the compliance angle that brought it to the dance.”

Bravo. Let’s dance…

Categories: Risk-Based Security for Executives, ,

Tags: , , , , , , , , ,


Leave a Reply

Anthony M Freed

Anthony M Freed has contributed 483 posts to The State of Security.

View all posts by Anthony M Freed >