Tripwire Survey: 75 Percent of Security Professionals Don't Believe Buying All Available Security Tools Would Fully Protect Their Organizations

Critical security controls continue to play crucial role in cybersecurity

July 12, 2017 — PORTLAND, Ore. — Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a survey of 350 information security professionals that found 75 percent of respondents did not believe that buying every security tool available on the market would enable them to fully protect their organizations. The survey was conducted June 6-8, 2017, at Infosecurity Europe 2017 at the Olympia Conference Centre in London.

Tripwire’s survey also found that nearly half of respondents (46 percent) had purchased security tools that failed to meet their organization’s needs.

“New tools and technologies enter the information security market all the time, but it’s clear that many of them simply don’t meet the needs of the market,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Focusing on the basics that have been demonstrated to work may not make headlines, but it does make sense.”

Erlin continued, “Very often, the biggest bang for the security buck is making sure foundational security controls are in place. The fundamentals of finding and patching vulnerabilities, making sure systems are securely configured and monitoring your systems for change go a long way in maintaining a strong security posture.”

The findings also suggested that the larger the company, the less confident employees were about cybersecurity tools fully protecting their organizations. For organizations with fewer than 1,000 employees, only 32 percent felt they would be fully protected if they had invested in all the available security tools. This decreases by more than half with businesses 1,000 to 5,000 employees (19 percent) and even further with businesses that have more than 5,000 employees (15 percent).

Recent events have shown that basic security controls can effectively protect organizations, even without the help of some of the latest tools on the market. The scale of attacks such as Heartbleed, WannaCry, and now Petya have been attributed to organizations using outdated and unpatched systems, rather than a lack of appropriate defensive tools. These high-profile attacks have highlighted that paying attention to basic security hygiene and ensuring foundational controls are in place can effectively fend off damaging attacks.

About Tripwire

Tripwire is the trusted leader for establishing a strong cybersecurity foundation. Partnering with Fortune 500 enterprises, industrial organizations and government agencies, Tripwire protects the integrity of mission-critical systems spanning physical, virtual, cloud and DevOps environments. Tripwire’s award-winning portfolio delivers top critical security controls, including asset discovery, secure configuration management, vulnerability management and log management. As the pioneers of file integrity monitoring (FIM), Tripwire’s expertise is built on a 20+ year history of innovation helping organizations discover, minimize and monitor their attack surfaces.

Learn more at, get security news, trends and insights at, or connect with us on LinkedIn, Twitter and Facebook.

Press Contacts

Ray Lapena
PR Manager