Tripwire Survey: 75 Percent of Security Professionals Don't Believe Buying All Available Security Tools Would Fully Protect Their Organizations

Critical security controls continue to play crucial role in cybersecurity

July 12, 2017 — PORTLAND, Ore. — Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a survey of 350 information security professionals that found 75 percent of respondents did not believe that buying every security tool available on the market would enable them to fully protect their organizations. The survey was conducted June 6-8, 2017, at Infosecurity Europe 2017 at the Olympia Conference Centre in London.

Tripwire’s survey also found that nearly half of respondents (46 percent) had purchased security tools that failed to meet their organization’s needs.

“New tools and technologies enter the information security market all the time, but it’s clear that many of them simply don’t meet the needs of the market,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Focusing on the basics that have been demonstrated to work may not make headlines, but it does make sense.”

Erlin continued, “Very often, the biggest bang for the security buck is making sure foundational security controls are in place. The fundamentals of finding and patching vulnerabilities, making sure systems are securely configured and monitoring your systems for change go a long way in maintaining a strong security posture.”

The findings also suggested that the larger the company, the less confident employees were about cybersecurity tools fully protecting their organizations. For organizations with fewer than 1,000 employees, only 32 percent felt they would be fully protected if they had invested in all the available security tools. This decreases by more than half with businesses 1,000 to 5,000 employees (19 percent) and even further with businesses that have more than 5,000 employees (15 percent).

Recent events have shown that basic security controls can effectively protect organizations, even without the help of some of the latest tools on the market. The scale of attacks such as Heartbleed, WannaCry, and now Petya have been attributed to organizations using outdated and unpatched systems, rather than a lack of appropriate defensive tools. These high-profile attacks have highlighted that paying attention to basic security hygiene and ensuring foundational controls are in place can effectively fend off damaging attacks.

About Tripwire

Tripwire is a leading provider of security, compliance and IT operations solutions for enterprises, industrial organizations, service providers and government agencies. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business context; together these solutions integrate and automate security and IT operations. Tripwire’s portfolio of enterprise-class solutions includes configuration and policy management, file integrity monitoring, vulnerability management, log management, and reporting and analytics. Learn more at, get security news, trends and insights at or follow us on Twitter @TripwireInc.

Press Contacts

Ray Lapena
PR Manager