The Center for Cyber Security, Information Privacy and Trust at Penn State’s College of Information Sciences and Technology (IST) was recently the beneficiary of a unique gift: A cloud-based risk and analytics security platform called Benchmark, which is comprised of technology valued at $11.75 million.
Benchmark was the first publicly-available service of its kind , and was designed to help organizations understand where security resources and investments could be most effective, and it can provide complete visibility into security and compliance solutions from a large number of vendors across several disciplines.
Tripwire tapped Penn State for this donation to help develop a community of experts that will now be able to share information and analytics in a manner that they have never been able to do before, as well as to assist in the education of future security leaders.
“This very significant gift provides unique opportunities for the College of IST for research, education and outreach. Our research in cyber security, big data analytics and discovery, and human-computer interaction match very well with Tripwire’s evolving database and toolkit,” said Dr. David Hall, dean of the College of Information Sciences and Technology.
“We will be able to use this gift in classroom exercises and in the curricula for our undergraduate Security and Risk Analysis (SRA) major and graduate program in Cyber Security and Information Assurance. We are very thankful for Tripwire’s generosity and will display the gift prominently in the IST Building’s new laboratory.”
Participating organizations will also be able to compare their security and compliance programs against industry peers in order to reduce security risk and compliance exposure, increase assessment reliability and confidence, generate increased security and compliance awareness, automate and integrate your control assessments, and reduce compliance management and audit costs with unified reporting.
“We’re excited about our partnership with Penn State’s College of IST. Our goal is to support their renowned security and risk analysis program and help mold the next generation of cybersecurity leaders,” said Rod Murchison, vice president of product management for Tripwire and Penn State alumnus.
“In addition, this donation has the potential to have an enduring and positive impact on today’s cybersecurity professionals by providing the kind of industry analytics necessary to maximize the value of existing security investments.”
As a cloud-based service, Benchmark can transform the large volumes of data produced by security applications into useful metrics and key performance indicators and visualizes them in scorecards, including data produced by:
- Antivirus & Endpoint Protection
- Vulnerability Management
- Identity & Access Management
- Configuration Auditing
- Patch Management
The unwieldy volumes of data are reduced to relevant and actionable performance indicators which are visualized in easy to understand scorecards designed for everyone from CISOs to security analysts, enabling organizations to measure and track their security posture over time and make comparisons against industry peers represented in the overall Benchmark metrics.
Benchmark then provides a comparison of the organization’s scorecards to the overall Benchmark – a performance measurement and comparison against peers that are continuously updated by the participating organizations themselves.
“I think benchmarking can be a very important piece of intelligence for management. A site like Benchmark has the potential to be a significant factor in how security decisions are made,” said Alex Hutton(@AlexHutton), Director of Operations Risk & Governance for Zions Bancorporation and a recognized leader in risk management strategies.
Benchmark will also allow organizations who have limited resources and personnel to have unprecedented visibility into how their security programs stack up against others in their sector, as well as allowing them to more effectively evaluate how and where to spend their limited security budgets in order to get the most return on their investments.
“One of the biggest problems for organizations below the ‘security poverty line‘ is that they don’t have the money or resources to analyze the data from whatever security tools they do happen to have,” said Wendy Nather (@451Wendy), research director for information security at 451 Research.
“If anything will save us as an industry, it’s information-sharing, in the form of peer benchmarks and generous collaboration. The Benchmark tool will help organizations get that much closer to addressing both of these issues.”
The Benchmark donation also continues Tripwire’s legacy of giving back to the community. The first version of Tripwire was written by Gene Kim and Dr. Eugene Spafford at Purdue University in 1992 and released to the open source community.
Since 1999 Tripwire has continued to innovate and expand on the platform to a complete suite of security solutions which help organizations manage incident detection, security policy enforcement, reduce the attack surface and automate regulatory compliance.
“Information security is a truly a community effort. Tripwire has a history of giving back to the community, and this gift of the Benchmark platform to Penn State continues that tradition,” said Gene Kim, founder and former CTO of Tripwire, and author of The Phoenix Project: A Novel About IT, DevOps, and Helping Your Business Win.
- Twenty Critical Security Controls: Making Cybersecurity Simple and Effective
- Selling Security: Risk-Based vs the Mutual Business Benefits Approach
- Managing Security with Limited Resources
- Helping the Business Understand Security Imperatives
Check out Tripwire SecureScan™, a free, cloud-based vulnerability management service for up to 100 Internet Protocol (IP) addresses on internal networks. This new tool makes vulnerability management easily accessible to small and medium-sized businesses that may not have the resources for enterprise-grade security technology – and it detects the Heartbleed vulnerability.
The Executive’s Guide to the Top 20 Critical Security Controls
Tripwire has compiled an e-book, titled The Executive’s Guide to the Top 20 Critical Security Controls: Key Takeaways and Improvement Opportunities, which is available for download [registration form required].
Title image courtesy of ShutterStock