Tripwire Inc just released three new versions of its core products, with big updates to Tripwire Enterprise, Tripwire Log Center, VIA Data Mart. Pretty cool news, right?
Sort of. If you love reading press releases (who does?) go here. If you want to know “What’s new” (in our best marketing speak) go here.
But what inspires and motivates me about all this is not the new releases, but the new thinking behind our combined product launch. This thinking is best summed up in a recent write up by the 451 Group’s Javvad Malik who said:
“Tripwire is making an enhanced effort to address customer challenges by bridging the communication gap between IT security and the business.”
See, we made a discovery in the last year and a half that’s changed the way we think and the way we bring our products to market. One way it can be represented is in the “pyramid image” at the bottom of this post, but it can also be put in much simpler terms:
You can provide the best detective controls on the market (we do), and the best enterprise-wide protective systems available (yep…check), but it doesn’t matter if you can’t connect IT security to the businesses and mission it serves.
There’s a fundamental challenge facing IT security today that Tripwire is uniquely positioned to address: if the IT security team can’t help the business understand how technical risks managed by technical controls translate to business risks managed by business execs, it’s irrelevant. It needs to solve a language problem.
If it doesn’t, IT security will do good work, and it’ll protect the business as well as its budget allows, but it will never be a part of the business.
We have great new capabilities to solve this problem. Want to know about them?
- There’s a new executive brief on “Connecting Security to the Business” – if you’re CISO looking at how to solve this problem, we may have insight for you.
- There’s also a new solution brief on how to translate technical risk to business risk – if you’re an InfoSec Director or security architect I encourage you to read it.
But the real news is this: we’re now giving you — the CISO, the InfoSec director, even the security analysts — the ability to:
- Put what you do in a context the business understands, appreciates and values
- Align what you do to what the business cares about
- Be a trusted adviser to executives and boards who are planning for the road ahead, and not a scapegoat for the way things are
And that’s good news.
Look for the upcoming posts on PROTECT and DETECT to get a glimpse of how these capabilities work together to solve end-to-end IT security problems.