On Tripwire and the Future of Security: A Letter from Tripwire’s President

Published on November 30, 2015
On Tripwire and the Future of Security: A Letter from Tripwire’s President

I have been in the field of security for over two decades. During this time, I have seen solution providers deliver increasingly feature-rich and sophisticated products, solutions and services, enabling organizations to be more secure. Furthermore, I’ve seen many companies change their entire approach to cyber security – companies that, for the most part, fit the following criteria:

  • Place significant value on their digital assets;
  • Value their business brand;
  • Interact with customer financial, confidential and PII (Personally Identifiable Information) data;
  • Operate critical national infrastructure; and
  • Observe regulatory and/or industry legislation and mandates.

These companies clearly serve as an example for us all. Even so, the overall picture of security is incomplete. While networks are rapidly expanding, we are seeing that scale and complexity are proportionally rising, with skills and resources still in very tight supply. In an effort to address these issues of usability and scale, we need to evaluate the security basics and understand how we – as solution providers – can assist our customers and pave the way for the future of security.

Articulating Tripwire's Place in Cyber Security

Cyber security involves a series of ideally integrated digital security systems and solutions that can help organizations answer the following questions:

  1. What are the assets (physical & virtual, applications & services) on the network?
  2. In what state (of security and compliance) are the assets? – i.e.: Are they configured and operating correctly?
  3. Has anything deviated from the desired state, and if so, what?
  4. What needs to be addressed, and in what order?
  5. How will we engage in remediation? – i.e.: workflow on configuration, patching etc.
  6. How do we validate corrective action is complete and timely?

Through this security model, Tripwire is committed to delivering information security solutions for enterprise and government networks with an explicit focus on mission critical systems. The Tripwire portfolio currently includes

  1. asset discovery and profiling,
  2. system configuration management,
  3. vulnerability management,
  4. intelligent log solutions.

All of these can be implemented as either discrete or integrated solutions. Alternatively, our solutions can be extended beyond Tripwire to provide integration with other tools in the security or operations arsenal. The interest in our solutions and our corporate history, Tripwire’s customer base is largely composed of enterprises that need to assure business continuity, protect sensitive information and operate critical networks. Our customers include financial institutions, government agencies, retailers, energy providers, healthcare institutions, technology and telecommunications providers and progressively food, distribution and manufacturing amongst others. Just as the cyber security challenges are expanding, so too is Tripwire continually evolving to tackle these new issues head-on. Here are a few examples of how we’re helping our customers:

  • Tripwire consistently delivers the broadest and deepest support for platforms and devices, scaling manageability to more systems across the extended enterprise.
  • Our customers are extending their Tripwire investments beyond critical infrastructure environments and into other parts of the organization, as well as their supply chain.
  • The Tripwire Technology Alliance Program supports a rich ecosystem of security technology partners, including organizations like Splunk, ServiceNow and Cisco. We will continue to expand our integrations with reputable providers to deliver customers with complete solutions for advanced protection.The market is starting to express the desire to “dig deeper” on the data they collect on critical assets to find advanced threats and indicators of compromise. This is a new category of products and solutions referred to as “Endpoint Detection and Response (EDR)” by Gartner. Extending our product capabilities to detect more of the changes on an asset, analyze the changes in context and provide remediation in a manual or automated fashion is something we are well suited to deliver.
  • Our products and solutions also lend themselves to more specialized vertical applications. Today, we sell security, IT operations and compliance solutions across many industries. However, we’re also successfully delivering specialized services and solutions for particular industries, such as NERC CIP solutions, to the energy and utilities sector, and point-of-sale (POS) threat protection solutions to retail, hospitality and entertainment industries.

We are also very excited to be part of the Belden family. Tripwire and Belden have similar values and philosophy around profitable growth. It is core to the way we operate, and it is good to be in an organization that values this. In addition, Belden envisions more growth opportunities in new markets that are not available to traditional IT security companies – and specifically the industrial market that demands reliability and vendor credibility. With a rapidly growing customer base in energy and utilities, we are currently pursuing integrating with Belden’s network security products for the benefit of delivering industrial cyber security to the Industrial Internet of Things (IIOT). Together, we believe we have an advantage as this market evolves.

Preparing for Future Threats

We at Tripwire are committed to using the cyber security model mentioned above in an effort to expand and meet the security threats of tomorrow. We will continue to work together as an industry to address cyber security challenges. I believe in the need to have a comprehensive strategy and to follow a security model that allows for integration and automation. Likewise, continuous monitoring of assets is necessary across the extended enterprise. Lastly, organizations with effective incident response and business recovery/continuity plans will be more prepared to fight cyber attacks. Realism goes a long way in security. It is imperative that we be prepared for whatever might come our way.  

gus-malezis.jpg

About the Author: Gus Malezis is President of Tripwire and began his career in technology 30 years ago with roles at companies including Merisel, 3Com and McAfee. In 2005, he joined nCircle as Vice President of Worldwide Sales and retained that role at Tripwire following its acquisition of nCircle in 2013. Mr. Malezis’s ability to successfully lead organizations in the ultra-competitive vulnerability and security configuration management at nCircle made him a natural fit to lead Tripwire’s next phase of growth. Mr. Malezis attributes the exponential growth he’s delivered during his tenure with Tripwire to first rate products and services, along with a world-class sales organization. Title image courtesy of ShutterStock

Join over 20,000 IT security pros who get our top stories delivered to their inbox every week!