Tripwire, Inc: Ensuring Effective Communication for Managing Cyber Security Risks

Jim Johnson, CEO
“Organizations are being targeted by cyber threats at a much faster pace than ever before; in 2014 we saw 140 million pieces of malware–that’s over 390,000 pieces of new malware per day,” begins Jim Johnson, CEO of Tripwire. “Under these rapidly changing threat conditions many legacy security solutions are simply not effective.” This problem is exasperated by the gap between the language security technologists use to describe these rapidly evolving risks and language used to describe business risk in the board room. This communication gap presents a significant barrier to effective risk management and leadership. Bridging the gap requires that security executives provide business context around security risks that allow business leaders to calibrate security investments with risk tolerance and weigh these investments against other business priorities. Portland based Tripwire delivers the required business context along with security automation and enterprise integration that Johnson believes are the foundation of an effective, next generation security ecosystem.

Delivering security data with business context makes it possible to connect security efforts to each organization’s unique priorities and helps to identify the specific security risks facing each organization. Automation is crucial to delivering defenses that operate at machine speed—a particularly critical element of cyber security protection because of the speed at which attackers now operate. “Finally, enterprise integration is a key element of our portfolio, and we include over 100 security solutions in this effort, because integration between best of breed tools makes it possible to deliver optimal results for our customers,” explains Johnson.

Being a provider of advanced threat, security and compliance solutions, Tripwire is uniquely positioned to play a pivotal role in helping organizations transition to more dynamic security architecture. “Tripwire’s products understand change on critical endpoints inside the data center as well as the business context associated with those assets,” notes Johnson.
“Our portfolio of vulnerability management, security configuration management and log intelligence solutions deliver superior detection, prevention and response against even the most sophisticated cyber security threats.”

Tripwire solutions are available as agent-based and agent-less, virtual and on-premise appliances, as well as hosted and managed solutions. “Our goal is to deliver real-time security intelligence in flexible ways that meet a wide variety of organizational needs,” states Johnson. Tripwire’s solutions absorb, filter and prioritize changes based on business, technical, compliance and regulatory risk. This detailed change information combined with business context intelligence is used to create a prioritized list that optimizes operational resources and allows organizations to focus remediation efforts on the areas of greatest risk to their unique business. The information can easily be organized by business unit, geography and regulatory requirements. “In fact, our customers have adopted a business context model to build and manage a culture of information security management across their organizations,” states Johnson. This holds true for Agora, a worldwide holding company for publishers of financial, health, travel and special interest books and newsletters. After building a new infrastructure to store their highly sensitive information, Agora deployed and implemented Tripwire Enterprise to monitor and detect for changes. “The daily change reports enables Agora to better understand what has happened in their environment,” elucidates Johnson. “The addition of Tripwire Log Center also provides Agora with events of interest that they can then cross check with Tripwire Enterprise’s changes to provide the whole picture.”

Tripwire’s solutions have increased the efficiency of numerous organizations including over half of the Fortune 500; Tripwire solutions have been widely adopted in the utilities, global retail, financial services and telecommunications industries. The firm’s recent acquisition by Belden has provided a new focus—addressing the security concerns related to critical infrastructure connected with the Industrial Internet of Things. “Belden and Tripwire are working together to deliver the next generation of resilient cybersecurity solutions designed specifically to address the unique requirements of this market,” concludes Johnson.

Tripwire, Inc News

Tripwire Survey: 76% of Security Professionals Say Maintaining Secure Configurations in the Cloud is Difficult

Subhajit Bagchi, President, Tripwire Inc.

PORTLAND, Ore. – Tripwire, Inc., a leading global provider of security and compliance solutions for enterprises and industrial organizations, today announced the results of a survey on the implementation of cloud security best practices. Conducted by Dimensional Research last month, the survey evaluated the opinions of 310 security professionals.

According to the survey, a number of organizations face shortcomings in monitoring and securing their cloud environments. A majority of security professionals (76%) state they have difficulty maintaining security configurations in the cloud, and 37% said their risk management capabilities in the cloud are worse compared with other parts of their environment. Almost all (93%) are concerned about human error causing accidental exposure of their cloud data.

Attackers are known to run automated searches to find sensitive data exposed in the cloud, making it critical for organizations to monitor their cloud security posture on a recurring basis and fix issues immediately. However, Tripwire’s report found that only 21% of organizations assess their overall cloud security posture in real time or near real time. While 21% said they conduct weekly evaluations, 58% do so only monthly or less frequently. Despite widespread worry about human errors, 22% still assess their cloud security posture manually.

“Security teams are dealing with much more complex environments, and it can be extremely difficult to stay on top of the growing cloud footprint without having the right strategy and resources in place,” said Tim Erlin, vice president of product management and strategy at Tripwire. “Fortunately, there are well-established frameworks, such as CIS benchmarks, which provide prioritized recommendations for securing the cloud. However, the ongoing work of maintaining proper security controls often goes undone or puts too much strain on resources, leading to human error.”

Most organizations utilize a framework for securing their cloud environments - CIS and NIST being two of the most popular - but only 22% said they are able to maintain continuous cloud security compliance over time. While 91% of organizations have implemented some level of automated enforcement in the cloud, 92% still want to increase their level of automated enforcement.

Additional survey findings show that automation levels varied across cloud security best practices:

Only 51% have automated solutions that ensure proper encryption settings are enabled for databases or storage buckets.

Less than half (45%) automatically assess new cloud assets as they are added to the environment.

A slim majority (51%) have automated alerts with context for suspicious behavior.

Tripwire, Inc

Portland, OR

Jim Johnson, CEO

Delivers advanced threat, security and compliance solutions.