The circle of vulnerability management
Malware hits the Mac but is it worth worrying about?
Following the recent acquisition of nCircle, I recently got a chance to talk with Tripwire's chief technology officer and senior manager of corporate communications about the company's new addition.
I dealt with the company fairly regularly for the first few years of my time here at SC, in which time Tripwire was a major player in the compliance market. It was acquired by the Thoma Bravo organisation in 2011 and until its purchase of the vulnerability management company nCircle, it had remained fairly silent.
Dwayne Melancon, who was promoted to the position of CTO after the departure from the position by founder Gene Kim, explained that the deal was intended to better cover security and to "add a vision of how to be secure and add security controls".
He said that it was important for the company to produce a solution that would address how vulnerable something is to attack. "If you can assess vulnerabilities and work with the Tripwire engine, you can tell a user how vulnerable they are," he explained.
Melancon said that the process since the purchase was to work with nCircle's team on how to build the patching systems into its own products to connect the infrastructure. At the time of meeting, the acquisition was only a few weeks old so the process of baking the vulnerability management software into a compliance engine was challenging.
“All feeds lead to intelligence to see what you are looking for, and knowing what is wrong and what the state of the systems are, and feed this into the log management and security incident and event management (SIEM) technologies,” Melancon said.
Melancon said that the company was about file changes, but as more and more ports were opened its technology needed to tell the user more about additional users, administrator privileges and who opened files and where they were sent.
He said: “Security from a network activity and traffic perspective is necessary but not sufficient, but part of what is happening. The Verizon Data Breach Investigations Report shows that there is too much time between discovery and detecting early enough to do the detection.
“With vulnerability and application management, it is about basic hygiene. You take application and you want to know if it is good or bad. However there is so much to do that you want to automate the discovery and inform Tripwire Enterprise so you have got a way to tie it to the business. It is more about context and helping to make an informed choice.
Offering a total security model is what every vendor wants to do, and with one sensible branch done a few years ago, Tripwire has added to its offerings to provide solutions that the users want.