Tripwire straddles the IT and OT worlds applying different approaches to each of these customer groups
It’s no surprise that Tripwire, global provider of endpoint protection and response, security and compliance solutions, has smart cities firmly in its sights.
The company has gradually expanded its reach from IT security into OT (operational technology), notably in the North American energy markets in recent years. Its acquisition by industrial cyber security company Belden 18 months ago has further strengthened this industrial focus.
As far as a smart city context is concerned, president Gus Malezis said in an exclusive interview with SCW that the company’s primacy is in the control and distribution of energy.
Next on the hit list will be the physical controls of buildings. “When people make their doors and windows IP-controlled, you’ll see us there,” he says.
As parent company Belden is also involved in transportation security, such as rail and signalling, Malezis says due to the co-operative, influencing strategies between the two of them, Tripwire might well see automated transportation, particularly automated cars as part of its future offering.
Meanwhile, data transmission is a given. “Data is now ubiquitous and it is part of our plug in service,” says Malezis. “You’re going to see us protecting those assets as well. That’s our classical business, so you’re going to see customers very familiar with us on the IT side, the energy side both IT and OT and, inside buildings that is probably the progression.”
Tripwire straddles the IT and OT worlds and as a result applies very different approaches to each of these customer groups. Malezis talks about the deliberate and careful approach adopted by the company in its extension into the OT world.
“We understand that the OT world is completely different than the IT world,” he says. “You can’t reboot systems the way you can in the IT world.
“You can reboot your laptop, it’s not a big deal but you go to a manufacturing or an energy transmission plant or generation plant and you say “reboot that” and the foreman says, ‘I’ll bring down the grid, neighbourhood, the city. Are you sure you want me to that?”
“We’ve learnt to understand more about the operational realities of the OT world and the fact that you have to find other ways of protecting that infrastructure short of a simple convenient patch and reboot. And I think that is still a very different way of operating between those two dimensions.
Working in the OT space is much more of a partnership. Malezis explains. “This is more of a cooperative design/build implement service support model and this has been very, very fruitful for us.
“We now have partners who have invested in that space and we are co-operative with those vendors. So when we go to a customer, an energy company and they say, ‘are you engaged, are you synchronised, are you aligned with my vendor with Rockwell, with Emerson?’ We say ‘yes, we’ve got it covered. You will get serviced by them, you will buy our products through them, or they will serve our products in your environment. It really takes all the anxiety away from the plant manufacturer, the plant supervisor who says, OK good, you won’t bring my grid down.”
The company is due to ship AXON, its modular, multiservice, scalable, high-performance data collection platform launched in March imminently.
AXON allows customers to apply sensor technology to the assets that they require as and when. So if customers are in a steady state of operation they may need only deploy a certain sensor set. If, however, they are in a critical situation, they have the ability to activate more sensors for optimum data gathering.
“This technology enables you to install once, enable the base controls and as things get heated up – if you’re in the fog of war or if you’re in a virtual battle situation -- you can very easily enable more sensors,” says Malezis.
The system has been trialled by a number of beta customers in financial, retail and enterprise, all of whom have applied it throughout their infrastructure. It can also be implemented into industrial control systems (ICS).
Says Malezis: “It’s very skinny; it’s written in very tight optimised codes and, there again, because it’s modular, customers don’t have to take big, lumpy bloatware. You know a lot of the stuff today is bloatware – what customers consider big and heavy. You could even argue that our old technology was a little bit like that. It grew over time, customers didn’t want to get rid of the old, so it became a large code base. But AXON is modular, allowing customers to shrink it down to what they want. So we’re very excited, and the market is very excited about this technology.”
Tripwire delivers advanced threat, security and compliance solutions used by over 9,000 organisations across 91 countries. It patrols many of the largest, most sensitive networks in the world, including nine of the top 10 utilities in the US, eight out of the top 10 global retailers and seven of the top 10 global telecommunications firms as well as more than half of Fortune 500 companies.