ISSSource White Papers

Posts Tagged ‘nCircle’

Monday, March 11, 2013 @ 09:03 PM gHale

Portland, OR-based network security company Tripwire will buy San Francisco-based security firm, nCircle.

Tripwire and nCircle, at some points are competitors, but in most other cases sell complementary products to a similar customer base, said Tripwire chief executive Jim Johnson.

Insider Fraud a Big Security Challenge
DDoS Attacks Steady; Others on Rise
Survey: Banks Suffer DDoS Attacks
Users a Top Security Threat

Tripwire tends to focus on critical systems such as financial transactions, Johnson said, which require relatively expensive, labor-intensive security. By comparison, nCircle’s tools are less demanding — but essential in giving a company an overall sense of its risk profile.

“A lot of our customers buy both our products,” said Johnson, a former Intel vice president who took the top job at Tripwire in 2004. “We had a number of requests about bringing them together.”

The companies did not report terms of their deal.

Tripwire had about 325 employees prior to the deal. The company has not disclosed 2012 revenues, but Johnson said they were north of $100 million. The combined company will have more than 500 employees, according to Tripwire, and had bookings last year of about $140 million.

Tripwire describes itself as “highly profitable.” In 2010, Tripwire’s last full year prior to its sale, the company had net income of $4 million on revenue of $86.2 million.

Combined with nCircle, Tripwire said it would have ranked among the largest companies in its field last year, alongside divisions of IBM, EMC, Symantec and McAfee.

Tripwire said it will integrate nCircle’s operations into its own, and market nCircle’s technology under the Tripwire brand. Johnson said he expects the combined company to grow, but he said some duplicate jobs will likely go away following the deal.

Founded in 1997, Tripwire sold its business in 2011 to a private equity firm called Thoma Bravo after failing to reach the growth rate it had sought for an initial public offering.

Thoma Bravo helped finance today’s deal, Johnson said, along with cash from Tripwire’s own earnings and bank loans. Debt is part of Tripwire’s growth plan, he said, but “We’re not anywhere near our limits.”

Tripwire has spent the two years since its sale readying itself for growth, Johnson said, investing in internal financial systems, technical capabilities and other business functions. Plans call for the nCircle deal to kick off a series of acquisitions.

“We’ve already got a list of candidates for the next one,” he said. “First, we’ve got to make this one successful.”

It could take close to a year to fully integrate nCircle, but Johnson said Tripwire could be ready to move sooner than that on another deal if the right opportunity arises.

Wednesday, April 11, 2012 @ 02:04 PM gHale

The current generation of smart meters is not secure enough against false data injection attacks, a new study said.

A survey of 104 energy security professionals found they do not feel there is sufficient security in smart meters, according to a survey sponsored by nCircle and EnergySec, a Department of Energy (DoE)-funded public-private partnership that works to enhance the cyber security of the electric infrastructure. The online survey occurred between March 12 and March 31.

Feds: Grid Security Needs a Boost
Execs Unaware of Security Risks
Security to Industry: Time to Wake Up
Study: Integrated Need for Security

When asked if smart meter installations have sufficient security controls to protect against false data injection? 61 percent said no.

Power grids connect electricity producers to consumers through interconnected transmission and distribution networks. In these networks, system monitoring is necessary to ensure reliable power grid operation.

The analysis of smart meter measurements and power system models that estimate the state of the power grid are a routine part of system monitoring. False data injection attacks exploit the configuration of power grids by introducing arbitrary errors into state variables while bypassing existing techniques for bad measurement detection.

“Smart meters vary widely in capability and many older meters were not designed to adequately protect against false data injection,” said Patrick Miller, the founder, chief executive and president of EnergySec. “It doesn’t help that some communication protocols used by the smart meter infrastructure don’t offer much protection against false data injection either. Together, these facts highlight a much larger potential problem with data integrity across the smart grid infrastructure. Because our nation relies on the smart grid to deliver robust and reliable power, we need to make sure that all systems that process usage data, especially those that make autonomous, self-correcting, self-healing decisions, assure data integrity.”

“A false data injection attack is an example of technology advancing faster than security controls,” said Elizabeth Ireland, vice president of marketing for nCircle. “This is a problem that has been endemic in the evolution of security and it’s a key reason for the significant cyber security risks we face across many facets of critical infrastructure. Installing technology without sufficient security controls presents serious risks to our power infrastructure and to every power user in the U.S.”

Monday, January 16, 2012 @ 10:01 AM gHale

It is not surprising because of short staffing, but when it comes to planning for the worst, small businesses don’t even come close to being able to tackle a serious dilemma.

Nearly 90 percent of small and mid-size businesses have inadequate or outdated disaster recovery plans, according to a study from automated security and compliance auditing solutions firm nCircle.

Small Businesses Don’t Fear Threats
Targeted Attacks on Rise
Malware Alert: Android up 472%
Busted: Ghost Click Nets Six

On the positive side, the survey shows 51 percent of small and mid-size businesses have a disaster recovery plan, but the problem is they are not even sure if it is current. Of those surveyed, 13 percent said they didn’t have a plan at all.

Nearly 40 percent of businesses that did report having a plan said it went no further than backing up data.

“The number of small businesses that have no written security or disaster recovery plan is a significant concern,” said Elizabeth Ireland, vice president of marketing for nCircle. “It seems counterintuitive, but even though smaller businesses have fewer resources, they need to pay more attention to security rather than less.”

The study also shows that a lack of proper security policies is leaving many companies vulnerable to a potential disaster.

Nearly 20 percent of the surveyed businesses lack a security policy and simply expect employees to use good computer judgment; 26 percent have a security policy they don’t enforce.

“Security needs to be more than a written document that you file and forget,” Ireland said. “It should be a crucial safeguard that’s integrated into every aspect of your business.”

Researchers surveyed 145 professionals responsible for IT security in small to mid-size businesses.

Archived Entries