Have you ever stood in the airport security line when the agents bring the dog out to inspect everyone’s luggage? I’m always so fascinated watching the dog go down the line and do her work. Wow she’s so smart! How does she know what to look for? My own dog has talents of her own, but she would not get hired for this job. She has a good functioning nose, but she’s not trained to detect these things and wouldn’t be able to tell me when she finds something troublesome.

That difference is kind of how I see the difference between a security solution that is backed by good content and one that is not. A dog’s nose has up to 300 million olfactory sensors (a lot), but it needs a reference for differentiating illegal substances from the allowable travel essentials.

To explain more on what that means from a security solution standpoint, I sat down with principal security researcher Travis Smith, who heads up a lot of the content development at Tripwire. Here’s our discussion:

Ray Lapena: What does “content” mean in the context of our tools?

Travis Smith: Content for Tripwire Enterprise is really the data leveraged by Tripwire Enterprise that customers can use. So, content comes in the form of either policies – things like PCI or hardening like CIS – or in the form of something like policy rules which feed in to allow us to actually score these policy tests. But we also have our change detection rules that are monitoring for change on the endpoint.

RL: So, why is content an important aspect to consider when looking at a security solution? How do you differentiate what a solution’s functionalities are versus the content and how do those things work together?

TS (Read more...)