Tripwire: an incomplete solution for PCI?

Tripwire announced today that AirTran uses them for PCI. Here is a link to the article AirTran Airways Selects Tripwire Enterprise for Continuous Data Center Compliance The press release title is just marketing fluff, if you jump into the article it says the bought it for PCI. It is also interesting that ArcSight announced AirTran as a customer for PCI also which is using their system. Why would a customer buy both if Tripwire met all the requirements?

Solidcore’s PCI customers like Convergys, don’t need to use anything else across network, databases and servers for the PCI requirements.

Add comment October 2nd, 2007

Rumor: Tripwire for sale?

The word on the street says that Tripwire has been talking to potential suitors again. One set of negotiations were really close to a deal, or atleast offers were made, but the numbers were too far apart and talks stalled.
I was talking to an M&A professional recently and they said everyone wants their deal priced on the Opsware/HP multiples and valuations and that is just not realistics for most market segments, as they are not hyper-growth segments.

Then I read a press release from Tripwire today which has them re-positioning themselves or what seems like a re-position to “Continuous Data Center Compliance” … and it makes you wonder whether it is an effort to reposition into the Data Center space from the compliance space.

Add comment October 2nd, 2007

Bring it on Tripwire

Here is SVP of Marketing at Tripwire’s response to the Solidcore Blog ( Our response: let the technology speak for itself … the customers will decide. Marketing folks can call even batch processing real time huh?!
From: DJS
Sent: Friday, September 21, 2007 9:52 PM
To: Erin Swanson
Subject: Our realtime

Nice blog Erin… Just want to inform you that Tripwire has complete real time support. Feel free to keep saying that we don’t as it gives us a great opportunity to discredit you when you try to compete.

DJ Schoenbaum
Tripwire, inc.

Sent via BlackBerry from T-Mobile

Add comment September 24th, 2007

Tripwire versus Solidcore: Turning the Tables

We at Solidcore are engaged in a market share battle with Tripwire. Tripwire is about 10 years old, their biggest asset is that they are bigger, have a more widely known brand name than us. Their weakness is that their technology is the same at it was 10 years ago.

We (Solidcore) are smaller, younger and have state of the art technology. Our biggest challenge is how to get our brand name out so that we are invited to all the deals where Tripwire is being considered. Once we are in we tend to win 80% of the deals we compete in.

This is a classic battle studied in almost every MBA class: David versus Goliath.

One of the reasons we won deals against Tripwire was that they are not real-time. They have a scan and diff approach, while Solidcore is real time. Recently tripwire began telling customers that they have a real time version of the product. It works on only two versions of windows and no versions of Unix. This was a big victory for us as basically the market has spoken that real-time tracking of change is a critical requirement for PCI, SOX and ITIL deals and Tripwire was forced to accept it come on to the Solidcore turf, where they are newbie’s with little experience.

Add comment September 22nd, 2007

DIP by Seth Godin

Maybe once you are a famous writer like Seth Godin you can get away with almost anything. I read this book and was completely lost. Out of respect for Seth, I read it again and made some progress. My interest was sparked because it looks just like the picture that Amnon drew (

There are some golden nuggets in the book which get lost in the narrative. The one which I  agree with is that well rounded is not the way to being the best. I come from India where there is a large middle class … I think of it more like a frozen layered cake. If you are well rounded it will take you a long time to reach the top if you ever break though. However if you are laser focused for the first few years of your life you can cut through the cake and once on the top can open the umbrella and become as widespread and well rounded as you want. First you got to win at something and be the best at it.

Add comment June 21st, 2007

AIM Market (London)

I recently attended a talk today about AIM, from a CEO who had gone through the process of listing there. It was very educational, here are some of the insights:

 Basic Understanding

  • To list on AIM you need to hire a banker in the UK
  • The banker calls fund managers to sell your stock to them
  • only funds, not inidividuals can buy or sell stock on AIM
  • there is no “exchange” to match buyer to seller, if a fund wants to sell the stock in your company they contact your banker who has to find another buyer
  • Thus once you are listed you have to retain a banker permanently (yearly fee)


  • Bankers dont underwrite the offering, the cost of the roadshow etc is borne by the company without guarantee of listing (can be close to 1M)
  • You can list without any revenue, but need to give clear guidance of milestones and then stick to them
  • The CEO/Management team has to constantly sell to fund managers as it is incumbent on the company thru the banker to find a new buyer if existing shareholder wants to sell (or the share price can drop)
  • US fund managers can’t buy or sell funds on the AIM market
  • Funds which buy your stock dont have any representation on the board

It is an interesting vehicle to raise money for a private company, but it has its own nuances.

Add comment June 9th, 2007

If they complain, build it.

I was attending a talk by Amnon Landan, who joined Mercury in 1989 and was CEO from 1997-2005. One of the things he talked about was how to decide whether a product idea was worth pursuing or not. ask.gif

He made the picture above. When you build a new product, the first 10 customers or so like the idea of the product and the vision and buy it. Then come the implementations where rubber meets the road. The vision meets reality. The product always falls short. It has gaps, doesn;t work in all the cases etc. And usually the euphoria that came with the first 10 customers leads to stress and strain in the organization.

Someone in the audience asked, should you ditch the product at this stage or keep going with it. Amnon said the more the customer complain, the more you should build the product. Almost always the same customers will become your biggest champions once you have delivered.

1 comment April 10th, 2007

From Bangalore: Married But Available

I found myself sitting next to a young chap on my flight back to San Fransisco. He was from Bangalore and was in the US for a couple of weeks of work. It turns out he needed a ride to San Jose and I offered to drop him off on my way home to Los Gatos.

We were having a polite talk about benefits and salary offered in India. When this person asks me out of the blue: Do you know what an MBA is? I replied, “what do you mean”. He replied, “Married but Available”.

I was somewhat taken aback. But asked him what the context was. He said well it was so much easier to go out with girls in Bangalore than it was in the US. And he went on and on. Now I am not sure if he was trying to impress me (would wonder why?) or this is just how it is. There is a large single population in Bangalore, which live away from home by themselves, have a lot of disposable income.

What do you think?

Add comment February 26th, 2007

Rumor: EMC to buy Bladelogic

That is the word on the street. Given EMC’s foray into buying management tool vendors, would it make sense for them to buy a provisioning system?

3 comments February 16th, 2007

Tripwire copies Solidcore Messaging?

This week tripwire announced their release 6.0 and they have adopted (blatantly copied) the Solidcore message of Visibility, Accountability and Control. Why would they do that?

  • is the market adopting this message?
  • is it really what the customers need?

It is also interesting to see how they are positioning their product capabilities:
1. Solidcore: Real Time Change tracking
Tripwire: Continuous Scanning with Real Time Alerting

2. Solidcore: Pro-active Enforcement
Tripwire: Detection & Rollback (using 3rd party tools)

Ofcourse my views are biased. Should I feel happy that is recognition of thought leadership from Solidcore or feel enraged? What do you think?

2 comments February 13th, 2007

Previous Posts