Resources

Blog

CIS Control 04: Secure Configuration of Enterprise Assets and Software

Key Takeaways for Control 4 Most fresh installs of operating systems or applications come with pre-configured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any...
Blog

Understanding the Benefits of Managed Cyber Services

As part of our upcoming attendance at the International Cyber Expo & International Security Expo, we were lucky enough to sponsor The Cyber Security Webinar Series with Nineteen Group and Grey Hare Media. Both Philip Ingram MBE and Emanuel Ghebreyesus, strategic account director for Tripwire, spoke about several topics including: The increasing...
Blog

VERT Threat Alert: September 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-964 on Wednesday, September 15th. In-The-Wild & Disclosed CVEs CVE-2021-40444 This CVE describes a publicly exploited vulnerability in MSHTML that provides user level access upon...
Blog

Clearing Up Elements of Cloud Security

In this episode, Tripwire's Brent Holder and Raymond Kirk discuss what cloud security means today. Breaking down the different aspects of cloud security controls, they cover the technology, security implications and risks with cloud use. https://open.spotify.com/episode/4yvvrk2lWICFAN4DpLtCHS Spotify: https://open.spotify.com/show...
Blog

Where Should We Draw the Cyber Blue Line?

What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate? The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable...
Blog

My "Cybercrime" Isn’t Your "Cybercrime"

Talk to cybersecurity experts about cybercrime on their network, and they will mention malicious activity like scans, attacks, events, and incidents. Probably at some point, they will slip into geek-speak with a vast array of confusing acronyms and jargon while explaining tactics and techniques by referencing infamous attacks, Internal protocols,...
Blog

CIS Control 03: Data Protection

For many years, there was a wide misunderstanding that encrypting some data is equivalent to protecting that data. If it’s encrypted, so the thinking goes, nobody else could access it, and it is therefore safe. While it is critical to encrypt data at rest as well as in transit, the job of protecting data goes much deeper. Encryption can mitigate...
Blog

IoT Devices Built to Meet Cybersecurity Needs

The Internet of Things (IoT) includes items such as smart appliances, smartwatches, and medical sensors. For organizations to enjoy all of the benefits and convenience of IoT devices, enterprise customers must fully understand the potential risks and threats to their systems and the underlying data. IoT devices often lack built-in security controls...
Blog

Identity and Access Management – Who You Are & Where You Need to Be

Remember your first day on the job? You might groan just thinking about it, or maybe you are filled with the optimistic nostalgia of all the great things you set out to accomplish. It’s all a matter of your current perspective. One of the greatest apprehensions about that first day is meeting all of your new colleagues. Someone probably gave you...
Blog

5 Ways to Navigate the Threat Landscape Conveyed in Verizon’s DBIR 2021

On May 13, Verizon released its Data Breach Investigations Report (DBIR) 2021. This annual publication serves many purposes. It yields context into what security analysts are seeing, for instance. But it also affects organizations’ security postures at an even higher level. Here’s Anthony Israel-Davis, research and development manager at Tripwire,...
Blog

FBI and CISA warn that cybercriminals don't take holidays

The FBI and CISA (the Cybersecurity and Infrastructure Security Agency) have jointly issued an advisory to organisations, warning about an increase in the number of attacks coinciding with weekends and holidays. With the Labor Day weekend rapidly approaching, the agencies have reminded businesses to be especially vigilant, remain diligent about...
Blog

Tripwire Patch Priority Index for August 2021

Tripwire's August 2021 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft. First on the patch priority list this month are patches for Microsoft Exchange Server (CVE-2021-34523, CVE-2021-34473, and CVE-2021-31207). These vulnerabilities have seen active exploitation. Also, exploits for these vulnerabilities have...
Blog

Factors You Should Consider for an Optimal Hybrid Cloud Strategy

Cloud technology is a powerful tool with unmeasurable potential. Across the globe, companies are harnessing the cloud to propel their business solutions. However, there are always some companies that cannot entirely shift their solutions to the cloud. Thanks to the hybrid cloud model, companies house some of their solutions on their on-premises...
Blog

CIS Control 02: Inventory and Control of Software Assets

Today, I will be going over CIS Control 2 from version 8 of the top 18 CIS Controls – Inventory and Control of Software Assets. Version 7 of CIS Controls had 10 requirements, but in version 8, it's simplified down to seven safeguards. I will go over those safeguards and offer my thoughts on what I’ve found. Key Takeaways for Control 2 ...
Blog

Overcome the Security and Compliance Challenges in DevSecOps

Organizations are under tremendous pressure to deliver innovative products and stick to tight release timelines. To keep up with the rapid release schedule, engineering teams are adopting the DevOps model for its increased efficiency and agility. It has changed the way that development teams think. As a result, continuously improving performance and...
Blog

FBI warns of OnePercent ransomware gang – what you need to know

What's happened? The FBI has published a warning about a ransomware gang called the OnePercent Group, which has been attacking U.S. companies since November 2020. How are companies being attacked by the OnePercent gang? The gang emails targeted individuals inside an organization using social engineering tricks to dupe the unwary into opening a...
Blog

CIS Control 01: Inventory and Control of Enterprise Assets

Since 2008, the CIS Controls have been through many iterations of refinement and improvement, leading up to what we are presented with today in CIS Controls version 8. CIS Controls reflect the combined knowledge of experts from every part of the ecosystem (companies, governments, and individuals). The controls reflect consideration by people in many...