Case Study
Security and Compliance in Federal Agencies: 3 Tripwire Use Cases
Use Cases
Ensuring compliance and minimizing
Automating manual tasks and enhancing breach detection
Monitoring critical assets in the public cloud
Tripwire understands the security demands faced by federal government agencies. Security decision makers at these agencies aren’t only tasked with securing operations in a complex threat landscape—they also have to prove regulatory...
Case Study
Tripwire and Astro Making Best Practices a Daily Show
Assessing and managing vulnerabilities is a core cybersecurity practice, but it can put a heavy strain on IT security and operations teams. In many cases, introducing vulnerability management as a service is what’s necessary to overcome the challenge of accumulating vulnerabilities across complex IT environments—especially when time and resources are limited.
This was the case for one mid-size U...
Product Video
Tripwire Foundational Controls: Essential Cybersecurity for the Modern Enterprise
Mon, 08/15/2022
In an increasingly sophisticated technology landscape, foundational controls keep you secure and compliant. Watch the video to see how Tripwire provides deep visibility and control across IT and OT environments.
...
Product Video
Watch a Demo of Tripwire Enterprise
Mon, 08/15/2022
Compliance frameworks are notoriously dense and complex, making them difficult to put into action. Compliance is also time-consuming—especially if you’re still attempting manual configuration of your systems, applications, databases and cloud assets. Manual configuration is error-prone and immediately out of date the moment an assessment ends. And a lack of compliance can result in failing audits,...
Guide
Navigating Industrial Cybersecurity: A Field Guide
Nearly every aspect of modern life depends on industrial control systems (ICS) operating as expected. As ICS devices become increasingly connected, they also become increasingly vulnerable. By and large, commercial and critical infrastructure industrial orgs are underprepared for the digital convergence of their IT and OT environments. ICS operators need to get a robust cybersecurity program in...
Blog
PCI 4.0: The wider meanings of the new Standard
By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data.
In our series about how the new standard differs...
Blog
What you need to know about PCI 4.0: Requirements 10, 11 and 12
By David Bruce on Wed, 06/29/2022
As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function...
Blog
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
By David Bruce on Wed, 06/22/2022
In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update.
Requirements 5 through 9 are organized under two categories:
Maintain a Vulnerability...
Blog
What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.
By David Bruce on Tue, 06/14/2022
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems...
Blog
Bridging the IT/OT gap with Tripwire’s Industrial Solutions
By Zane Blomgren on Tue, 06/07/2022
Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were...
Blog
ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety
By Tripwire Guest Authors on Mon, 05/30/2022
The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system.
Health professionals should not take this issue lightly, as...
Blog
CIS Control 18 Penetration Testing
By Matthew Jerzewski on Wed, 05/11/2022
Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has increased...
Blog
PCI DSS 4.0 and ISO 27001 – the dynamic duo
By Tripwire Guest Authors on Wed, 04/27/2022
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks.
We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed...
Blog
CIS Control 17: Incident Response Management
By Tyler Reguly on Wed, 04/27/2022
We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeeded in...
Blog
PCI DSS 4.0 is Here: What you Need to Consider
By David Bruce on Tue, 04/26/2022
The Payment Card Industry Data Security Standard (PCI DSS) is a benchmark with tenure in the industry, with the first version being introduced in 2004. The PCI DSS was unique when it was introduced because of its prescriptive nature and its focus on protecting cardholder data. Cybersecurity is a changing landscape, and prescriptive standards must be...
Blog
CIS Control 16 Application Software Security
By Matthew Jerzewski on Wed, 04/20/2022
The way in which we interact with applications has changed dramatically over years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against...
Blog
US Government warns of new malware attacks on ICS/SCADA systems
By Graham Cluley on Thu, 04/14/2022
Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure.
In a joint cybersecurity advisory issued by the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA...
Blog
What Is the Role of Incident Response in ICS Security?
By Tripwire Guest Authors on Wed, 04/06/2022
In recent years, cyber espionage has been growing in magnitude and complexity. One of the most common targets is Industrial Control Systems (ICS) within critical infrastructure sectors. With many organizations relying more heavily on ICS networks, there has been an increase in threats and cyberattacks aimed at these systems. Not only do these...
Blog
What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?
By Joe Pettit on Tue, 03/01/2022
Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities...