Resources
Guide

Industrial Cybersecurity is Essential

Don’t believe there are real cyberthreats to your operations network and control systems? Data shows otherwise. Better foundational industrial cybersecurity practices can help prevent disruption to your operations and financial risk to your bottom line. ...
Cybersecurity
Industrial Control Systems
Guide

FISMA SI-7 Buyer's Guide

The FISMA SI-7 Buyer’s Guide focuses on one of the most difficult security controls agencies must adhere to: NIST 800-53 SI-7. Learn what solutions to look for.
Compliance
FISMA
Guide

The Executive's Guide to the CIS Controls

See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors. This publication was designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture. In this guide, we will cover a wide range of topics...
Compliance
CIS Controls
Security Configuration Management
Datasheet

Implementing FISMA SI-7

To enhance your Federal Information Security Management Act (FISMA) compliance grade, you must implement one of the most challenging controls in NIST SP 800-53: the Controls, Family: System Information & Integrity (SI) 7 requirement. SI-7 states that organizations must employ automated and centrally managed integrity verification tools to detect unauthorized change. This level of visibility can be...
Compliance
FISMA
Datasheet

Tripwire Enterprise and Cisco AMP Threat Grid

Overview There is mounting concern at the senior executive and board level regarding cybersecurity, driven by highly visible advanced targeted attacks. These attacks threaten precious IP, valuable customer information, company valuation and trade secrets. To truly protect valuable resources, organizations have to accept the nature of modern networked environments and devices, and start defending...
Compliance
CIS Controls
Datasheet

Meeting FISMA SI-7 with Tripwire Integrity Monitoring

To enhance your Federal Information Security Management Act (FISMA) compliance grade, you must implement one of the most challenging controls in NIST SP 800-53: the Controls, Family: System Information & Integrity (SI) 7 requirement. SI-7 states that organizations must employ automated and centrally managed integrity verification tools to detect unauthorized change. This level of visibility can be...
Compliance
FISMA
File Integrity & Change Monitoring
Datasheet

The CIS Controls and Tripwire Solutions

Many organizations face the challenging threat environment by strategically choosing a security controls framework as a reference for initiating, implementing, measuring, and evaluating their security posture, as well as managing risk. While many frameworks are available, one of the most notable and commonly used is the Center for Internet Security’s CIS Controls. This well known framework has...
Compliance
CIS Controls
Datasheet

MITRE ATT&CK Matrix with CIS Controls and Tripwire Mapping

It’s not enough to cast a wide cybersecurity net and hope you catch the adversaries trying to compromise your data. Instead, you need to narrow your focus to make your efforts truly impactful. But which of the countless potential cybersecurity attacks out there should you choose to prioritize? MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework and the Center for...
Compliance
CIS Controls
Datasheet

Automating FISMA Compliance with Tripwire Security Configuration Management

FISMA requires federal agencies, and by extension, the foundations, educational institutions, organizations that receive federal funds as well as the contractors that do business with them, to develop, document, and implement information security programs to protect the confidentiality, integrity and availability of the data and systems that support government operations and assets. In meeting...
Compliance
FISMA
Navigating Industrial Cybersecurity Thumb
Guide

Navigating Industrial Cybersecurity: A Field Guide

Nearly every aspect of modern life depends on industrial control systems (ICS) operating as expected. As ICS devices become increasingly connected, they also become increasingly vulnerable. By and large, commercial and critical infrastructure industrial orgs are underprepared for the digital convergence of their IT and OT environments. ICS operators need to get a robust cybersecurity program in...
Cybersecurity
Industrial Control Systems
CIS Controls v8
Blog

CIS Control 18 Penetration Testing

By Matthew Jerzewski on Wed, 05/11/2022
Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has increased...
Compliance
CIS Controls
CIS Controls v8
Blog

CIS Control 17: Incident Response Management

By Tyler Reguly on Wed, 04/27/2022
We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeeded in...
Compliance
CIS Controls
Incident Detection & Investigation
CIS Controls v8
Blog

CIS Control 16 Application Software Security

By Matthew Jerzewski on Wed, 04/20/2022
The way in which we interact with applications has changed dramatically over years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against...
Compliance
CIS Controls
What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?
Blog

What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?

By Joe Pettit on Tue, 03/01/2022
Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities...
Cybersecurity
Cloud Security
Industrial Control Systems
CIS Controls v8
Blog

CIS Control 15: Service Provider Management

By Matthew Jerzewski on Wed, 02/23/2022
Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important. Key Takeaways from Control 15 Identify your business needs and create...
Compliance
CIS Controls
How to Fulfill Multiple Compliance Objectives Using the CIS Controls
Blog

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

By David Bisson on Tue, 01/18/2022
Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with the evolution of...
Compliance
CIS Controls
CIS Controls v8
Blog

CIS Control 14: Security Awareness and Skill Training

By Andrew Swoboda on Wed, 12/08/2021
Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to unintentionally provide access...
Compliance
CIS Controls
CIS Controls v8
Blog

CIS Control 13: Network Monitoring and Defense

By Lane Thames on Wed, 12/01/2021
Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises should understand that...
Compliance
CIS Controls
CIS Controls v8
Blog

CIS Control 12: Network Infrastructure Management

By Lane Thames on Wed, 11/24/2021
Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are...
Compliance
CIS Controls
CIS Controls v8
Blog

CIS Control 11: Data Recovery

Wed, 11/03/2021
Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to recover data. Key...
Compliance
CIS Controls