Resources

Blog

How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls

Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign. The SolarWinds Supply Chain Attack In mid-December 2020, the security...
Blog

Digging Into the Third Zero-Day Chrome Flaw of 2021

Hidden deep in Google’s release notes for the new version of Chrome that shipped on March 1 is a fix for an “object lifecycle issue.” Or, for the less technically inclined, a major bug. Bugs like these have been common in Chrome, leading some to wonder whether the world’s most popular web browser is as safe as it could be? Google created Chrome as...
Blog

Managing Your Assets with Tripwire Enterprise

Asset management is a tricky subject. In many cases, organizations have no idea about how many assets they have, let alone where they are all located. Fortunately, there are tools that can assist with reaching your asset management goals. While Tripwire Enterprise (TE) is great for detecting unauthorized changes on your system and also for ensuring...
Blog

3 Best Practices for Building Secure Container Images

Organizations are increasingly turning to containers to fuel their digital transformations. According to BMC, a 2019 survey found that more than 87% of respondents were running containers—up from 55% just two years earlier. Additionally, 90% of survey participants that were running applications in containers were doing so in production. That was up...
Blog

Industrial IoT Needs to Catch Up to Consumer IoT

When it comes to cybersecurity, industrial IT—consisting mainly of operational technology (OT) and industrial control systems (ICS)—has failed to keep up with development in the enterprise IT world. That’s mostly because industries’ adoption of internet technology has been slower when compared with enterprises. It would take some time to close the...
Blog

Federal agencies given five days to find hacked Exchange servers

CISA, the US Department of Homeland Security's Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 12:00pm EDT on Monday April 5 to scan their networks for evidence of intrusion by malicious actors, and report back the results. CISA is ordering agencies with on-premises Microsoft Exchange servers to...
Blog

Report: USB threats to ICS systems have nearly doubled

The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period. Let’s face it. Critical infrastructure operators in manufacturing,...
Blog

Role of Encryption in GDPR Compliance

Encryption has been a hot topic of discussion during the implementation phase of most data privacy laws. In the age where organizations are dealing with large volumes of data each day, the protection of this sensitive data is critical. The data, which is seen as a business-critical asset for organizations, should be protected against malicious...
Blog

Survey: 99% of Security Pros Struggling to Secure Their IoT & IIoT Devices

Organizations are increasingly introducing new Internet of Things (IoT) devices into their environments. According to Statista, the aggregate number of IoT devices deployed by organizations globally increased from 7.74 billion in 2019 to around 8.74 billion a year later. The market and consumer data firm reported that the next few years will see...
Blog

Average ransomware payouts shoot up 171% to over $300,000

Organisations hit by ransomware attacks are finding themselves paying out more than ever before, according to a new report from Palo Alto Networks. The Unit 42 threat intelligence team at Palo Alto Networks teamed up with the incident response team at Crypsis to produce their latest threat report which looks at the latest trends in ransomware, and...
Blog

How Tripwire Does Configuration Management Differently

So many times, we hear companies say, “Our tools are just like Tripwire’s,” “We do configuration management just like Tripwire” and “We can push out policy just like Tripwire.” But as we say, this just ain’t necessarily so. You might be able to do configuration management using a “Tripwire-like” tool. You might configure it and use it set up a...
Blog

Ransomware on the Rise: How to Keep You & Your Company Safe

Due in large part to COVID-19 and the increased prevalence of remote work, ransomware attacks dominated 2020, and experts predict there will be at least twice as many cases of data theft in the new year. The U.S. Cybersecurity & Infrastructure Security Agency defines ransomware as “a type of malicious software, or malware, designed to deny access...
Blog

How Can the Trucking Industry Secure Their Telematics?

The trucking sector is essential to countless other industries. Without reliable transportation, supply chains would crumble, and companies and consumers would face shortages. With so much riding on it, it’s no wonder why the industry has fully embraced technology like telematics in recent years. Telematics refers to the suite of technologies...
Blog

6 Cloud Security Resources that You Should Be Using

It’s easy to get overwhelmed with the number of cloud security resources available. How do you know which sources to trust? Which ones should inform your security strategies? Which reports will actually improve your cloud security posture? Let’s first look at six cloud security guides that you should be using. These resources provide action items...
Blog

CISO Soup: Data Breaches, Strategy and Cybersecurity Culture

For the longest time, those of us who occupy the role of the CISO have fought for our seat at the 'big table.' Although it appears some of us are being invited into the C-suite, there is still a long way for us to go.This is highlighted in a 2021 report provided BT, which places "CISOs under the spotlight" and illuminates some interesting and...
Blog

To Patch or Not to Patch in OT – That Is the Real Challenge

The objective of an organization when implementing cybersecurity controls is to eliminate risk, but this oftentimes involves settling for managing risk at an acceptable level. Each organization defines what that acceptable level is depending on several factors including the environment, the criticality of function, the asset type, etc. There are...
Blog

4 Strategies to Mitigate Pass-the-Cookie Attacks

Another year, another new set of cybersecurity threats to overcome, outwit and mitigate against. At the beginning of 2021, the cybersecurity world was informed by CISA (the USA Cybersecurity and Infrastructure Security Agency) of a spate of attacks targeting cloud environment configurations, supposedly occurring as a result of the increase in remote...