
Product Video

AAA: Getting Roadside Assistance from Tripwire

Tim Masey, Director of Enterprise Information Security at AAA, shared his company’s PCI journey: beginning with a small implementation of Tripwire, then running into roadblocks by Management for the expansion of products, and eventually moving forward with the implementation of Tripwire’s policy driven dashboards, rules and tasks for over 500 servers.

What Is CPS 234 and Who Needs to Comply with It?

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new standard emerged as an offshoot to the Notifiable Data Breach ...

How Finance Companies Bank on Tripwire ExpertOps

Finance companies opt for managed services to stay compliant, bolster overburdened security teams, and get ongoing support in keeping their data safe from damaging breaches. The finance sector regularly finds itself on the front lines of emerging attack techniques; attackers commonly search for edge vulnerabilities and test new malware variations against financial systems. However, most breaches...

Tripwire State of Cyber Hygiene Report

Tripwire’s State of Cyber Hygiene report reveals the results of an extensive cybersecurity survey conducted in partnership with Dimensional Research. The survey examined if and how organizations are implementing security controls that the Center for Internet Security (CIS) refers to as "Cyber Hygiene." Real-world breaches and security incidents prove over and over again that many of the most...

Sustaining SOX Compliance Through Automation Using COBIT Framework

Achieving compliance with the Sarbanes-Oxley Act (SOX) can be a monumental effort. Maintaining those controls and audit reporting on an ongoing basis can be even more difficult. The SEC recommends automated controls for more efficient and effective compliance results. This white paper details the SOX requirements that are best addressed by automated controls using the COBIT framework in two core...

Threat Prevention is Foundational

How proper foundational controls help block today’s advanced threats

Five Critical Steps of a Complete Security Risk and Compliance Lifecycle

Maintaining security and compliance in today’s ever changing environment is a never ending task. To manage that task, the most successful companies adopt a systematic approach that promotes continuous improvement. Tripwire is a leading provider of enterprise-class foundational controls for security, compliance and IT operations. Tripwire worked with its most successful customers to understand...

Security and Compliance for Remote Federal Workers

In response to the coronavirus ("COVID-19") pandemic, the Office of Management and Budget (OMB) made an unprecedented call for agencies to maximize telework flexibilities, resulting in 78 percent of the federal workforce working remotely. This abrupt and wide-scale shift to a remote work environment required agency security teams to adjust with little to no planning, placed a tremendous strain on...

Security Configuration Management Buyer's Guide

Security configuration management (SCM) exists at the point where IT security and IT operations meet. It’s a core security control that combines elements of vulnerability assessment, automated remediation, and configuration assessment. The goal of SCM is to reduce security risks by ensuring that systems are properly configured — or hardened — to meet internal and/or regulatory security and...

Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism. ...

PCI DSS and the CIS Controls

Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...

Mind the Cybersecurity Gap: Why Compliance Isn't Enough

Every organization wants to be secure in the long term, but compliance might order them to focus on implementing certain safeguards within a short period. Given this situation, some organizations might elect to focus on compliance now and look at security later. This might involve designating budget for compliance before allocating additional funds for security at some point in the future. This...

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...

5 Critical Steps: Complete Security Risk and Compliance Lifecycle for Government

Maintaining security and compliance in today’s ever-changing environment is a never-ending task. To manage that task, the most successful government organizations adopt a systematic approach that promotes continuous improvement. Tripwire is a leading provider of enterprise-class foundational controls for federal security, compliance, and IT operations. We listened to our customers to understand...

Foundational Controls Buyer's Guide

As your organization grows, your technology landscape becomes increasingly more sophisticated and complex. You need foundational controls to keep your organization secure, compliant and available. Foundational controls have proven to deliver a highly effective and efficient level of defense against the majority of real world attacks and provide the necessary foundation for dealing with more...

Getting Up to Speed on GDPR

Search online for the phrase “data is the new oil” and you’ll see it’s used by (and attributed to) many people. Data is a precious and highly valuable commodity. Data is the fuel pumping through today’s digital business, powering communications and commerce. Organizations the world over are mining data to turn raw information into real insight—to drive sales and grow their business. ...

Governance, Risk, and Compliance

Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?

FISMA SI-7 Buyer's Guide

The FISMA SI-7 Buyer’s Guide focuses on one of the most difficult security controls agencies must adhere to: NIST 800-53 SI-7. Learn what solutions to look for.