Case Study
Security and Compliance in Federal Agencies: 3 Tripwire Use Cases
Use Cases
Ensuring compliance and minimizing
Automating manual tasks and enhancing breach detection
Monitoring critical assets in the public cloud
Tripwire understands the security demands faced by federal government agencies. Security decision makers at these agencies aren’t only tasked with securing operations in a complex threat landscape—they also have to prove regulatory...
Case Study
Tripwire and Astro Making Best Practices a Daily Show
Assessing and managing vulnerabilities is a core cybersecurity practice, but it can put a heavy strain on IT security and operations teams. In many cases, introducing vulnerability management as a service is what’s necessary to overcome the challenge of accumulating vulnerabilities across complex IT environments—especially when time and resources are limited.
This was the case for one mid-size U...
Product Video
Tripwire Foundational Controls: Essential Cybersecurity for the Modern Enterprise
Mon, 08/15/2022
In an increasingly sophisticated technology landscape, foundational controls keep you secure and compliant. Watch the video to see how Tripwire provides deep visibility and control across IT and OT environments.
...
Product Video
Watch a Demo of Tripwire Enterprise
Mon, 08/15/2022
Compliance frameworks are notoriously dense and complex, making them difficult to put into action. Compliance is also time-consuming—especially if you’re still attempting manual configuration of your systems, applications, databases and cloud assets. Manual configuration is error-prone and immediately out of date the moment an assessment ends. And a lack of compliance can result in failing audits,...
Blog
VERT Threat Alert: August 2022 Patch Tuesday Analysis
By Tyler Reguly on Tue, 08/09/2022
Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th.
In-The-Wild & Disclosed CVEs
CVE-2022-34713
According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022
By Andrew Swoboda on Mon, 08/08/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 1st, 2022. I’ve also included some comments on these stories.
Windows 11 Smart App Control blocks files used to...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022
By Andrew Swoboda on Mon, 08/01/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of July 25, 2022. I’ve also included some comments on these stories.
SonicWall fixed critical SQLi in Analytics and GMS...
Guide
Navigating Industrial Cybersecurity: A Field Guide
Nearly every aspect of modern life depends on industrial control systems (ICS) operating as expected. As ICS devices become increasingly connected, they also become increasingly vulnerable. By and large, commercial and critical infrastructure industrial orgs are underprepared for the digital convergence of their IT and OT environments. ICS operators need to get a robust cybersecurity program in...
Blog
VERT Threat Alert: July 2022 Patch Tuesday Analysis
By Tyler Reguly on Tue, 07/12/2022
Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th.
In-The-Wild & Disclosed CVEs
CVE-2022-22047
Microsoft is reporting this month that a single vulnerability in the Windows Client/Server Runtime...
Blog
PCI 4.0: The wider meanings of the new Standard
By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data.
In our series about how the new standard differs...
Blog
What you need to know about PCI 4.0: Requirements 10, 11 and 12
By David Bruce on Wed, 06/29/2022
As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022
By Andrew Swoboda on Mon, 06/27/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories.
Over a Dozen Flaws Found in Siemens' Industrial Network...
Blog
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
By David Bruce on Wed, 06/22/2022
In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update.
Requirements 5 through 9 are organized under two categories:
Maintain a Vulnerability...
Blog
VERT Threat Alert: June 2022 Patch Tuesday Analysis
By Tyler Reguly on Tue, 06/14/2022
Today’s VERT Alert addresses Microsoft’s June 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1007 on Wednesday, June 15th.
In-The-Wild & Disclosed CVEs
None of the vulnerabilities patched this month have been exploited in-the-wild or publicly disclosed according to Microsoft. However,...
Blog
What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.
By David Bruce on Tue, 06/14/2022
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 06, 2022
By Andrew Swoboda on Mon, 06/13/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 06, 2022. I’ve also included some comments on these stories.
Another nation-state actor exploits Microsoft Follina to...
Blog
Bridging the IT/OT gap with Tripwire’s Industrial Solutions
By Zane Blomgren on Tue, 06/07/2022
Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of May 30, 2022
By Andrew Swoboda on Mon, 06/06/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of May 30, 2022. I’ve also included some comments on these stories.
Vendor Refuses to Remove Backdoor Account That Can...
Blog
ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety
By Tripwire Guest Authors on Mon, 05/30/2022
The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system.
Health professionals should not take this issue lightly, as...