Product Video
Watch a Demo of Tripwire Enterprise
Mon, 08/15/2022
Compliance frameworks are notoriously dense and complex, making them difficult to put into action. Compliance is also time-consuming—especially if you’re still attempting manual configuration of your systems, applications, databases and cloud assets. Manual configuration is error-prone and immediately out of date the moment an assessment ends. And a lack of compliance can result in failing audits,...
Guide
Navigating Industrial Cybersecurity: A Field Guide
Nearly every aspect of modern life depends on industrial control systems (ICS) operating as expected. As ICS devices become increasingly connected, they also become increasingly vulnerable. By and large, commercial and critical infrastructure industrial orgs are underprepared for the digital convergence of their IT and OT environments. ICS operators need to get a robust cybersecurity program in...
Blog
Bridging the IT/OT gap with Tripwire’s Industrial Solutions
By Zane Blomgren on Tue, 06/07/2022
Cybersecurity has, since its inception, been a corporate-based problem. Whether it is a public, or private corporation, these entities were the primary targets of most cybercrime. In recent years, the industrial sector has increasingly become the target of attack for malicious actors. The reasons include newly internet-connected devices that were...
Blog
ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety
By Tripwire Guest Authors on Mon, 05/30/2022
The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system.
Health professionals should not take this issue lightly, as...
Blog
CIS Control 18 Penetration Testing
By Matthew Jerzewski on Wed, 05/11/2022
Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has increased...
Blog
CIS Control 17: Incident Response Management
By Tyler Reguly on Wed, 04/27/2022
We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeeded in...
Blog
CIS Control 16 Application Software Security
By Matthew Jerzewski on Wed, 04/20/2022
The way in which we interact with applications has changed dramatically over years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against...
Blog
US Government warns of new malware attacks on ICS/SCADA systems
By Graham Cluley on Thu, 04/14/2022
Agencies of the US Government have issued a joint warning that hackers have revealed their capability to gain full system access to industrial control systems that might help enemy states sabotage critical infrastructure.
In a joint cybersecurity advisory issued by the Department of Energy, the Cybersecurity and Infrastructure Security Agency (CISA...
Blog
What Is the Role of Incident Response in ICS Security?
By Tripwire Guest Authors on Wed, 04/06/2022
In recent years, cyber espionage has been growing in magnitude and complexity. One of the most common targets is Industrial Control Systems (ICS) within critical infrastructure sectors. With many organizations relying more heavily on ICS networks, there has been an increase in threats and cyberattacks aimed at these systems. Not only do these...
Blog
What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?
By Joe Pettit on Tue, 03/01/2022
Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities...
Blog
CIS Control 15: Service Provider Management
By Matthew Jerzewski on Wed, 02/23/2022
Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important.
Key Takeaways from Control 15
Identify your business needs and create...
Blog
ICS Security: What It Is and Why It's a Challenge for Organizations
By David Bisson on Wed, 01/26/2022
Industrial control systems (ICS) are specific kinds of assets and associated instrumentation that help to oversee industrial processes. According to the National Institute of Standards and Technology, there are three common types of ICS. These are supervisory control and data acquisition (SCADA) systems, which help organizations to control dispersed...
Blog
How to Fulfill Multiple Compliance Objectives Using the CIS Controls
By David Bisson on Tue, 01/18/2022
Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with the evolution of...
Blog
Revisiting the Relevance of the Industrial DMZ (iDMZ)
By Editorial Staff on Mon, 12/20/2021
Which Flavor of the Purdue Model Should You Follow?
If you enter the term "Purdue Model" into your favorite search engine, the resulting images will vary considerably. There's almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model.
You might even...
Blog
Mitigating Industrial Production Risk with Tripwire
By Editorial Staff on Tue, 12/14/2021
It seems that the most popular topics in cybersecurity for the last year have been zero trust as well as the convergence of Information Technology (IT) and Operational Technology (OT). These developments are good, as they signal some positive motion towards better overall security. Some of the current risks are worth noting, with a forward glance to...
Blog
CIS Control 14: Security Awareness and Skill Training
By Andrew Swoboda on Wed, 12/08/2021
Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to unintentionally provide access...
Blog
CIS Control 13: Network Monitoring and Defense
By Lane Thames on Wed, 12/01/2021
Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks.
Key Takeaways for Control 13
Enterprises should understand that...
Blog
CIS Control 12: Network Infrastructure Management
By Lane Thames on Wed, 11/24/2021
Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are...
Blog
CIS Control 11: Data Recovery
Wed, 11/03/2021
Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to recover data.
Key...