Blog
Gaining Network Transparency with Asset Discovery and Compliance for IT/OT
By Faisal Parkar on Mon, 06/24/2024
I recently came across the "Johari Window Model" and thought this would be a good way to gain inspiration to explain the conundrum faced by many cybersecurity customers. The table below shows us the breakdown of the stages that are applicable not just to IT and OT environments but also to other facets of our daily lives.
This model can be applied...
Blog
Integrity and FIM: It’s More than Just Data Security
By Jeff Moline on Tue, 06/18/2024
Integrity is a vital component of any cybersecurity policy, making up one-third of the CIA Triad. However, until recently, the industry has had a limited understanding of the term, using it primarily in the context of data security. Integrity means so much more than this principle alone: it impacts every facet of an information system and can drive an organization's entire security program.
...
Guide
What Experts Have to Say About Choosing the Right Cybersecurity Frameworks
Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While these cybersecurity frameworks aren’t mandatory...
Guide
Staying Current With the Transportation Security Administration’s Oil and Gas Security Directives
Escalating cyberthreats in the oil and gas industry underscore the need for substantial collaboration between public and private sectors to mitigate this national security risk, and much of this responsibility falls on the shoulders of individual pipeline operators who need to comply with the Transportation Security Administration (TSA) Security Directive.Despite being best known for its role in...
Blog
What Is an Axon Agent, and Why Do You Need One?
By Michael Betti on Mon, 04/15/2024
The number of endpoints in an organization often exceeds the number of employees. Managing these often disparate entities is more than a full-time job. Moreover, keeping them secure is equally difficult, yet securing all of your endpoints against cyber threats has become paramount for organizations worldwide. A common oversight that undermines these...
Blog
Exploring Advanced Tripwire Enterprise Capabilities
By John Salmi on Fri, 04/05/2024
In today's digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations often don't use them...
Blog
Security vs. Compliance: What's the Difference?
By Anthony Israel-Davis on Thu, 04/04/2024
Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together.
As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...
Blog
Know Thyself and Thy Network
By Chris Hudson on Wed, 01/10/2024
The shifting sands of IT make the adage "you never know it all" ever more true as time goes by. I recall days when it felt like you could click through every major directory of Yahoo and know a little something about everything. I was a young man with a voracious reading appetite and an active imagination – both of which were thoroughly outpaced by...
Guide
What Cybersecurity Pros Think of Zero Trust Today
Zero trust isn’t a new model, but its influence on the cybersecurity industry has strengthened over time since 1994. Zero trust became especially top-of-mind a few years ago when remote work and cloud services took off, prompting organizational leaders to rethink the way they enforced cybersecurity controls in an increasingly perimeter-less world.
Is zero trust just another cybersecurity buzzword...
Guide
10 Common Security Misconfigurations and How to Fix Them
Is your organization using default security settings, or do you have a security configuration management (SCM) program in place to ensure your configurations are as secure as possible?
Misconfigurations are a leading cause of unauthorized access and security breaches, creating entry points for hackers in servers, websites, software, and cloud infrastructure. The Open Worldwide Application...
Blog
5 Tripwire Enterprise Misconfigurations to Avoid
By Jeff Hines on Tue, 10/24/2023
Configuration management is vitally important as part of a sound cybersecurity strategy. We have previously published how patching alone is not enough, as that does not alter a system’s customized configuration. Misconfigurations can be as damaging to security as a deliberate attack on a system. As the manufacturer of Tripwire Enterprise (TE), we...
Guide
5 Things Your FIM Solution Should Do for You
File integrity monitoring (FIM) is a critical security control that helps organizations detect system changes in real-time that indicate impacts to compliance and potential cybersecurity incidents, empowering teams to respond rapidly.
FIM is required by many major compliance standards such as North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP), the...
Blog
Tripwire Enterprise: Five ‘Other’ Things You Should Know
By Faisal Parkar on Thu, 08/10/2023
Network engineers and security analysts have a lot in common. Both require the ability to not only understand the problems at hand but to ascertain the moments leading to them. A typical scenario would include a request to help with a problem a customer has been experiencing. The person you are trying to assist is probably a member of the IT team in...
Blog
Tripwire Enterprise: Reimagining a Winning Product
By Jeff Moline on Thu, 07/27/2023
How many security products does it take to monitor an organization? Even a small company often finds itself working with multiple monitoring tools to gain visibility into its security posture. This creates multiple blind spots, as a security analyst needs to jump between different tools with different formats and configurations to research a...
Blog
Tripwire Products: Quick Reference Guide
By Megan Freshley on Mon, 05/15/2023
Here at The State of Security, we cover everything from breaking stories about new cyberthreats to step-by-step guides on passing your next compliance audit. But today we’d like to offer a straight-forward roundup of Fortra's Tripwire product suite. Get to know the basics of Tripwire’s core solutions for file integrity monitoring (FIM), security...
Guide
Insider Insights for the PCI DSS 4.0 Transition
Is your organization ready for the new PCI DSS 4.0 Standard? If you’re already compliant with the most recent version of the Payment Card Industry Data Security Standard (PCI DSS), you’ve probably already begun transitioning to version 4.0 ahead of the upcoming deadline. To help you make the journey easier and more straightforward, Fortra’s Tripwire gathered strategic implementation advice from...
Guide
Getting in Control of Financial Services Cybersecurity Regulations
Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack.
This guide will cover the main...
Guide
PCI DSS 4.0 Compliance
Maintaining compliance is a difficult job—both in scope and in practical application. Organizations need to comply with a vast array of regulations, and the number is constantly increasing. Compliance is consistently tightening; businesses and financial institutions now have to learn and dive into the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements as the implementation...
Blog
Teaching an Old State Analyzer Some New Tricks
By Michael Betti on Mon, 01/16/2023
Tripwire’s Energy and NERC Compliance Working Group virtual event offered some enlightening information, not only from industry experts but also some candid thoughts from current Tripwire customers. Even the most cogent summary of the keynote, as well as two of the sessions, simply cannot do proper justice to the knowledge that was shared during the...