Resources
Datasheet

Automating FISMA Compliance with Tripwire Security Configuration Management

FISMA requires federal agencies, and by extension, the foundations, educational institutions, organizations that receive federal funds as well as the contractors that do business with them, to develop, document, and implement information security programs to protect the confidentiality, integrity and availability of the data and systems that support government operations and assets. In meeting...
Compliance
FISMA
Datasheet

10 Ways Tripwire Outperforms Other Cybersecurity Solutions

As a security professional, you’re tasked with protecting your organization against attacks, detecting threats, identifying vulnerabilities and hardening configurations. But in an increasingly crowded marketplace, how do you choose the right cybersecurity partner? From experience and technical innovation to security expertise, Fortra's Tripwire stands out from the competition. Here are 10 reasons...
Vulnerability & Risk Management
Incident Detection & Investigation
IT Security Operations & Asset Discovery
Security Configuration Management
Datasheet

Balancing Compliance with Security

There is a misunderstanding that if you are compliant, you are secure. This isn’t the case. For example, adhering to PCI DSS v4.0 will only allow you to tick the box to say you are PCI compliant in that moment. It gives you a snapshot in time of where you are in your compliance journey. But it won’t prevent your company from suffering a breach—along with incurring fines and reputational damages...
Compliance
Case Study

Payment Processor for Businesses

As a recognized leader in the payment processing sector, this company offers its clients hundreds of secure payment methods across multiple platforms, around the globe. Onan average day it processes tens of millions of mobile, online and in-store transactions in 100+ currencies. After experiencing a security incident that was quickly contained, the company took the opportunity to revamp its...
Compliance
PCI DSS
Case Study

Security and Compliance in Federal Agencies: 3 Tripwire Use Cases

Use Cases Ensuring compliance and minimizing Automating manual tasks and enhancing breach detection Monitoring critical assets in the public cloud Tripwire understands the security demands faced by federal government agencies. Security decision makers at these agencies aren’t only tasked with securing operations in a complex threat landscape—they also have to prove regulatory...
Compliance
Case Study

Leading Nationwide Provider of FDIC-Insured Financial Services

This nationally recognized financial solutions provider offers a set of services that enable smaller banks and other related institutions to compete with the industry’s dominant players. The company’s portfolio of FDIC-insured solutions enables its members and other key constituents to offer innovative services that otherwise might be too difficult or too costly to provide on their own. ...
IT Security Operations & Asset Discovery
Case Study

Tripwire and Astro Making Best Practices a Daily Show

Assessing and managing vulnerabilities is a core cybersecurity practice, but it can put a heavy strain on IT security and operations teams. In many cases, introducing vulnerability management as a service is what’s necessary to overcome the challenge of accumulating vulnerabilities across complex IT environments—especially when time and resources are limited. This was the case for one mid-size U...
Vulnerability & Risk Management
SaaS Security
Compliance
Managed Security Services
Product Video

Watch a Demo of Tripwire Enterprise

Mon, 08/15/2022
Compliance frameworks are notoriously dense and complex, making them difficult to put into action. Compliance is also time-consuming—especially if you’re still attempting manual configuration of your systems, applications, databases and cloud assets. Manual configuration is error-prone and immediately out of date the moment an assessment ends. And a lack of compliance can result in failing audits,...
Compliance
CIS Controls
NIST
PCI DSS
VERT Threat Alert: September 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: August 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/09/2022
Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th. In-The-Wild & Disclosed CVEs CVE-2022-34713 According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability. There has been a...
Vulnerability & Risk Management
VERT Research
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022

By Andrew Swoboda on Mon, 08/08/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 1st, 2022. I’ve also included some comments on these stories. Windows 11 Smart App Control blocks files used to...
Vulnerability & Risk Management
VERT Research
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022

By Andrew Swoboda on Mon, 08/01/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of July 25, 2022. I’ve also included some comments on these stories. SonicWall fixed critical SQLi in Analytics and GMS...
Vulnerability & Risk Management
VERT Research
Guide

Guide to Managed Cybersecurity Services

As managed services become more popular—and essential, for many—the world is on track to funnel 77 percent of cybersecurity spending toward them by 2026. But how exactly do managed security services work? Download the e-book to learn how managed services help organizations do more with less, overcome staffing challenges, and turn their attention back toward their business priorities. ...
IT Security Operations & Asset Discovery
Navigating Industrial Cybersecurity Thumb
Guide

Navigating Industrial Cybersecurity: A Field Guide

Nearly every aspect of modern life depends on industrial control systems (ICS) operating as expected. As ICS devices become increasingly connected, they also become increasingly vulnerable. By and large, commercial and critical infrastructure industrial orgs are underprepared for the digital convergence of their IT and OT environments. ICS operators need to get a robust cybersecurity program in...
Cybersecurity
Industrial Control Systems
VERT Threat Alert: September 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: July 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 07/12/2022
Today’s VERT Alert addresses Microsoft’s July 2022 Security Updates. VERT is actively working on coverage for these Patch Tuesday vulnerabilities and expects to ship ASPL-1011 on Wednesday, July 13th. In-The-Wild & Disclosed CVEs CVE-2022-22047 Microsoft is reporting this month that a single vulnerability in the Windows Client/Server Runtime...
Vulnerability & Risk Management
VERT Research
PCI 4.0: The wider meanings of the new Standard
Blog

PCI 4.0: The wider meanings of the new Standard

By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data. In our series about how the new standard differs...
Compliance
PCI DSS
What you need to know about PCI 4.0: Requirements 10, 11 and 12
Blog

What you need to know about PCI 4.0: Requirements 10, 11 and 12

By David Bruce on Wed, 06/29/2022
As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function...
Compliance
PCI DSS
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of June 20, 2022

By Andrew Swoboda on Mon, 06/27/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of June 20, 2022. I’ve also included some comments on these stories. Over a Dozen Flaws Found in Siemens' Industrial Network...
Vulnerability & Risk Management
VERT Research
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
Blog

What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9

By David Bruce on Wed, 06/22/2022
In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update. Requirements 5 through 9 are organized under two categories: Maintain a Vulnerability...
Compliance
PCI DSS