Guide
Governance, Risk, and Compliance
Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?
Guide
Industrial Cybersecurity is Essential
Don’t believe there are real cyberthreats to your operations network and control systems? Data shows otherwise. Better foundational industrial cybersecurity practices can help prevent disruption to your operations and financial risk to your bottom line.
...
Guide
Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls
The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Guide
Tripwire State of Industrial Cybersecurity Report
As news of cyberthreats targeting industrial environments like energy utilities and manufacturing plants continues to surface, Tripwire surveyed security professionals who work in these industries to understand how industrial organizations are protecting themselves. The survey findings revealed insights on the security professionals’ levels of concern, investment in cybersecurity, and how they are...
Blog
Top CVE Trends — And What You Can Do About Them
By Guest Authors on Wed, 06/01/2022
Cybersecurity awareness, protection, and prevention is all-encompassing. In addition to implementing the right tools and resources, and hiring skilled professionals with the right cybersecurity education and experience, organizations should be aware of the latest CVEs.
What Is a CVE?
The acronym “CVE” stands for Common Vulnerabilities and...
Blog
ICS Security in Healthcare: Why Software Vulnerabilities Pose a Threat to Patient Safety
By Guest Authors on Mon, 05/30/2022
The lack of healthcare cybersecurity is one of the most significant threats to the sanctity of the global healthcare industry. This is made evident by the fact that in 2020 more than 18 million patient records were affected by successful cyber-attacks on the U.S. healthcare system.Health professionals should not take this issue lightly, as financial...
Blog
A Problem Like API Security: How Attackers Hack Authentication
By Guest Authors on Wed, 05/25/2022
There is a sight gag that has been used in a number of movies and TV comedies that involves an apartment building lobby. It shows how people who don’t live there, but who want to get in anyway, such as Girl Guides looking to sell cookies to the tenants – simply run their fingers down every call button on the tenant directory, like a pianist...
Blog
How Can OEMs Reduce Their Risk of Cyberattacks?
By Guest Authors on Tue, 05/24/2022
Many modern businesses in almost every sector of the economy are adopting the latest technologies for greater connectivity and efficiency. However, while many of these technologies offer myriad benefits, they can also create new cybersecurity vulnerabilities.
While much of the focus has remained on manufacturers and how they can bolster their...
Blog
Regulatory Compliance in the Cloud: What you Need to Know
By Chris Hudson on Mon, 05/23/2022
Anyone reading this post will have at least dipped their toes into the world of cloud services. As a result of this massive growth, the world of compliance has spent much of the last decade catching up with the implications of cloud services. For hosted infrastructure, “catching up” presents an interesting set of challenges since cloud managed...
Blog
Adding visibility to the invisible: securing your automated systems
By Irfahn Khimji on Mon, 05/16/2022
Have you ever dined in a restaurant with a police officer? When choosing a table, or seating location, law enforcement professionals will often choose the seat that positions them with their back to the wall. This plays out quite humorously when a group of law enforcement professionals dine together, all racing toward that coveted “protected”...
Blog
Tripwire Patch Priority Index for April 2022
By Lane Thames on Sun, 05/01/2022
Tripwire's April 2022 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google Chrome, Oracle, and Adobe.First on the patch priority list this month is an elevation of privilege vulnerability in the Microsoft Windows User Profile Service. This vulnerability has been added to the Metasploit Exploit Framework and any...
Blog
OSINT: The privacy risks of sharing too much information
By Tyler Reguly on Sun, 05/01/2022
In the past, I’ve written about digital privacy and how much data we leak through our day to day interactions. I think this is an important topic to consider and really focus on and it is an element of cybersecurity at both the enterprise and personal level that isn’t discussed enough. One of the reasons is that demonstrating this can definitely...
Blog
PCI DSS 4.0 and ISO 27001 – the dynamic duo
By Guest Authors on Wed, 04/27/2022
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks.
We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed...
Blog
CIS Control 17: Incident Response Management
By Matthew Jerzewski on Wed, 10/16/2024
We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeed in responding to the threat.Key TakeawaysOne takeaway...
Blog
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of April 18, 2022
By Editorial Staff on Mon, 04/25/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of April 18, 2022. I’ve also included some comments on these stories.
CISA Alert on ICS, SCADA Devices Highlights Growing...
Datasheet
Tripwire IP360 Commander
Maximize the value of Tripwire® IP360™ by adding additional leverage to your valuable strategic business solution, and extend Tripwire IP360 to achieve better, faster and more cost effective vulnerability risk management and compliance. Many enterprise applications lack a native command line interface. This can be a challenge if you want to automate and integrate basic operations, which is a...
Datasheet
Tripwire IP360 and Kenna
Transform Your Security Management Program
The integration of Kenna with Tripwire® IP360™ enables enterprises to identify vulnerabilities across every layer of the technology stack, manage the remediation of these vulnerabilities and then gauge the overall vulnerability management performance. Kenna supports the Tripwire IP360 vulnerability management solution right out of the box, making it...
Datasheet
Tripwire and RedSeal
Large, complex networks require the implementation and management of thousands of access rules in routers, firewalls and other network infrastructure—across thousands of endpoints. This combination of rules, endpoints and the vulnerabilities the endpoints may exhibit make risk management a complicated practice in any enterprise. Manually determining which devices and rules are responsible for...