Blog

Blog

Tripwire Patch Priority Index for December 2021

Tripwire's December 2021 Patch Priority Index (PPI) brings together important vulnerabilities for Apache, Ubuntu Linux Kernel, and Microsoft. First on the patch priority list this month are patches for Apache Log4j2 vulnerabilities, most importantly for the Log4j2 "LogShell" remote code execution vulnerability. There are many attack vectors via...
Blog

How Will ISO 27701 and the GDPR Affect Your Organization?

Companies today face increasing pressure to implement strong cybersecurity controls. While the U.S. has no comprehensive cybersecurity law, many organizations still fall under state, international, or industry regulations. Two of the most prominent controlling publications are the General Data Protection Regulation (GDPR), and the ISO 27701 standard...
Blog

Can We Lighten the Cybersecurity Load for Heavy Industries?

One of the biggest problems with the IT / OT convergence in critical infrastructure is that much of the legacy hardware cannot simply be patched to an acceptable compliance level. Recently, Sean Tufts, the practice director for Industrial Control Systems (ICS) and Internet of Things (IoT) security at Optiv, offered his perspectives on where the...
Blog

Tips, Advice, and Insights on Achieving Buy-in for Cybersecurity Projects

A CISO’s job can be one of the most stressful in cybersecurity. It can sometimes feel like an avalanche of responsibilities, all in the pursuit of keeping an organization safe. The problem more often than not comes down to the issue of obtaining funding for new technology that can make the job easier. In reality, CISOs can't always obtain the...
Blog

Integrity: A Key Facet of Zero Trust

On May 12, The White House published its Executive Order (EO) on Improving the Nation’s Cybersecurity. The directive outlined a set of focus areas intended to improve cybersecurity for the federal government and critical infrastructure sectors including information sharing, supply chain security, endpoint detection and response, and cloud security. ...
Blog

Securing Smart Cities: What You Need to Know

Due to urbanization, which involves a complex set of economic, demographic, social, cultural, technological, and environmental processes, governments are developing smart cities to address some of the challenges unique to urban areas. This development occurs through the transmission of data using wireless technology and the cloud. Smart cities are...
Blog

Not IT vs OT, but IT and OT

IT environments have always been considered the forefront when it comes to cybersecurity, and OT environments have been the forefront when it comes to physical security. As more and more cyber threats are taking place, and with an increasing number recently focused on OT environments, everyone seems to be concerned with how to upscale and secure...
Blog

Improving Edge Computing Security in 2022

More organizations are turning their eyes to edge computing as cloud adoption reaches new heights. Experts predict there will be 55 billion edge devices by 2022 as latency and resilience demands grow and 5G makes these networks possible. While this growth is impressive, it raises several security concerns. Edge computing expands attack surfaces,...
Blog

Will Zero Trust Shape the Future of Cloud Security?

Zero trust is everywhere, and it will change the way we undertake security. Just as zero trust concepts are shaping the data center and our networks, they will shape cloud environments, as well. Many of the challenges of cloud security arose because we moved workloads to the cloud with no clear idea of how to secure them. Zero trust provides exactly...
Blog

Cybersecurity: When Stress and Trauma ‘Get in the Way’

This blog contains a discussion about stress, trauma, and domestic violence. This may be difficult for some readers, and given the alarming figures around Post-Traumatic Stress Disorder (PTSD), trauma, and early life experiences (ACEs), this will likely concern at least a small population of readers. Please take care of yourself when reading this...
Blog

Fulfilling Security Requirements for the Transportation Sector

Protecting our critical infrastructure against the threat of ransomware remains a top priority for both the private sector and the federal government. In fact, a recent survey from Tripwire found that security professionals in both sectors still identify ransomware as a top security concern. More than half (53%) of respondents in that study said...
Blog

Europol IOCTA 2021 Report: The Key Takeaways

Europol, the European Union's law enforcement agency, recently published the 2021 Internet Organized Crime Threat Assessment (IOCTA) report. The report, which is Europol’s flagship strategic product that provides a law enforcement focused assessment of evolving threats and key developments in the area of cybercrime, highlights the expansion of the...
Blog

How Tripwire Can Be a Partner on Your Zero Trust Journey

In a previous blog post, I discussed the different applications of integrity for Zero Trust and provided four use cases highlighting integrity in action. The reality is that many organizations can’t realize any of this on their own. But they don’t need to. They can work with a company like Tripwire as a partner on their Zero Trust journey. Let’s...
Blog

Cybersecurity in 2022 and Beyond

It's that time of year that the usual happens. Christmas crackers with bad jokes. Holiday specials on TV (constantly). And cyber specialists like me make predictions about the year to come. With the help of insights from Gartner and my own views on what we are likely to see in 2022, I think I can help you with a couple of these. Firstly, it's worth...
Blog

Revisiting the Relevance of the Industrial DMZ (iDMZ)

Which Flavor of the Purdue Model Should You Follow? If you enter the term "Purdue Model" into your favorite search engine, the resulting images will vary considerably. There's almost no better way to stir up an Operational Technology (OT) security conversation than to begin debating what belongs on Level 1 or Level 3 of the model. You might even...