Blog

Blog

CIS Control 05: Account Management

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to...
Blog

Cybersecurity Maturity Model Certification (CMMC) – A Model for Everyone

Data breaches have reached a fever pitch over the last few years. The rapid frequency of successful attacks coupled with the rising costs to businesses has raised attention at the highest levels of global governments. In the past, breaches were relatively “localized,” that is, they affected the targeted company only. However, the newer attacks have...
Blog

How to Report a Data Breach per GDPR

The General Data Protection Regulation (GDPR) Act is a broad set of data privacy rules that define how an organization must handle and protect the personal data of citizens of the European Union (EU). The Regulation also outlines the way that organizations can report a data breach. Articles 33 and 34 outline the requirements for breach notification...
Blog

The Digital Pandemic - Ransomware

In 2021, there are two words that can send a cold chill down the spine of any Cybersecurity professional and business leader; Phishing and Ransomware. Research carried out by the Data Analytics and training company CybSafe, identified that 22% of all cyber incidents reported in the first quarter of 2021 were ransomware attacks. According to the figures obtained from the Information Commissioners...
Blog

Everything You Need to Know about Cyber Crisis Tabletop Exercises

Cybersecurity has become a critical concern in every business sector nowadays due to organizations’ growing dependency on technologies. Research by Immersive Lab reported that in 2019 there were more than 20,000 new vulnerabilities. Not only that, TechRepublic reported that global companies experienced a 148% spike in ransomware attacks after COVID...
Blog

To Detect or Not to Detect, Is that the Question?

Tripwire Enterprise (TE) is at its heart a baselining engine. It’s been built to take information, create a baseline of it, and show when that baseline has changed. (It’s called a “version” in TE terms.) TE starts with a baseline version designated by an organization’s security teams. At some point, a change version with new information (file,...
Blog

Partnerships – The Key to Navigating the Industrial Security Landscape

The events of 2020 helped to accelerate the convergence between information technology (IT) and operational technology (OT) for many organizations. As reported by Help Net Security, for instance, two-thirds of IT and OT security professionals said in a 2020 survey that their IT and OT networks had become more interconnected in the wake of the pandemic. More than three-quarters of respondents went...
Blog

CIS Control 04: Secure Configuration of Enterprise Assets and Software

Key Takeaways for Control 4 Most fresh installs of operating systems or applications come with pre-configured settings that are usually insecure or not properly configured with security in mind. Use the leverage provided by multiple frameworks such as CIS Benchmarks or NIST NCP to find out if your organization needs to augment or adjust any...
Blog

Understanding the Benefits of Managed Cyber Services

As part of our upcoming attendance at the International Cyber Expo & International Security Expo, we were lucky enough to sponsor The Cyber Security Webinar Series with Nineteen Group and Grey Hare Media. Both Philip Ingram MBE and Emanuel Ghebreyesus, strategic account director for Tripwire, spoke about several topics including: The increasing...
Blog

VERT Threat Alert: September 2021 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s September 2021 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-964 on Wednesday, September 15th. In-The-Wild & Disclosed CVEs CVE-2021-40444 This CVE describes a publicly exploited vulnerability in MSHTML that provides user level access upon...
Blog

Clearing Up Elements of Cloud Security

In this episode, Tripwire's Brent Holder and Raymond Kirk discuss what cloud security means today. Breaking down the different aspects of cloud security controls, they cover the technology, security implications and risks with cloud use. https://open.spotify.com/episode/4yvvrk2lWICFAN4DpLtCHS Spotify: https://open.spotify.com/show...
Blog

Where Should We Draw the Cyber Blue Line?

What are the limits of online privacy and law enforcement? Can we clearly define them, or is this a vague and blurred area of debate? The fact is that as technology advances, the real and the virtual worlds are increasingly converging. Actions (or inactions) in the cyberspace introduce risks and threats for people, especially the most vulnerable...
Blog

My "Cybercrime" Isn’t Your "Cybercrime"

Talk to cybersecurity experts about cybercrime on their network, and they will mention malicious activity like scans, attacks, events, and incidents. Probably at some point, they will slip into geek-speak with a vast array of confusing acronyms and jargon while explaining tactics and techniques by referencing infamous attacks, Internal protocols,...
Blog

CIS Control 03: Data Protection

For many years, there was a wide misunderstanding that encrypting some data is equivalent to protecting that data. If it’s encrypted, so the thinking goes, nobody else could access it, and it is therefore safe. While it is critical to encrypt data at rest as well as in transit, the job of protecting data goes much deeper. Encryption can mitigate...
Blog

IoT Devices Built to Meet Cybersecurity Needs

The Internet of Things (IoT) includes items such as smart appliances, smartwatches, and medical sensors. For organizations to enjoy all of the benefits and convenience of IoT devices, enterprise customers must fully understand the potential risks and threats to their systems and the underlying data. IoT devices often lack built-in security controls...
Blog

Identity and Access Management – Who You Are & Where You Need to Be

Remember your first day on the job? You might groan just thinking about it, or maybe you are filled with the optimistic nostalgia of all the great things you set out to accomplish. It’s all a matter of your current perspective. One of the greatest apprehensions about that first day is meeting all of your new colleagues. Someone probably gave you...
Blog

5 Ways to Navigate the Threat Landscape Conveyed in Verizon’s DBIR 2021

On May 13, Verizon released its Data Breach Investigations Report (DBIR) 2021. This annual publication serves many purposes. It yields context into what security analysts are seeing, for instance. But it also affects organizations’ security postures at an even higher level. Here’s Anthony Israel-Davis, research and development manager at Tripwire,...
Blog

FBI and CISA warn that cybercriminals don't take holidays

The FBI and CISA (the Cybersecurity and Infrastructure Security Agency) have jointly issued an advisory to organisations, warning about an increase in the number of attacks coinciding with weekends and holidays. With the Labor Day weekend rapidly approaching, the agencies have reminded businesses to be especially vigilant, remain diligent about...