Blog
Defense in Depth: 4 Essential Layers of ICS Security
By Editorial Staff on Tue, 09/20/2022
It is always said that security is never a one-size-fits-all solution. This is true not only because of the apparent infinite varieties of equipment in each individual organization, but also, and perhaps more importantly, the different ways that every organization views security. Some spend lots of time focusing on physical security, especially...
On-Demand Webinar
Industrial Cybersecurity - What You Don't Know Might Hurt You
Mon, 08/15/2022
Getting a clear assessment of your assets is the first step toward developing a mature OT network or control system. A well maintained asset inventory allows your organization to quickly manage risk affecting your operations availability, reliability and safety. Industrial environments often need to map assets to NIST, ITIL, ISO, COBIT or process automation standards like ANSI/ISA99-IEC-62443. You can achieve significant efficiency improvement and save time within industrial environments by automating asset management instead of following manual spreadsheet processes. Cyber security experts David Meltzer, Chief Research Officer at Tripwire, Tony Gore, CEO at Red Trident Inc., and John Powell, Senior Critical Infrastructure Engineer at Red Trident Inc., will discuss the practical 1-2-3 basics of industrial cyber security and how to get started automating asset management. Attendees will also learn how to build an effective strategy for protecting industrial assets - networks, endpoints and controllers. Key Takeaways: Learn how to automate and simplify the inventory process and secure your assets Understand what cyber security standards may apply to your unique environment Hear real-world tips on how to prioritize and work across functional silos within your company Receive an industrial cyber security assessment checklist to help gauge your starting point
Guide
Tripwire State of Cyber Hygiene Report
Tripwire’s State of Cyber Hygiene report reveals the results of an extensive cybersecurity survey conducted in partnership with Dimensional Research. The survey examined if and how organizations are implementing security controls that the Center for Internet Security (CIS) refers to as "Cyber Hygiene."
Real-world breaches and security incidents prove over and over again that many of the most...
Guide
Threat Prevention is Foundational
How proper foundational controls help block today’s advanced threats
Guide
Tripwire State of Industrial Cybersecurity Report
As news of cyberthreats targeting industrial environments like energy utilities and manufacturing plants continues to surface, Tripwire surveyed security professionals who work in these industries to understand how industrial organizations are protecting themselves. The survey findings revealed insights on the security professionals’ levels of concern, investment in cybersecurity, and how they are...
Guide
Security Configuration Management Buyer's Guide
Security configuration management (SCM) exists at the point where IT security and IT operations meet. It’s a core security control that combines elements of vulnerability assessment, automated remediation, and configuration assessment.
The goal of SCM is to reduce security risks by ensuring that systems are properly configured — or hardened — to meet internal and/or regulatory security and...
Guide
Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1
The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism.
...
Guide
Industrial Cybersecurity Experts Share 14 of Their Biggest Tips and Predictions
The task of building and running an effective cybersecurity program is a major challenge for any complex organization, but those in charge of industrial control systems (ICS) have even more to figure out than their strictly-IT counterparts.
How can industrial organizations overcome the cybersecurity skills gap? What about the increasingly-difficult endeavor of bringing the IT and OT sides of the...
Guide
6 Expert Industrial Cybersecurity Tips for CISOs
Digital attacks are a growing concern for industrial control system (ICS) security professionals. In a 2019 survey conducted by Dimensional Research, 88 percent of respondents told Tripwire that they were concerned about the threat of a digital attack. An even greater percentage (93 percent) attributed their concerns to the possibility of an attack producing a shutdown or downtime. Other survey...
Guide
The Industrial Control System (ICS) Visibility Imperative
The rapid convergence of IT and OT systems can leave even the most cybersecurity-mature organizations exposed. Industrial security teams are under-reacting to new cyberthreats, and legacy operational technology simply wasn’t built to handle the risks incurred by connecting to IT systems. The main issue is visibility: You can’t secure what you can’t see.
Safety, productivity, and uptime are...
Guide
Industrial Cybersecurity is Essential
Don’t believe there are real cyberthreats to your operations network and control systems? Data shows otherwise. Better foundational industrial cybersecurity practices can help prevent disruption to your operations and financial risk to your bottom line.
...
Guide
The Executive's Guide to the CIS Controls
See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors.
This publication was designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture. In this guide, we will cover a wide range of topics...
Guide
Defending Industrial Control Systems
Threats to Industrial Control Systems (ICS) are increasing—a reality that ICS-centric industries have begun to recognize. As a response to the growing need for protection from cyberattacks, the Department of Homeland Security (DHS), National Cybersecurity and Communications Integration Center (NCCIC) and the National Security Agency (NSA) have published Seven Steps to Effectively Defend Industrial...
Guide
Detailed Mapping of the Tripwire and CIS Controls
The goal of the Center for Internet Security Controls is to protect critical assets, infrastructure and information by strengthening your organization's defensive posture through continuous, automated protection and monitoring of your IT infrastructure.
The strength of the Controls is that it reflects the combined knowledge of actual attacks and effective defenses from experts in many...
Datasheet
Tripwire State Analyzer
Get Safe and Compliant
Keeping your organization safe and compliant is challenging and complex. Security is more effective when you have documented baselines for a system’s configuration, usually in the form of a security policy. These policies specify recommended or required system configurations, including applications, ports, services, and security basics. But ask yourself: How can I validate...
Datasheet
Tripwire Industrial Edge
However, gaining this caliber of visibility can be challenging for many reasons, including:
Standard IT solutions and scanning methods are typically incompatible with and unsafe for industrial networks » Traditional industrial asset inventory solutions often require hardware that can be costly, complex, and time consuming to deploy
Many industrial networks are geographically isolated and/or...
Datasheet
Tripwire Solutions for Industrial Control Systems
Industrial automation and process control systems largely run our world. However, cyber risks to industrial networks, endpoints and control systems are on the rise and protecting highly specialized plant environments can be very challenging for industrial businesses and critical infrastructure.
Cyber threats have been shown to come from simple employee or contractor error, malicious insiders or...
Datasheet
Security Configuration Management
In a very real sense, IT security configurations are the proverbial “keys to the kingdom” when it comes to data protection and information security. They define system safeguards while balancing acceptable risk against the need for productivity. Hackers and attackers understand this balance all too well: the 2011 Verizon Data Breach Investigations Report noted that 83 percent of successful attacks...