Resources

Guide
Guide

Actionable Threat Intelligence: Automated IoC Matching with Tripwire

A key security challenge is finding and rooting out malware that has already become embedded on key assets. Organizations today have myriad threat intelligence sources to leverage. However, simply getting the intelligence into your organization is not enough. Unless you have a way to operationalize myriad threat intelligence sources to make it actionable and useful, threat...
Incident Detection & Investigation
Datasheet
Datasheet

Tripwire Enterprise and Cisco AMP Threat Grid

Overview There is mounting concern at the senior executive and board level regarding cybersecurity, driven by highly visible advanced targeted attacks. These attacks threaten precious IP, valuable customer information, company valuation and trade secrets. To truly protect valuable resources, organizations have to accept the nature of modern networked environments and devices,...
Compliance
CIS Controls
Datasheet
Datasheet

The CIS Controls and Tripwire Solutions

Many organizations face the challenging threat environment by strategically choosing a security controls framework as a reference for initiating, implementing, measuring, and evaluating their security posture, as well as managing risk. While many frameworks are available, one of the most notable and commonly used is the Center for Internet Security’s CIS Controls. This well...
Compliance
CIS Controls
Datasheet
Datasheet

MITRE ATT&CK Matrix with CIS Controls and Tripwire Mapping

It’s not enough to cast a wide cybersecurity net and hope you catch the adversaries trying to compromise your data. Instead, you need to narrow your focus to make your efforts truly impactful. But which of the countless potential cybersecurity attacks out there should you choose to prioritize? MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework and...
Compliance
CIS Controls
Datasheet
Datasheet

10 Ways Tripwire Outperforms Other Cybersecurity Solutions

As a security professional, you’re tasked with protecting your organization against attacks, detecting threats, identifying vulnerabilities and hardening configurations. But in an increasingly crowded marketplace, how do you choose the right cybersecurity partner? From experience and technical innovation to security expertise, Fortra's Tripwire stands out from the competition. ...
Vulnerability & Risk Management
Incident Detection & Investigation
IT Security Operations & Asset Discovery
Security Configuration Management
CIS Controls v8
Blog
Blog

CIS Control 18 Penetration Testing

By Matthew Jerzewski on Wed, 05/11/2022
Image Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a...
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 17: Incident Response Management

By Tyler Reguly on Wed, 04/27/2022
Image We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not...
Compliance
CIS Controls
Incident Detection & Investigation
CIS Controls v8
Blog
Blog

CIS Control 16 Application Software Security

By Matthew Jerzewski on Wed, 04/20/2022
Image The way in which we interact with applications has changed dramatically over years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations...
Compliance
CIS Controls
What Is the Role of Incident Response in ICS Security?
Blog
Blog

What Is the Role of Incident Response in ICS Security?

By Tripwire Guest Authors on Wed, 04/06/2022
Image In recent years, cyber espionage has been growing in magnitude and complexity. One of the most common targets is Industrial Control Systems (ICS) within critical infrastructure sectors. With many organizations relying more heavily on ICS networks, there has been an increase in threats and cyberattacks aimed at these systems. Not...
Incident Detection & Investigation
Industrial Control Systems
CIS Controls v8
Blog
Blog

CIS Control 15: Service Provider Management

By Matthew Jerzewski on Wed, 02/23/2022
  Image Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important. Key Takeaways from Control 15 Identify your...
Compliance
CIS Controls
How to Fulfill Multiple Compliance Objectives Using the CIS Controls
Blog
Blog

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

By David Bisson on Tue, 01/18/2022
Image Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with...
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 14: Security Awareness and Skill Training

By Andrew Swoboda on Wed, 12/08/2021
Image Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to...
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 13: Network Monitoring and Defense

By Lane Thames on Wed, 12/01/2021
Image Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises...
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 12: Network Infrastructure Management

By Lane Thames on Wed, 11/24/2021
Image Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately,...
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 11: Data Recovery

Wed, 11/03/2021
Image Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to...
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 10: Malware Defenses

By Tyler Reguly on Wed, 10/27/2021
Image With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that...
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 09: Email and Web Browser Protections

By Andrew Swoboda on Wed, 10/20/2021
Image Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with...
Cybersecurity
Cloud Security
SaaS Security
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 08: Audit Log Management

By Tyler Reguly on Wed, 10/13/2021
Image Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular review is useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be...
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 07: Continuous Vulnerability Management

By Tyler Reguly on Wed, 10/06/2021
Image When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data...
Vulnerability & Risk Management
Compliance
CIS Controls
CIS Controls v8
Blog
Blog

CIS Control 06: Access Control Management

By Tyler Reguly on Wed, 09/29/2021
Image CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is...
Compliance
CIS Controls