Being a cybersecurity professional means you’re regularly in charge of making complex decisions with real-world consequences, like choosing the right cybersecurity benchmarks, controls, frameworks, or best practices for your organization. Should you apply the CIS Controls, the NIST Cybersecurity Framework, or something else? Without overarching industry consensus, it can be...
Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.
While these cybersecurity frameworks aren’t...
Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a profusion of vendors...
Cybersecurity compliance standards like the Payment Card Industry Data Security Standard (PCI DSS) and Society for Worldwide Interbank Financial Telecommunications (SWIFT) do an excellent job of hardening systems against breaches. This is especially important in the financial services sector, a common target for cybercriminals. This on-demand webinar presented by Senior Solutions Engineer Dan...
In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA, ISO...
Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized? The ability to answer these questions are the elements that comprise change management.
Historically, the haste of accomplishing a task consisted of a...
Overview
There is mounting concern at the senior executive and board level regarding cybersecurity, driven by highly visible advanced targeted attacks. These attacks threaten precious IP, valuable customer information, company valuation and trade secrets. To truly protect valuable resources, organizations have to accept the nature of modern networked environments and devices, and start defending...
Tripwire® Asset Discovery Appliance discovers all networked hosts, applications and services. By providing a comprehensive view of devices and software on your network, you gain the foundation for effective security configuration management and compliance processes. Only this appliance provides low bandwidth, non-intrusive host and network profiling for use with Tripwire Enterprise.
Tripwire...
Endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions play a critical role in reducing the risk of successful attacks that exploit weakly configured endpoints and systems. These solutions alert security teams on potential cyberattacks, help with remediating misconfigurations, and can be delivered via an agent or through a service in the cloud.
Where EPP/EDR...
2021 has been a pivotal year for cybersecurity and the emphasis that organizations have placed on its importance. Unfortunately, this push for heightened cybersecurity is reactive by nature, and is the result of a series of increasingly complicated and dangerous cyberattacks. Attacks have been successfully executed on institutions ranging from social media sites to utility plants and are projected...
Assessing and managing vulnerabilities is a core cybersecurity practice, but it can put a heavy strain on IT security and operations teams. In many cases, introducing vulnerability management as a service is what’s necessary to overcome the challenge of accumulating vulnerabilities across complex IT environments—especially when time and resources are limited.
This was the case for one mid-size U...