Resources

Guide

5 File Integrity Monitoring (FIM) Myths and Misconceptions

File integrity monitoring (FIM) is the cybersecurity process that monitors and detects changes in your environment to alert you to threats and helps you remediate them. FIM was first introduced in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM, which worked with the 12 security controls identified in Visa’s Cardholder...
Guide

10 Common Security Misconfigurations and How to Fix Them

Does your organization have an established security configuration management (SCM) program, or are you relying on default security settings? Misconfigurations are a leading cause of unauthorized access and security breaches, creating entry points for hackers in servers, file systems, networks, firewalls, websites, software, workstations, and cloud infrastructure. The Open Worldwide Application...
Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide covers the main...
Guide

Security Configuration Management Buyer's Guide

Agile enterprises need to adapt quickly to business digitalization and new IT models to ensure availability while controlling risk. What is constant is change. There are changes that organizations are adapting to and have control over, such as system virtualization, cloud deployment, and which endpoint devices they will accept (BYOD). However, they have less control over the threat landscape and...
Guide

The Value of True File Integrity Monitoring

File integrity monitoring (FIM, and often referred to as “change audit”) was around long before its early reference in the ever-evolving PCI standard. So, here we are years later… Where is FIM now? Is it still relevant or important? Does it really protect data and improve security? The answers, in order, are: FIM isn’t going away — in fact, it’s now part of almost every IT compliance regulation...
Guide

Tripwire and Visible Ops

Simultaneous Demands — Where Do You Start?While annual business plans focus on strategic initiatives designed to keep the enterprise competitive or to mitigate risk, it’s the day-to-day operations that consume the most time and resources. For many IT organizations, it seems that just keeping the computers running and the lights on occupies the majority of their time. And according to research — it...
Guide

Adjusting to the Reality of Risk Management Framework

For many reasons, aligning IT security, compliance and IT Operations has been an ongoing challenge in the federal ecosystem. There are plenty of stories about waste and misalignment of IT security for federal systems, such as systems that are compliant but not secure, and investments on tools that didn’t make anything more secure or were difficult to run. IT Operations people will point to issues...
Guide

Navigating Industrial Cybersecurity:

Nearly every aspect of modern life depends upon the uninterrupted function of industrial control systems (ICS). ICSs keep the lights on, ensure clean drinking water, and provide other critical infrastructure processes. Beyond power, energy, and other utilities, ICSs are also responsible for the manufacturing of your computer, your car, and countless other physical items we rely on every day.It’s...
Guide

What Cybersecurity Pros Think of Zero Trust Today

Zero trust isn’t a new model, but its influence on the cybersecurity industry has strengthened over time since 1994. Zero trust became especially top-of-mind a few years ago when remote work and cloud services took off, prompting organizational leaders to rethink the way they enforced cybersecurity controls in an increasingly perimeter-less world. Is zero trust just another cybersecurity buzzword...
Guide

Don’t Get Hooked: How to Recognize and Avoid Phishing Attacks

Improve employee awareness of phishing risks with this full sizephishing prevention infographic. This infographic includes valuable information on:What is phishing?Common phishing techniques and how to recognize themWhat to do if you suspect a phishing scam We hope you find this tool useful in promoting cybersecurity awareness at your organization! ...
Guide

Beyond the Basics: Tripwire Enterprise Use Cases

Security, compliance, and IT operations leaders need a powerful and effective way to accurately identify security misconfigurations and indicators of compromise. Explore the many ways Tripwire Enterprise can protect your organization with superior security and continuous compliance.
Guide

Why Integrity Should Be Your Organizing Cybersecurity Principle

While integrity has been a common word in the cybersecurity lexicon for years, its meaning and use have been relatively limited. It may be time to reconsider its central role in security. The reality of always-connected networks, fluid data transfers across cloud and hybrid environments, and broadly deployed endpoints presents an opportunity to take a fresh look at integrity as an organizing...
Guide

What Is CPS 234 and Who Needs to Comply with It?

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new standard emerged as an offshoot to the Notifiable Data Breach ...