Resources

Common Phishing Attacks and How to Protect Against Them
Blog

Common Phishing Attacks and How to Protect Against Them

By Kirsten Doyle on Wed, 09/11/2024
Phishing is a malicious attempt to deceive individuals into divulging sensitive information such as usernames, passwords, credit card numbers, or other personal data. These attacks are typically carried out by masquerading as a trustworthy entity in electronic communications. Phishing can take many forms and has evolved to become more sophisticated, making it imperative for individuals and...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
This Senate Bill Could Improve Voting Machine Security
Blog

This Senate Bill Could Improve Voting Machine Security

By PJ Bradley on Wed, 09/11/2024
The upcoming election has brought up conversations about the security of our voting infrastructure. While recent developments have somewhat shifted attention toward more visceral threats such as "death threats against county clerks, polling-place violence, and AI-fueled disinformation," the protection of voting machine security is still a pressing concern.Securing electronic voting infrastructure...
Cybersecurity
Incident Detection & Investigation
Security Configuration Management
Exploring the Impact of NIST SP 800-53 on Federal IT Systems
Blog

Exploring the Impact of NIST SP 800-53 on Federal IT Systems

By David Henderson on Thu, 08/15/2024
NIST SP 800-53 is a framework developed by the National Institute of Standards and Technology (NIST) that provides guidelines and best practices for securing federal information systems and protecting the privacy of individuals whose information these systems handle.The Special Publication has gone by several different names. NIST initially released Special Publication 800-53 in 2005 under the...
Cybersecurity
Compliance
NIST
Updates and Evolution of the NIST Cybersecurity Framework: What’s New?
Blog

Updates and Evolution of the NIST Cybersecurity Framework: What’s New?

By Josh Breaker-Rolfe on Wed, 08/14/2024
The NIST Cybersecurity Framework (CSF), published by the US National Institute of Standards and Technology (NIST), is a widely used set of guidelines for mitigating organizational cybersecurity risks. It contains recommendations and standards to help organizations identify and detect cyberattacks and advice on how to respond, prevent, and recover from cybersecurity incidents.Since Version 1.0’s...
Cybersecurity
Compliance
NIST
Have You Heard About the New PCI 4.0 Section 1.2 Spec? Tripwire Makes Compliance Easy
Blog

Have You Heard About the New PCI 4.0 Section 1.2 Spec? Tripwire Makes Compliance Easy

By Michael Betti on Wed, 08/07/2024
If you’ve been keeping up with the Payment Card Industry Data Security Standard (PCI DSS), you’ll know it has a new specification that revolves around network security controls. Let’s dig into the details.A Little Back StoryIt helps to level-set for anyone who might be coming into this from a non-technical role. We all know PCI DSS (v4.0) is the payment card industry’s compliance standard for...
Compliance
PCI DSS
Navigating PCI DSS 4.0: Your Guide to Compliance Success
Blog

Navigating PCI DSS 4.0: Your Guide to Compliance Success

By Kirsten Doyle on Mon, 07/29/2024
The transition to PCI DSS 4.0 is here. The transition period from PCI DSS 3.2 ended on March 31, 2024, so businesses in all sectors must focus on aligning their practices with the new requirements.This blog will guide you through the key points discussed by PCI experts Steven Sletten and Jeff Hall in a recent webinar held by Fortra on "PCI 4.0 is Here: Your Guide to Navigating Compliance Success....
Compliance
PCI DSS
Low-Hanging Fruits Vs. Those at the Top of the Tree: Cybersecurity Edition
Blog

Low-Hanging Fruits Vs. Those at the Top of the Tree: Cybersecurity Edition

By Joe Pettit on Tue, 07/16/2024
Companies often go for high-end cybersecurity solutions because dealing with complex problems looks impressive. The appeal of fancy tech and advanced security challenges gives them a sense of achievement and a chance to show off their skills - and says they're serious about staying ahead of cyber crooks.However, this isn't always the best strategy. Many significant risks arise from simple...
Cybersecurity
Incident Detection & Investigation
IT Security Operations & Asset Discovery
Security Configuration Management
Addressing Client-Side Risks in PCI DSS 4.0
Blog

Addressing Client-Side Risks in PCI DSS 4.0

By Josh Davies on Mon, 07/15/2024
It seems like such a short time ago that the Security Standards Council released the newest version of the Payment Card Industry Data Security Standard (PCI DSS). It has been a full year, and version 4.0 is now in effect. Industries that adhere to the Standard were given the year to implement the new changes. The Standard includes limited exceptions for specific requirements, classifying them as...
Cybersecurity
Compliance
PCI DSS
On-Demand Webinar

PCI 4.0 is Here: Your Guide to Navigating Compliance Success

Mon, 06/03/2024
The transition period from PCI DSS 3.2.1 to 4.0 ended on March 31, 2024, a date toward which many organizations have dedicated countless hours of preparation. Looking back on that time, do you know where your compliance efforts stand now? Watch PCI experts Steven Sletten and Jeff Hall in this on-demand webinar PCI 4.0 is Here: Your Guide to Navigating Compliance Success to learn how to...
Compliance
PCI DSS
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While these cybersecurity frameworks aren’t mandatory...
Cybersecurity
Compliance
CIS Controls
NIST
Insider Threats Maintain a Rising Trend
Blog

Insider Threats Maintain a Rising Trend

By Katrina Thompson on Tue, 05/14/2024
“When the cat’s away, the mouse will play,” the old adage goes. Filings to anti-fraud non-profit Cifas would support that claim, as Insider Threat Database (ITD) reports rose by 14% this past year and are largely attributable to hard-to-monitor work-from-home employees mixed with “increasing financial pressures.” The report details further incidents...
Cybersecurity
Incident Detection & Investigation
Security Configuration Management
The Impact of NIST SP 800-171 on SMBs
Blog

The Impact of NIST SP 800-171 on SMBs

By Josh Breaker-Rolfe on Mon, 05/06/2024
From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated. National Institute...
Cybersecurity
Compliance
NIST
Enhancing Endpoint Security with Advanced Host-Based Intrusion Detection Capabilities
Blog

Enhancing Endpoint Security with Advanced Host-Based Intrusion Detection Capabilities

By Tripwire Guest Authors on Tue, 04/23/2024
In 2023, companies lost about $4.45 million on average because of data breaches. As cyber threats advance, securing endpoints is more important than ever. An advanced Host-based Intrusion Detection System (HIDS) provides a sturdy remedy to improve endpoint security. By monitoring and examining system responses and device status, HIDS identifies and...
Cybersecurity
Incident Detection & Investigation
Oops, Malware! Now What? Dealing with Accidental Malware Execution
Blog

Oops, Malware! Now What? Dealing with Accidental Malware Execution

By Dilki Rathnayake on Tue, 04/02/2024
On an ordinary day, you're casually surfing the web and downloading some PDF files. The document icons seem pretty legitimate, so you click without a second thought. But, to your surprise, nothing happens. A closer look reveals that what you believed to be a harmless PDF was, in fact, an executable file. Panic sets in as your settings lock up, and...
Cybersecurity
Incident Detection & Investigation
Datasheet

What Makes Fortra’s Tripwire Different

Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a profusion of vendors...
Vulnerability & Risk Management
Cybersecurity
Compliance
File Integrity & Change Monitoring
Incident Detection & Investigation
Industrial Control Systems
IT Security Operations & Asset Discovery
Managed Security Services
Security Configuration Management
Federated Learning for Cybersecurity: Collaborative Intelligence for Threat Detection
Blog

Federated Learning for Cybersecurity: Collaborative Intelligence for Threat Detection

By Tripwire Guest Authors on Mon, 03/18/2024
The demand for innovative threat detection and intelligence approaches is more pressing than ever. One such paradigm-shifting technology gaining prominence is Federated Learning (FL). This emerging concept harnesses the power of collaborative intelligence, allowing disparate entities to pool their insights without compromising sensitive data. A...
Cybersecurity
Incident Detection & Investigation
Businessman hand using antivirus symbol to block a cyber attack represented by symbols
Blog

The Importance of Host-Based Intrusion Detection Systems

By Steven Sletten on Wed, 03/13/2024
What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS, is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS’ job is to flag any unusual patterns of behavior that could signify a breach. By bringing this activity to the team’s attention,...
Cybersecurity
Incident Detection & Investigation
Security Configuration Management
PCI-DSS-Compliance-Meeting-the-Third-Party-Vendor-Requirements
Blog

PCI DSS Compliance - Meeting the Third-Party Vendor Requirements

By Tripwire Guest Authors on Tue, 02/20/2024
Today, almost every organization is engaged with a third-party vendor at some level when offering products or services. Take, for instance, an e-commerce business that may not be able to function properly unless multiple third-party integrations are involved, such as CRMs, payment gateways, live chat APIs, or a shipping gateway, to name a few....
Compliance
PCI DSS
Managing Financial Crime Risks in Digital Payments
Blog

Managing Financial Crime Risks in Digital Payments

By Chester Avey on Thu, 02/01/2024
The emergence of innovative Financial Technology (FinTech) has spearheaded rapid growth in the digital payments sector. In recent years, global payment revenues exceeded valuations of $2.2 trillion, with a steady Compound Annual Growth Rate (CAGR) expected in the next five years. There is no denying the convenience benefits that the digital...
Cybersecurity
Compliance
PCI DSS
Resolving Top Security Misconfigurations: What you need to know
Blog

Resolving Top Security Misconfigurations: What you need to know

By Jeff Moline on Mon, 01/22/2024
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. ...
Cybersecurity
Compliance
CIS Controls
NIST
Security Configuration Management