Being a cybersecurity professional means you’re regularly in charge of making complex decisions with real-world consequences, like choosing the right cybersecurity benchmarks, controls, frameworks, or best practices for your organization. Should you apply the CIS Controls, the NIST Cybersecurity Framework, or something else? Without overarching industry consensus, it can be...
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed.
In-The-Wild & Disclosed CVEs
CVE-2024-30040
Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object Linking...
The transition period from PCI DSS 3.2.1 to 4.0 ended on March 31, 2024, a date toward which many organizations have dedicated countless hours of preparation. Looking back on that time, do you know where your compliance efforts stand now?
Join PCI experts Steven Sletten and Jeff Hall for the live webinar PCI 4.0 Is Here: Your Guide to Navigating Compliance Success to learn how...
The number of endpoints in an organization often exceeds the number of employees. Managing these often disparate entities is more than a full-time job. Moreover, keeping them secure is equally difficult, yet securing all of your endpoints against cyber threats has become paramount for organizations worldwide. A common oversight that undermines these...
In today's digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations often don't use them to...
Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together.
As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...
Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a profusion of vendors...
The shifting sands of IT make the adage "you never know it all" ever more true as time goes by. I recall days when it felt like you could click through every major directory of Yahoo and know a little something about everything. I was a young man with a voracious reading appetite and an active imagination – both of which were thoroughly outpaced by the...
Configuration management is vitally important as part of a sound cybersecurity strategy. We have previously published how patching alone is not enough, as that does not alter a system’s customized configuration. Misconfigurations can be as damaging to security as a deliberate attack on a system. As the manufacturer of Tripwire Enterprise (TE), we...
Not all organizations have the internal resources necessary to manage their cybersecurity and compliance solutions in-house. This may seem like a roadblock to those who see the greater potential of their solutions and want to do more to reach their goals but cannot expand their technical teams due to the high demand for qualified candidates or budgetary limitations. However, the services available...
The National Cybersecurity Authority (NCA) is the government entity in charge of cybersecurity in Saudi Arabia, encompassing both regulatory and operational functions related to cybersecurity.
National Cybersecurity Authority Essential Cybersecurity Controls
The NCA works closely with public and private entities to improve the cybersecurity posture of the country in order to safeguard its vital...
The National Information Assurance (NIA) Policy provides organizations with the necessary cybersecurity foundation and the relevant tools to enable the implementation of a full-fledged Information Security Management System. Keeping sensitive data and assets safe is the goal of regulatory cybersecurity frameworks such as the NIA.
The NIA policy guides organizations in classifying the impact of...
Network engineers and security analysts have a lot in common. Both require the ability to not only understand the problems at hand but to ascertain the moments leading to them. A typical scenario would include a request to help with a problem a customer has been experiencing. The person you are trying to assist is probably a member of the IT team in the...
How many security products does it take to monitor an organization? Even a small company often finds itself working with multiple monitoring tools to gain visibility into its security posture. This creates multiple blind spots, as a security analyst needs to jump between different tools with different formats and configurations to research a security...
Here at The State of Security, we cover everything from breaking stories about new cyberthreats to step-by-step guides on passing your next compliance audit. But today we’d like to offer a straight-forward roundup of Fortra's Tripwire product suite. Get to know the basics of Tripwire’s core solutions for file integrity monitoring (FIM), security...
Fortra’s Tripwire NERC CIP Solution Suite is an advanced offering that augments Tripwire’s tools for meeting 23 of NERC CIP’s 44 requirements. The Tripwire NERC CIP Solution Suite allows you to achieve and maintain NERC CIP compliance with high efficacy and reduced effort. This suite includes continuous monitoring of cyber assets, automated assessment of security, and audit-ready evidence with...
Tripwire’s Energy and NERC Compliance Working Group virtual event offered some enlightening information, not only from industry experts but also some candid thoughts from current Tripwire customers. Even the most cogent summary of the keynote, as well as two of the sessions, simply cannot do proper justice to the knowledge that was shared during the...
Tripwire recently announced the release of Tripwire Enterprise (TE), version 9.0, Axon Agent 3.27, and TE Agent 9.0.0. While the full list of features may be viewed on our web site, as a product manager, I wanted to take some time to introduce some of the changes in this new release.
What’s new in Tripwire Enterprise 9.0?
The first significant change...
When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy the...
Recent advancements in the digital landscape have led to a new kind of paradigm, one where enterprise perimeters are no longer clearly defined or limited. The rapid uptake of remote working, cloud, and IoT led to these prominent shifts, resulting in users, applications, and data no longer residing exclusively within the perimeters of the enterprise....