Resources

Live Webinar
The Center for Internet Security (CIS) Critical Security Controls (CSC) are a trusted source of truth in the cybersecurity community. Many organizations implement the CIS CSC framework to ensure their cybersecurity programs are functioning at peak effectiveness. The latest iteration, CIS CSC v8.1, was released earlier this year. Join Matthew Jerzewski, Cybersecurity Researcher...
Blog

Why Security Configuration Management (SCM) Matters

Security configuration management (SCM) is all about making sure your security systems do what you think they’re doing.In tennis, there is something called an unforced error. This is when a player loses points for a mistake they made themselves, not due to the skill of the other opponent. In a big way, security misconfigurations are those unforced errors on the security side or instances in which...
Blog

Preventing Breaches Using Indicators of Compromise

The story of cybersecurity involves bad actors and security professionals constantly trying to thwart each other, often using newer and more advanced measures in an attempt to outdo each other. In recent years, especially, cybercriminals have evolved to include sophisticated technology and advanced tactics in their attacks. With the increasing popularity of tools and practices like artificial...
Blog

The Importance of Layered Cybersecurity Solutions

The threat of cyberattacks is at an all-time high. In fact, research shows that worldwide cybercrime costs are anticipated to reach $10.5 trillion annually by 2025. Cybercriminals threaten all, as 43% of cyberattacks target small enterprises. The rise of these threats underscores the importance of a robust cyber defense strategy, and one key way to do that is through layered cybersecurity...
Blog

Gaining Network Transparency with Asset Discovery and Compliance for IT/OT

I recently came across the "Johari Window Model" and thought this would be a good way to gain inspiration to explain the conundrum faced by many cybersecurity customers. The table below shows us the breakdown of the stages that are applicable not just to IT and OT environments but also to other facets of our daily lives. This model can be applied...
Blog

Integrity and FIM: It’s More than Just Data Security

Integrity is a vital component of any cybersecurity policy, making up one-third of the CIA Triad. However, until recently, the industry has had a limited understanding of the term, using it primarily in the context of data security. Integrity means so much more than this principle alone: it impacts every facet of an information system and can drive an organization's entire security program. ...
On-Demand Webinar

PCI 4.0 is Here: Your Guide to Navigating Compliance Success

The transition period from PCI DSS 3.2.1 to 4.0 ended on March 31, 2024, a date toward which many organizations have dedicated countless hours of preparation. Looking back on that time, do you know where your compliance efforts stand now? Watch PCI experts Steven Sletten and Jeff Hall in this on-demand webinar PCI 4.0 is Here: Your Guide to Navigating Compliance Success to learn how to...
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While these cybersecurity frameworks aren’t mandatory...
Guide

Staying Current With the Transportation Security Administration’s Oil and Gas Security Directives

Escalating cyberthreats in the oil and gas industry underscore the need for substantial collaboration between public and private sectors to mitigate this national security risk, and much of this responsibility falls on the shoulders of individual pipeline operators who need to comply with the Transportation Security Administration (TSA) Security Directive.Despite being best known for its role in...
On-Demand Webinar

Breaking Compliance Into Bite-Sized Portions

Which standards and regulations do you need to comply with? Most organizations have to prove compliance with multiple standards simultaneously to keep their systems secure and avoid audit fines. But it can be difficult to keep up with changing regulations, achieve continuous compliance, or even know where to start.This on-demand webinar presented by Fortra's Tripwire is designed to equip you with...
Blog

Exploring Advanced Tripwire Enterprise Capabilities

In today's digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations often don't use them...
Blog

Security vs. Compliance: What's the Difference?

Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...
Datasheet

What Makes Fortra’s Tripwire Different

Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a profusion of vendors...
On-Demand Webinar

Digging Deeper: Discover Advanced Tripwire Enterprise Capabilities

Most people know Fortra’s Tripwire Enterprise for its essential file integrity monitoring and security configuration management capabilities. But what about the more advanced use cases, like dealing with zero-day vulnerabilities or isolating specific systems when they contain a critical risk? Watch the on-demand webinar presented by Forta’s Tripwire to find out more about these unique use cases...
Blog

Know Thyself and Thy Network

The shifting sands of IT make the adage "you never know it all" ever more true as time goes by. I recall days when it felt like you could click through every major directory of Yahoo and know a little something about everything. I was a young man with a voracious reading appetite and an active imagination – both of which were thoroughly outpaced by...
On-Demand Webinar

Top Security Misconfigurations to Watch Out For

Misconfigurations continue to be a leading cause of cybersecurity breaches. Luckily, you can prevent and correct them with the right knowledge and tools on your side. The National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) recently released a joint cybersecurity advisory (CSA) sharing the most common misconfigurations observed by their Red and Blue team...
Guide

What Cybersecurity Pros Think of Zero Trust Today

Zero trust isn’t a new model, but its influence on the cybersecurity industry has strengthened over time since 1994. Zero trust became especially top-of-mind a few years ago when remote work and cloud services took off, prompting organizational leaders to rethink the way they enforced cybersecurity controls in an increasingly perimeter-less world. Is zero trust just another cybersecurity buzzword...
Guide

10 Common Security Misconfigurations and How to Fix Them

Is your organization using default security settings, or do you have a security configuration management (SCM) program in place to ensure your configurations are as secure as possible? Misconfigurations are a leading cause of unauthorized access and security breaches, creating entry points for hackers in servers, websites, software, and cloud infrastructure. The Open Worldwide Application...
On-Demand Webinar

Best Practices for the PCI DSS 4.0 Countdown

The deadline for compliance with the Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements isn’t until March 31, 2024, but organizations that allow those remaining months to fly by without adequate preparation may face last-minute PCI panic. The best approach is to steadily reach key milestones so you’ll be fully prepared when the deadline arrives. Watch the on-demand webinar...
Datasheet

NCA Compliance with Fortra

The National Cybersecurity Authority (NCA) is the government entity in charge of cybersecurity in Saudi Arabia, encompassing both regulatory and operational functions related to cybersecurity. National Cybersecurity Authority Essential Cybersecurity Controls The NCA works closely with public and private entities to improve the cybersecurity posture of the country in order to safeguard its vital...