Resources
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program. While these cybersecurity frameworks aren’t...
Cybersecurity
Compliance
CIS Controls
NIST
Guide

Staying Current With the Transportation Security Administration’s Oil and Gas Security Directives

Escalating cyberthreats in the oil and gas industry underscore the need for substantial collaboration between public and private sectors to mitigate this national security risk, and much of this responsibility falls on the shoulders of individual pipeline operators who need to comply with the Transportation Security Administration (TSA) Security Directive. Despite being best known for its role in...
Compliance
exploring-advanced-tripwire-enterprise-capabilities
Blog

Exploring Advanced Tripwire Enterprise Capabilities

By John Salmi on Fri, 04/05/2024
In today's digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations often don't use them to...
Cybersecurity
File Integrity & Change Monitoring
Security Configuration Management
Security vs. Compliance: What's the Difference
Blog

Security vs. Compliance: What's the Difference?

By Anthony Israel-Davis on Thu, 04/04/2024
Security and compliance – a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together. As much as I would like to see auditors, developers, and security analysts living in harmony like a delicious Reese’s cup, a recent gap analysis that I was part of...
Cybersecurity
Compliance
Guide

10 Common Security Misconfigurations and How to Fix Them

Is your organization using default security settings, or do you have a security configuration management (SCM) program in place to ensure your configurations are as secure as possible? Misconfigurations are a leading cause of unauthorized access and security breaches, creating entry points for hackers in servers, websites, software, and cloud infrastructure. The Open Worldwide Application...
Cybersecurity
Security Configuration Management
5-Tripwire-Enterprise-Misconfigurations-to-Avoid
Blog

5 Tripwire Enterprise Misconfigurations to Avoid

By Jeff Hines on Tue, 10/24/2023
Configuration management is vitally important as part of a sound cybersecurity strategy. We have previously published how patching alone is not enough, as that does not alter a system’s customized configuration. Misconfigurations can be as damaging to security as a deliberate attack on a system. As the manufacturer of Tripwire Enterprise (TE), we...
Security Configuration Management
Tripwire Enterprise: Five ‘Other’ Things You Should Know
Blog

Tripwire Enterprise: Five ‘Other’ Things You Should Know

By Faisal Parkar on Thu, 08/10/2023
Network engineers and security analysts have a lot in common. Both require the ability to not only understand the problems at hand but to ascertain the moments leading to them. A typical scenario would include a request to help with a problem a customer has been experiencing. The person you are trying to assist is probably a member of the IT team in the...
Cybersecurity
File Integrity & Change Monitoring
Security Configuration Management
Tripwire Enterprise: Reimagining a Winning Product
Blog

Tripwire Enterprise: Reimagining a Winning Product

By Jeff Moline on Thu, 07/27/2023
How many security products does it take to monitor an organization? Even a small company often finds itself working with multiple monitoring tools to gain visibility into its security posture. This creates multiple blind spots, as a security analyst needs to jump between different tools with different formats and configurations to research a security...
Cybersecurity
File Integrity & Change Monitoring
Security Configuration Management
Guide

Insider Insights for the PCI DSS 4.0 Transition

Is your organization ready for the new PCI DSS 4.0 Standard? If you’re already compliant with the most recent version of the Payment Card Industry Data Security Standard (PCI DSS), you’ve probably already begun transitioning to version 4.0 ahead of the upcoming deadline. To help you make the journey easier and more straightforward, Fortra’s Tripwire gathered strategic implementation advice from...
Compliance
PCI DSS
Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide will cover the main...
Compliance
GDPR
PCI DSS
SOX
Guide

PCI DSS 4.0 Compliance

Maintaining compliance is a difficult job—both in scope and in practical application. Organizations need to comply with a vast array of regulations, and the number is constantly increasing. Compliance is consistently tightening; businesses and financial institutions now have to learn and dive into the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements as the implementation...
Compliance
PCI DSS
Tripwire & Towerline: Easing the burden of the NERC CIP audit process
Blog

Tripwire & Towerline: Easing the burden of the NERC CIP audit process

By Tripwire Guest Authors on Tue, 12/20/2022
When we speak of necessary evils, some images readily spring to mind. A dental appointment, automobile insurance, and many others. In cybersecurity, audits fit this image quite well. There are many uncomfortable aspects of audits, including the need to maintain accurate records, as well as finding the time to perform all the work required to satisfy the...
Compliance
Highlights From the Tripwire Energy & NERC Compliance Working Group
Blog

Highlights From the Tripwire Energy & NERC Compliance Working Group

By Travis Emerson on Wed, 11/30/2022
Recently, Tripwire held its Energy and NERC Compliance Working Group virtual event. Tripwire has customers spanning the entire energy industry, including small, medium, and large city municipals, cooperatives, and investor-owned utilities and energy companies. The information shared in these sessions offered valuable insights for both very mature...
Security Configuration Management
Integrity Monitoring Use Cases: Compliance
Blog

Security Configuration Management Use Cases: Policy Monitoring for Security

By David Bruce on Wed, 11/23/2022
In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations such as NIST, ISACA, ISO...
Vulnerability & Risk Management
Compliance
Security Configuration Management
Developing an Effective Change Management Program
Blog

Developing an Effective Change Management Program

By John Salmi on Tue, 11/08/2022
Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized?  The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing a task consisted of a...
Vulnerability & Risk Management
Cybersecurity
Security Configuration Management
Integrity Monitoring Use Cases: Compliance
Blog

Integrity Monitoring Use Cases: Compliance

By David Bruce on Wed, 10/19/2022
What is File Integrity Monitoring? The IT ecosystems of enterprises are highly dynamic. Typically, organizations react to this volatility by investing in asset discovery and Security Configuration Management (SCM). These core controls enable businesses to compile an inventory of authorized devices and monitor the configurations of those assets. In...
Compliance
PCI DSS
File Integrity & Change Monitoring
Guide

Beyond the Basics: Tripwire Enterprise Use Cases

Security, compliance, and IT operations leaders need a powerful and effective way to accurately identify security misconfigurations and indicators of compromise. Explore the many ways Tripwire Enterprise can protect your organization with superior security and continuous compliance.
Compliance
File Integrity & Change Monitoring
Security Configuration Management
Guide

Threat Prevention is Foundational

How proper foundational controls help block today’s advanced threats
Cybersecurity
File Integrity & Change Monitoring
Security Configuration Management
Guide

How to Achieve Compliance with the NIS Directive

Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives. For example, such systems are...
Compliance
Guide

9 Steps for Maturing Beyond Checkbox Compliance

A common mistake many organizations make is approaching cybersecurity as a series of actions taken in order to check the right compliance boxes. If this sounds familiar, it’s likely that you’ve witnessed something similar to the cycle of crisis-driven audit preparation, a suspenseful audit, remediating based on those findings, and waiting until the next hurried audit preparation phase returns. ...
Compliance