Resources

Blog

Security vs. Compliance: What's the Difference?

Security and compliance—a phrase often uttered in the same breath as if they are two sides of the same coin, two members of the same team, or two great tastes that go great together.The truth is, they can be. But it takes some effort.How can security and compliance teams work together to create a winning alliance, protect data, develop according to...
Guide

Actionable Threat Intelligence: Automated IoC Matching with Tripwire

A key security challenge is finding and rooting out malware that has already become embedded on key assets. Organizations today have myriad threat intelligence sources to leverage. However, simply getting the intelligence into your organization is not enough.Unless you have a way to operationalize myriad threat intelligence sources to make it actionable and useful, threat intelligence just...
Guide

5 File Integrity Monitoring (FIM) Myths and Misconceptions

File integrity monitoring (FIM) is the cybersecurity process that monitors and detects changes in your environment to alert you to threats and helps you remediate them. FIM was first introduced in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM, which worked with the 12 security controls identified in Visa’s Cardholder...
Guide

The Value of True File Integrity Monitoring

File integrity monitoring (FIM, and often referred to as “change audit”) was around long before its early reference in the ever-evolving PCI standard. So, here we are years later… Where is FIM now? Is it still relevant or important? Does it really protect data and improve security? The answers, in order, are: FIM isn’t going away — in fact, it’s now part of almost every IT compliance regulation...
Blog

Why File Integrity Monitoring (FIM) Is a Must for Compliance — And How to Pick the Right Solution

As Fortra’s new File Integrity Monitoring Buyer’s Guide states, “What was once a security control for simple file changes now ensures integrity across organizations’ entire systems.” The landscape has evolved significantly since Fortra’s Tripwire introduced file integrity monitoring (FIM) over twenty years ago.But that’s exactly why the industry is due for a new look at what makes a FIM solution...
Blog

What’s New in Tripwire Enterprise 9.3?

Protecting your organization from cyber threats and meeting compliance requirements is simpler than ever with the new Tripwire Enterprise 9.3 release, which includes the following enhancements: IPv6 Support IPv6-Only Support: Now fully compatible with environments that operate exclusively on IPv6. This is helpful to: U.S. Federal agencies that must adhere to OMB Memorandum M-21-07 Organizations...
Blog

Compliance Fatigue Is Real—And It’s Putting Cybersecurity at Risk

Adhering to the ever-tightening letter of the law is the cost of doing business these days, and for many companies caught in the crosshairs, that cost is getting too high.New research by Bridewell Consulting revealed that 44% of all financial services institutions in the UK listed compliance as the top cybersecurity challenge their organizations currently face. And it may be no surprise as many...
Blog

Information Security Risk Management (ISRM) Boosts Compliance by Undermining Configuration Drift

Compliance is a “ticket to entry” for businesses today, and information security risk management (ISRM) makes sure organizations hang on to their ticket. In this blog, we’ll review how ISRM helps organizations not only get compliant but stay compliant.And how Tripwire makes that process automatic.Compliance is a Core Cost of Doing Business TodayWithout adhering to industry-standard data privacy...
Blog

The 10 Most Common Website Security Attacks (and How to Protect Yourself)

The Verizon 2023 Data Breach Investigations Report made a startling revelation: Basic Web Application Attacks accounted for nearly one-fourth of the entire breach data set. Although not the most sophisticated threats, common web attacks like credential stuffing and SQL injection continue to wreak havoc on the cybersecurity landscape—just like phishing and emerging AI-based attacks—and for good...
Blog

Cybersecurity Can’t Wait: Modern Enterprises Must Adapt

Technology is evolving at a startling pace, perhaps faster than ever before. Businesses are scrambling to reap the rewards of these technologies, especially AI. But do they recognize the cybersecurity risks associated with these changes? The World Economic Forum’s latest Global Risks Report suggests not. Digital Era, Digital ThreatsWe are truly living in the digital age. This brings many benefits....
Blog

Tripwire Enterprise Critical Change Audit: March 2025 Updates

What is it?The Tripwire Enterprise Critical Change Audit rules provide customers with the ability to monitor for critical events that could have a significant impact on a system. Monitoring for critical events can help administrators identify malicious and/or unexpected changes within their environment.Changes To CCAAdditional rules were added to the Critical Change Audit rule set. These rules...
Blog

ICS Environments and Patch Management: What to Do If You Can’t Patch

The evolution of the cyber threat landscape highlights the need for organizations to strengthen their ability to identify, analyze, and evaluate cyber risks before they evolve into security incidents. Criminals often exploit known unpatched vulnerabilities to penetrate Industrial Control Systems (ICS) environments and disrupt critical operations. Although patch management seems like the obvious...
Blog

Enhancing Security Monitoring with Tripwire's Change Audit: New Rules for Firewalls, WFP, and Microsoft Store Applications

What is it?The Tripwire Enterprise Change Audit rules provide customers with the ability to monitor for change events that could have an impact on a system. Monitoring for change events can help administrators identify malicious and/or unexpected changes within their environment.Changes to CAAdditional rules were added to the Change Audit rule set. These rules provide customers the ability to...
Datasheet

Why Energy Utilities Can Count on Fortra’s Tripwire

As an energy industry professional, you understand the consequences of subpar protection and the need for reliable, iron-clad security controls. Evaluating new cybersecurity software to protect your energy environment shouldn’t involve guesswork, especially when you are trying to match capabilities to your particular needs. This datasheet provides a quick view of Tripwire’s energy solution. See...
Blog

Monitoring Applications vs. Operating Systems: Why It Matters

In today’s dynamic IT environments, securing and maintaining the integrity of your systems is critical. Fortra’s Tripwire Enterprise is a robust tool designed to help organizations ensure compliance and security by continuously monitoring the configuration and behavior of their IT assets.When deploying Tripwire, a common question arises: should you prioritize monitoring applications, operating...
Blog

Zero Trust Principles for Critical Infrastructure Security

The cyber threat to critical infrastructure has never been greater. The growing sophistication of cybercriminals, deteriorating geopolitical relations, and the convergence of operational technology (OT) and information technology (IT) have created unprecedented risks for critical infrastructure organizations. Fortunately, resources are available to help these organizations protect themselves.In...
Blog

Helping the Energy Sector Navigate NERC Complexities

The energy sector is the cornerstone of modern infrastructure, powering essential services and supporting the daily operations of economies worldwide. However, it also faces unique cybersecurity challenges, particularly in complying with the North American Electric Reliability Corporation's Critical Infrastructure Protection (NERC CIP) standards.Cyber threats keep growing in sophistication and...
Blog

Think You Know Tripwire? Think Again

Fortra’s Tripwire has always been widely known as a File Integrity Monitoring (FIM) solution, and a very good one at that. The good news is that it still is - only when you look closely, it’s a lot more. And it always has been.Besides its traditionally known role as an integrity and security configuration management tool, Tripwire’s powerful capabilities make it a comprehensive cybersecurity...