Resources

Guide

Actionable Threat Intelligence: Automated IoC Matching with Tripwire

A key security challenge is finding and rooting out malware that has already become embedded on key assets. Organizations today have myriad threat intelligence sources to leverage. However, simply getting the intelligence into your organization is not enough.Unless you have a way to operationalize myriad threat intelligence sources to make it actionable and useful, threat intelligence just...
Guide

Insider Insights for the PCI DSS 4.0 Transition

Is your organization ready for the new PCI DSS 4.0 Standard? To help you make the journey easier and more straightforward, Fortra’s Tripwire gathered strategic implementation advice from top industry insiders.Get detailed guidance on overcoming the challenges posed by each of the PCI DSS 4.0 requirements. Hear from CISOs, cybersecurity analysts,...
Guide

Essential PCI DSS v4.0 Transition Checklist

The proliferation of online transactions isn’t the only reason the PCI Council created the new 4.0 standard. Recent years have also seen increasingly sophisticated methods among cybercriminals, a surge in cloud use, and the rise of contactless payments. This spurred the need for an updated set of PCI DSS requirements, which were released in March...
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While...
Guide

Sustaining SOX Compliance Best Practices to Mitigate Risk Automate Compliance and Reduce Costs

Achieving compliance with the Sarbanes-Oxley Act (SOX) can be a monumental effort. Maintaining those controls and audit reporting on an ongoing basis can be even more difficult. The SEC recommends automated controls for more efficient and effective compliance results.This white paper details the SOX requirements that are best addressed by automated controls using the COBIT framework in two core...
Guide

PCI DSS Resource Toolkit

Use this toolkit to gain a deeper understanding of where you stand with regards to your PCI DSS compliance program and the transition to PCI DSS 4.0. Establishing PCI DSS compliance goes beyond technical tools and processes: It also requires a shift in thinking about compliance as a cybersecurity process. Lean on advice from compliance experts to help you make consistent progress toward your goals...
Guide

5 File Integrity Monitoring (FIM) Myths and Misconceptions

File integrity monitoring (FIM) is the cybersecurity process that monitors and detects changes in your environment to alert you to threats and helps you remediate them. FIM was first introduced in 1997 when Gene Kim launched Tripwire and its “Change Audit” solution. Just a few years later, Change Audit became FIM, which worked with the 12 security controls identified in Visa’s Cardholder...
Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide covers the main...
Guide

The Value of True File Integrity Monitoring

File integrity monitoring (FIM, and often referred to as “change audit”) was around long before its early reference in the ever-evolving PCI standard. So, here we are years later… Where is FIM now? Is it still relevant or important? Does it really protect data and improve security? The answers, in order, are: FIM isn’t going away — in fact, it’s now part of almost every IT compliance regulation...
Guide

Beyond the Basics: Tripwire Enterprise Use Cases

Security, compliance, and IT operations leaders need a powerful and effective way to accurately identify security misconfigurations and indicators of compromise. Explore the many ways Tripwire Enterprise can protect your organization with superior security and continuous compliance.
Guide

Why Integrity Should Be Your Organizing Cybersecurity Principle

While integrity has been a common word in the cybersecurity lexicon for years, its meaning and use have been relatively limited. It may be time to reconsider its central role in security. The reality of always-connected networks, fluid data transfers across cloud and hybrid environments, and broadly deployed endpoints presents an opportunity to take a fresh look at integrity as an organizing...
Guide

What Is CPS 234 and Who Needs to Comply with It?

In November 2018, the Australian Prudential Regulation Authority (APRA) released the Prudential Standard CPS 234 in direct response to the escalating attack landscape in the financial sector. APRA has understood these threats to be the direct result of banking services moving to more complex and heavily used digital platforms. The new standard emerged as an offshoot to the Notifiable Data Breach ...
Guide

How Finance Companies Bank on Tripwire ExpertOps

Finance companies opt for managed services to stay compliant, bolster overburdened security teams, and get ongoing support in keeping their data safe from damaging breaches. The finance sector regularly finds itself on the front lines of emerging attack techniques; attackers commonly search for edge vulnerabilities and test new malware variations against financial systems. However, most breaches...
Guide

Threat Prevention is Foundational

How proper foundational controls help block today’s advanced threats
Guide

Security and Compliance for Remote Federal Workers

In response to the coronavirus ("COVID-19") pandemic, the Office of Management and Budget (OMB) made an unprecedented call for agencies to maximize telework flexibilities, resulting in 78 percent of the federal workforce working remotely. This abrupt and wide-scale shift to a remote work environment required agency security teams to adjust with little to no planning, placed a tremendous strain on...
Guide

PCI DSS and the CIS Controls

Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...