Resources

Root Cause Analysis for Deployment Failures
Blog

Root Cause Analysis for Deployment Failures

By Chris Hudson on Tue, 04/25/2023
Root Cause Analysis (RCA) is a technique used to identify the underlying reasons for a problem, with the aim of trying to prevent it from recurring in the future. It is often used in change management processes to help identify the source of any issues that arise following any modifications to a system or process. RCA is something Tripwire Enterprise...
Vulnerability & Risk Management
Incident Detection & Investigation
The K-12 Report: A Cybersecurity Assessment of the 2021-2022 School Year
Blog

The K-12 Report: A Cybersecurity Assessment of the 2021-2022 School Year

By Katrina Thompson on Mon, 04/24/2023
The K-12 Report breaks down the cyber risks faced by public schools across the country and is sponsored by the CIS (Center for Internet Security) and the MS-ISAC (Multi-State Information Sharing & Analysis Center). Published “to prepare K-12 leaders with the information to make informed decisions around cyber risk”, the report provides a data-driven...
Cybersecurity
Compliance
Guide

Getting in Control of Financial Services Cybersecurity Regulations

Organizations in the financial sector are all too aware that their industry continues to be one of the top targets for cyber criminals. Among financial services and insurance organizations, the leading cause of breaches is system intrusion. That’s why so many cybersecurity compliance regulations have sprung up to ensure systems are kept hardened against attack. This guide will cover the main...
Compliance
GDPR
PCI DSS
SOX
A Day in the Life of a SOC Team
Blog

A Day in the Life of a SOC Team

By Fortra Staff on Tue, 04/18/2023
This piece was originally published on Fortra’s AlertLogic.com Blog. Managed detection and response (MDR) would be nothing without a SOC (security operations center). They’re on the frontline of our clients’ defenses — a living, breathing layer of intelligence and protection to complement our automated cybersecurity features. These are the people who...
Cybersecurity
Incident Detection & Investigation
IT Security Operations & Asset Discovery
What Is Microsegmentation and 5 Compelling Security Use Cases
Blog

What Is Microsegmentation and 5 Compelling Security Use Cases

By Tripwire Guest Authors on Mon, 04/17/2023
What Is Microsegmentation? Microsegmentation is a security technique that partitions a network into small, isolated sections to reduce the attack surface and reduce an organizations risk. Each microsegment is typically defined by specific security policies, accessible only to authorized users and devices. Microsegmentation is often seen as a more...
Cybersecurity
Security Configuration Management
On-Demand Webinar

Insights for Navigating PCI-DSS 4.0 Milestones

With the PCI-DSS 4.0 implementation deadline looming just around the corner in 2024, financial companies have no time to waste when it comes to reaching key compliance milestones. Watch this on-demand webinar presented by Fortra’s Tripwire and BankInfoSecurity.com designed to help you get—and stay—on track for PCI 4.0 compliance. Hear from industry experts on preparing for PCI 4.0 using a simple...
Compliance
PCI DSS
CISA Publishes Advisory on Improving Network Monitoring and Hardening.
Blog

CISA Publishes Advisory on Improving Network Monitoring and Hardening

By Anastasios Arampatzis on Wed, 04/12/2023
CISA released in late February a cybersecurity advisory on the key findings from a recent Cybersecurity and Infrastructure Security Agency (CISA) red team assessment to provide organizations recommendations for improving their cyber posture. According to the Agency, the necessary actions to harden their environments include monitoring network activity...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
Tripwire VERT
Blog

VERT Threat Alert: April 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 04/11/2023
  Today’s VERT Alert addresses Microsoft’s April 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1050 on Wednesday, April 12th. In-The-Wild & Disclosed CVEs CVE-2023-28252 A vulnerability in the Common Log File System (CLFS) Driver has been exploited in-the-wild. CLFS provides a general...
Vulnerability & Risk Management
VERT Research
30-ransomware-prevention-tips-bw
Blog

30 Ransomware Prevention Tips

By Tripwire Guest Authors on Tue, 04/11/2023
Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. Ransomware also continues to evolve as a threat category within the past year, with old names like REvil rearing their heads and new players like Black Basta emerging in 2022. Malicious actors...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
Guide

PCI DSS 4.0 Compliance

Maintaining compliance is a difficult job—both in scope and in practical application. Organizations need to comply with a vast array of regulations, and the number is constantly increasing. Compliance is consistently tightening; businesses and financial institutions now have to learn and dive into the new Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements as the implementation...
Compliance
PCI DSS
Dont-fail-an-audit-over-a-neglected-annual-policy-review
Blog

Don’t fail an audit over a neglected annual policy review

By Tripwire Guest Authors on Mon, 03/20/2023
When did you last have a light-bulb moment? For me, it was very recent. I was working with a client, supporting them in their latest Payment Card Industry Data Security Standard (PCI DSS) annual compliance assessment, and, in discussion with the Qualified Security Assessor (QSA), I had a sudden urge to challenge something we’ve all, always, believed to...
Compliance
Tripwire VERT Security Update
Blog

VERT Threat Alert: March 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/14/2023
Today’s VERT Alert addresses Microsoft’s March 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1046 on Wednesday, March 15th. In-The-Wild & Disclosed CVEs CVE-2023-24880 Up first this month is a publicly disclosed and exploited vulnerability impacting Windows SmartScreen. SmartScreen...
Vulnerability & Risk Management
VERT Research
ISO27001 Updates: Change is afoot
Blog

ISO27001 Updates: Change is afoot

By Tripwire Guest Authors on Mon, 03/13/2023
If you blinked, you might have missed it… On October 25th 2022, the new standard for the Information Security Management System,  ISO27001 was released. Without fuss, and without fanfare. But, to quote a famous movie, “There was a great disturbance in the force.” ISO27001 is possibly one of the world's best-known standards for Information Security...
Compliance
The-Language-of-Cybersecurity-Frameworks-Guidance-Regulations-and-Standards
Blog

The Language of Cybersecurity Frameworks, Guidance, Regulations, and Standards

By Bob Covello on Wed, 02/15/2023
When it comes to acronyms, Technology and Cybersecurity often rival various branches of government.  Technology acronyms are usually somewhat bland, amounting to little more than the arcane argot of the profession, such as SOC, SIEM, and DNS.  Government, however, rarely disappoints in its inventiveness, whether it is the acronym of the Puppies...
Cybersecurity
Compliance
Tripwire VERT
Blog

VERT Threat Alert: February 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 02/14/2023
Today’s VERT Alert addresses Microsoft’s February 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1042 on Wednesday, February 15th. In-The-Wild & Disclosed CVEs CVE-2023-21823 The first vulnerability in the list this week is CVE-2023-21823, a vulnerability in Windows Graphic Component...
Vulnerability & Risk Management
VERT Research
Pylon and cables
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

By Anastasios Arampatzis on Wed, 02/01/2023
The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood. Reports by...
Compliance
NIST
Industrial Control Systems
Network Security Threats and Defenses: A 2023 Guide
Blog

Network Security Threats and Defenses: A 2023 Guide

By Tripwire Guest Authors on Mon, 01/30/2023
What Is Network Security? Network security is a broad field, encompassing various processes, policies, rules, standards, frameworks, software, and hardware solutions. Its primary goal is to protect a network and its data from various threats, including intrusions and breaches. A network security program typically utilizes a combination of access...
Cybersecurity
Security Configuration Management
The Heightened Importance of Cybersecurity in Mobile App Development
Blog

The Heightened Importance of Cybersecurity in Mobile App Development

By Tripwire Guest Authors on Thu, 01/12/2023
Mobile device use is pervasive, and has eclipsed traditional computing.  We often hear how various malicious mobile apps are released into circulation.  For these reasons, mobile app development needs to focus on cybersecurity just as much as it does on functionality and flexibility, if not more so. It’s an inevitable aspect of app development that must...
Cybersecurity
Security Configuration Management
Healthcare Supply Chain Attacks Raise Cyber Security Alarm
Blog

Healthcare Supply Chain Attacks Raise Cyber Security Alarm

Wed, 01/11/2023
  The healthcare sector has become a popular target for cybercriminals and is one of the most targeted industries by cyber criminals. In 2022, 324 attacks were reported in the first half of the year. As bad actors continue to target the healthcare industry, cybersecurity experts and healthcare administrators should be aware that attacks are frequently...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
Tripwire VERT Security Update
Blog

VERT Threat Alert: January 2023 Patch Tuesday Analysis

By Tyler Reguly on Tue, 01/10/2023
Today’s VERT Alert addresses Microsoft’s January 2023 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1037 on Wednesday, January 11th.  In-The-Wild & Disclosed CVEs CVE-2023-21549 A vulnerability in the SMB Witness Service was reported by two Akamai researchers, Stiv Kupchik and Ophir Harpaz....
Vulnerability & Risk Management
VERT Research