Resources

Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity
Blog
Blog

Guarding the Grid: Navigating the Current and Future Landscape of Utility Cybersecurity

By Travis Emerson on Mon, 11/27/2023
Tripwire recently held its annual Energy and NERC Compliance Working Group. This year's attendees included more than 200 Tripwire customer utility personnel representing over 80 different registered entities from all across the US and Canada. The company sizes ranged from public utility districts and city municipalities to medium and larger-sized investor-owned utilities, including many of the...
Vulnerability & Risk Management
Cybersecurity
Compliance
NERC CIP
NIST NCCoE Publishes Cybersecurity Framework Profile for Hybrid Satellite Networks
Blog
Blog

NIST NCCoE Publishes Cybersecurity Framework Profile for Hybrid Satellite Networks

By Josh Breaker-Rolfe on Mon, 11/27/2023
In late September 2023, the US-based National Institute of Standards and Technology ( NIST ) published its Cybersecurity Framework Profile for Hybrid Satellite Networks, otherwise known as NIST IR 8441. This blog will explore the reasons behind NIST developing the framework, outline its intentions, and summarize its key points. What is a Hybrid Satellite Network? To understand IR 8441, we must...
Cybersecurity
Compliance
SMB Protocol Explained: Understanding its Security Risks and Best Practices
Blog
Blog

SMB Protocol Explained: Understanding its Security Risks and Best Practices

By Dilki Rathnayake on Tue, 11/21/2023
Server Message Block (SMB) protocol is a communication protocol that allows users to communicate with remote servers and computers, which they can open, share, edit files, and even share and utilize resources. With the expansion of telecommunications, this protocol has been a prime target for threat actors to gain unauthorized access to sensitive data and devices. In 2017, we introduced 5 general...
Cybersecurity
Security Configuration Management
Secure Access Control in 2024: 6 Trends to Watch Out For
Blog
Blog

Secure Access Control in 2024: 6 Trends to Watch Out For

By Gilad David Maayan on Wed, 11/15/2023
What Is Secure Access Control? Secure access control, part of the broader field of user management , is a key concept in the realm of information security, particularly in the business environment. It refers to the process of selectively restricting and allowing access to a place or resource. In the context of information technology, it is a vital element of data protection, dictating who or what...
Cybersecurity
Security Configuration Management
Financial Institutions in New York Face Stricter Cybersecurity Rules
Blog
Blog

Financial Institutions in New York Face Stricter Cybersecurity Rules

By Katrina Thompson on Wed, 11/15/2023
Boards of directors need to maintain an appropriate level of cyber expertise, incidents must be reported within 72 hours after determination, and all ransom payments made must be reported within a day. Those are just some of the changes made by The New York State Department of Financial Services to its Cybersecurity Requirements for Financial Services (23 NYCRR 500) , effective November 1, 2023...
Cybersecurity
Compliance
Some Financial Institutions Must Report Breaches in 30 Days
Blog
Blog

Some Financial Institutions Must Report Breaches in 30 Days

By Katrina Thompson on Wed, 11/08/2023
The heat has just been turned up for companies hoping to “hide out” a data breach. Announced October 27th, all non-banking financial institutions are now required to report data breach incidents within 30 days. The amendment to the Safeguards Rule was made by the U.S. Federal Trade Commission (FTC). It will go into effect 180 days after publication of the law in the Federal Register, or around...
Cybersecurity
Compliance
Guide
Guide

10 Common Security Misconfigurations and How to Fix Them

Is your organization using default security settings, or do you have a security configuration management (SCM) program in place to ensure your configurations are as secure as possible? Misconfigurations are a leading cause of unauthorized access and security breaches, creating entry points for hackers in servers, websites, software, and cloud infrastructure. The Open Worldwide Application Security...
Cybersecurity
Security Configuration Management
5-Tripwire-Enterprise-Misconfigurations-to-Avoid
Blog
Blog

5 Tripwire Enterprise Misconfigurations to Avoid

By Jeff Hines on Tue, 10/24/2023
Configuration management is vitally important as part of a sound cybersecurity strategy. We have previously published how patching alone is not enough, as that does not alter a system’s customized configuration. Misconfigurations can be as damaging to security as a deliberate attack on a system. As the manufacturer of Tripwire Enterprise (TE) , we thought that it would be prudent to help our...
Security Configuration Management
Plastic surgeries warned by the FBI that they are being targeted by cybercriminals
Blog
Blog

Plastic surgeries warned by the FBI that they are being targeted by cybercriminals

By Graham Cluley on Wed, 10/18/2023
Plastic surgeries across the United States have been issued a warning that they are being targeted by cybercriminals in plots designed to steal sensitive data including patients' medical records and photographs that will be later used for extortion. The warning , which was issued by the FBI yesterday and is directed towards plastic surgery offices and patients, advises that extortionists have been...
Cybersecurity
Compliance
HIPAA
What is a CMDB?
Blog
Blog

What is a CMDB?

By Lane Thames on Tue, 10/17/2023
There are countless tools and technologies available to help an organization stay on top of its IT assets, and a configuration management database (CMDB) is an extremely useful one. The database keeps track of relevant information regarding various hardware and software components and the relationships between them. It allows IT teams to have an organized view of configuration items (CIs) that can...
Security Configuration Management
Compliance vs. Security: Striking the Right Balance in Cybersecurity
Blog
Blog

Compliance vs. Security: Striking the Right Balance in Cybersecurity

By Jay Thakkar on Mon, 10/09/2023
Compliance and security often go hand in hand as ideas that attempt to protect against cyber threats. While both compliance and security are designed to lower risk, they are not mutually inclusive—that is, not everything that is required for compliance will necessarily help with security, and not everything that bolsters security will necessarily put you in compliance. Both are vital to...
Cybersecurity
Compliance
Security Configuration Management
cogs
Blog
Blog

Revealed! The top 10 cybersecurity misconfigurations, as determined by CISA and the NSA

By Graham Cluley on Fri, 10/06/2023
A joint cybersecurity advisory from the United States's National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) has shone a light on the top ten most common cybersecurity misconfigurations found in large private and public organisations. The report aims to detail the weaknesses found in many large organisations, and the need for software makers to properly...
Cybersecurity
Security Configuration Management
How MSSPs Help with Cybersecurity Compliance
Blog
Blog

How MSSPs Help with Cybersecurity Compliance

By Zack Jessee on Wed, 10/04/2023
While always a part of business, compliance demands have skyrocketed as the digital world gives us so many more ways to go awry. We all remember the Enron scandal that precipitated the Sarbanes-Oxley Act (SOX). Now, SOX compliance means being above board on a number of cybersecurity requirements as well. Fortra's Tripwire recently released a new guide: How Managed Services Can Help with...
Cybersecurity
Compliance
Managed Security Services
What is NERC? Everything you need to know
Blog
Blog

What is NERC? Everything you need to know

By Michael Betti on Tue, 10/03/2023
Electric grids are part of every nation’s critical infrastructure. Every societal activity and business depends on reliable and safe electricity distribution. The US electric grid is a huge network of powerlines, distribution hubs, and renewable and non-renewable energy generators that is increasingly exposed to cyber-physical risks due to the accelerated reliance on cyber-enabled systems and IoT...
Compliance
NERC CIP
Industrial Control Systems
On-Demand Webinar
On-Demand Webinar

Best Practices for the PCI DSS 4.0 Countdown

Wed, 09/27/2023
The deadline for compliance with the Payment Card Industry Data Security Standard (PCI DSS) 4.0 requirements isn’t until March 31, 2024, but organizations that allow those remaining months to fly by without adequate preparation may face last-minute PCI panic. The best approach is to steadily reach key milestones so you’ll be fully prepared when the deadline arrives. Watch the on-demand webinar...
Compliance
PCI DSS
Closing Integrity Gaps with NIST CSF
Blog
Blog

Closing Integrity Gaps with NIST CSF

By Lane Thames on Wed, 09/27/2023
The then-new 2014 NIST Cybersecurity Framework (CSF) was designed to plug security gaps in operational technology. It’s still in use today and more relevant than ever. Fortra’s whitepaper provides a cohesive review of this security staple and how to glean the best out of it for your strategy. A Brief History of NIST CSF “The full maximum NIST Cybersecurity Framework is about as big an umbrella as...
Cybersecurity
Compliance
NIST
Increasing Your Business’ Cyber Maturity with Fortra
Blog
Blog

Increasing Your Business’ Cyber Maturity with Fortra

By Antonio Sanchez on Wed, 09/20/2023
When building a tower, it helps to start with a sturdy foundation. Cyber maturity is the tower, and there are three levels that build it: Foundational IT/OT & Security Control Processes Fundamental Security Control Capabilities Advanced Security Control Capabilities Fortra occupies a unique space in the industry because of the sheer size of the security portfolio. It’s one thing to advocate for...
Vulnerability & Risk Management
Cybersecurity
Compliance
Managed Security Services
Security Configuration Management
General Data Protection Regulation (GDPR) – The Story So Far
Blog
Blog

General Data Protection Regulation (GDPR) – The Story So Far

By Gary Hibberd on Tue, 09/19/2023
Do you remember where you were on 25th May 2018? Perhaps you were enjoying a Friday night drink with friends. Perhaps you were with family, relaxing after a busy week at work. I was actually having a GDPR Birthday party with friends and colleagues because 25th May 2018 was a landmark day for the world of Data Protection (yes, seriously, we had a party!). But the funny thing about the effective...
Compliance
GDPR
The Consequences of Non-Compliance in Cybersecurity: Risks and Penalties
Blog
Blog

The Consequences of Non-Compliance in Cybersecurity: Risks and Penalties

By Stefanie Shank on Tue, 09/19/2023
Non-compliance in cybersecurity marks a grave oversight. It involves neglecting established security protocols, leaving organizations vulnerable to malicious actors. Read on as we examine the potential risks of non-compliance, including heightened susceptibility to cyberattacks, the specter of data breaches, and the erosion of a company's hard-earned reputation. Risks of Non-Compliance Non...
Cybersecurity
Compliance
5-Reasons-Why-You-Should-Conduct-Regular-Cybersecurity-Audits
Blog
Blog

5 Reasons Why You Should Conduct Regular Cybersecurity Audits

By Chester Avey on Wed, 09/13/2023
Cyber threats are growing more sophisticated, covert, and frequent every day. This year alone has seen the likes of T-Mobile and PharMerica suffering serious security breaches. These incidents disrupted operations and threatened their bottom lines, not to mention the lingering aftereffects and negative brand perception in the eyes of their customers. Taking the recent Optus data security breach as...
Cybersecurity
Compliance
Security Configuration Management