Case Study
Security and Compliance in Federal Agencies: 3 Tripwire Use Cases
Use Cases Ensuring compliance and minimizing Automating manual tasks and enhancing breach detection Monitoring critical assets in the public cloud Tripwire understands the security demands faced by federal government agencies. Security decision makers at these agencies aren’t only tasked with securing operations in a complex threat landscape—they also have to prove regulatory compliance at the...
Case Study
Tripwire and Astro Making Best Practices a Daily Show
Assessing and managing vulnerabilities is a core cybersecurity practice, but it can put a heavy strain on IT security and operations teams. In many cases, introducing vulnerability management as a service is what’s necessary to overcome the challenge of accumulating vulnerabilities across complex IT environments—especially when time and resources are limited.This was the case for one mid-size U.S....
Product Video
Enterprise Vulnerability Management in the Cloud
Mon, 08/15/2022
See how other organizations have simplified and automated compliance reporting processes, risk scoring and prioritized remediation efforts.
Product Video
Tripwire Foundational Controls: Essential Cybersecurity for the Modern Enterprise
Mon, 08/15/2022
In an increasingly sophisticated technology landscape, foundational controls keep you secure and compliant. Watch the video to see how Tripwire provides deep visibility and control across IT and OT environments.
window._wq = window._wq || [];
_wq.push({
id: "nuhj40sow5",
options: {
preload: "auto"
}
});
...
Product Video
Watch a Demo of Tripwire Enterprise
Mon, 08/15/2022
Compliance frameworks are notoriously dense and complex, making them difficult to put into action. Compliance is also time-consuming—especially if you’re still attempting manual configuration of your systems, applications, databases and cloud assets. Manual configuration is error-prone and immediately out of date the moment an assessment ends. And a lack of compliance can result in failing audits,...
Guide
Cybersecurity for Work-From-Home Tools
This guide covers the biggest challenges securing work-from-home tools and three actionable steps you can take to overcome them.
Blog
PCI 4.0: The wider meanings of the new Standard
By David Bruce on Wed, 07/06/2022
The new PCI DSS Standard, version 4.0, contains all the steps, best practices, and explanations required for full compliance. In fact, even an organization that does not process cardholder data could follow the PCI Standard to implement a robust cybersecurity program for any of its important data.
In our series about how the new standard differs...
Blog
What you need to know about PCI 4.0: Requirements 10, 11 and 12
By David Bruce on Wed, 06/29/2022
As we continue our review of the 12 Requirements of PCI DSS version 4.0, one has to stop and consider, is it possible to have a favorite section of a standard? After all, most guidance documents, as well as regulations are seen as tedious distractions from the importance of getting the job done. However, depending on a person’s position and function...
Blog
What you need to know about PCI 4.0: Requirements 5, 6, 7, 8 and 9
By David Bruce on Wed, 06/22/2022
In Part 1 of this series, we reviewed the first four sections of the new PCI standards. As we continue our examination of PCI DSS version 4.0, we will consider what organizations will need to do in order to successfully transition and satisfy this update.
Requirements 5 through 9 are organized under two categories:
Maintain a Vulnerability...
Blog
What you need to know about PCI 4.0: Requirements 1, 2, 3 and 4.
By David Bruce on Tue, 06/14/2022
The Payment Card Industry Security Standards Council has released its first update to their Data Security Standard (PCI DSS) since 2018. The new standard, version 4.0, is set to generally go into effect by 2024, but there are suggested updates that are not going to be required until a year after that. This, of course, creates a couple of problems...
Blog
PCI DSS 4.0 and ISO 27001 – the dynamic duo
By Guest Authors on Wed, 04/27/2022
It’s not often we can say this, but 2022 is shaping up to be an exciting time in information governance, especially for those interested in compliance and compliance frameworks.
We started the year in eager anticipation of the new version of the international standard for information security management systems, ISO 27001:2022, soon to be followed...
Blog
PCI DSS 4.0 is Here: What you Need to Consider
By David Bruce on Tue, 04/26/2022
The Payment Card Industry Data Security Standard (PCI DSS) is a benchmark with tenure in the industry, with the first version being introduced in 2004. The PCI DSS was unique when it was introduced because of its prescriptive nature and its focus on protecting cardholder data. Cybersecurity is a changing landscape, and prescriptive standards must be...
Blog
What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?
By Joe Pettit on Tue, 03/01/2022
Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities...
Blog
How to Fulfill Multiple Compliance Objectives Using the CIS Controls
By David Bisson on Tue, 01/18/2022
Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with the evolution of...
Blog
How Achieving Compliance with PCI DSS Can Help Meet GDPR Mandates
By Guest Authors on Sun, 11/14/2021
Data security and privacy are today a prime focus for most organizations globally. While there have been several regulations and standards introduced to improve data security, the evolving landscape makes it challenging for organizations to stay compliant. For many organizations, GDPR and PCI DSS are the first topics that come to mind when privacy...
Blog
What’s New in v8 of the CIS Controls
By David Bisson on Wed, 06/16/2021
Back in 2018, the State of Security spent a lot of time going over v7 of the Center for Internet Security’s Critical Security Controls (CIS Controls). We noted at the time how the Center for Internet Security shuffled the order of requirements for many of the existing controls in that version. It also cleaned up the language of the CIS Controls,...
Blog
Mind the GAAP: A Lens for Understanding the Importance of the CIS Controls
By Mitch Parker on Sun, 05/16/2021
Given that attacks are only increasing and there needs to be greater efficacy in how companies protect themselves, let us reference how the financial industry has created and relies on a body of standards to address issues in financial accounting as a defined comparison for Information Security.
To support this argument, there is a defined contrast...
Blog
How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls
By David Bisson on Sun, 04/11/2021
Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign.
The SolarWinds Supply Chain Attack
In mid-December 2020, the security...
Blog
PCI DSS 4.0 Is Coming – Are You Ready?
By Editorial Staff on Wed, 03/03/2021
Ransomware today is a billion-dollar industry. It’s crippled industries like healthcare. In 2017, for instance, WannaCry brought much of the United Kingdom’s National Health Service to its knees using the EternalBlue exploit. It was just a few weeks later when the NotPetya ransomware strain leveraged that same vulnerability to attack lots of...