A vulnerability management program should provide a series of metrics that outline the vulnerability risk to the organization and how the risk posture is trending. In addition to this, reports should be provided which show system owners which vulnerabilities pose the greatest risk to the organization and how to remediate them. This report outlines recommendations for...

Return on investment on IT security infrastructure purchases (solutions and products) has traditionally been hard to quantify. However, there are some compelling aspects of securing an organization’s infrastructure that can be identified and quantified. This discipline will continue to evolve as organizations focus on managing and balancing their security expenses and strive to...

Vulnerability and Risk Analysis Measuring and managing the security risk associated with information and information technology remains one of the most challenging and debated problems faced by all levels of an organization. While scoring standards designed to assist with solving this problem have been developed over the past decade, a select few have accomplished this and...

There’s not enough time in the day to investigate every system change and remediate every vulnerability. Ever-evolving capabilities of cyber adversaries—coupled with the dynamic nature of corporate networks— makes security prioritization increasingly difficult. With Tripwire® Enterprise and Tripwire IP360™ managed service offerings, you can minimize the amount of time you spend...

When should your security strategy include agent-based monitoring? It can be difficult to discern when and how to incorporate agents into your vulnerability management processes. There are several instances in which agent-based monitoring offers superior support and protection across your networks. But that doesn’t mean you need to opt for a 100 percent agent-based approach,...

Federal security managers expect that most federally run systems are actively engaging with FISMA compliance for protecting federal data and systems. However, as we all know, federal information does not remain only in federally operated systems. Data and IT systems connect via the Internet and other networks for business, operations and research. Information about citizens,...

Overview There is mounting concern at the senior executive and board level regarding cybersecurity, driven by highly visible advanced targeted attacks. These attacks threaten precious IP, valuable customer information, company valuation and trade secrets. To truly protect valuable resources, organizations have to accept the nature of modern networked environments and devices,...

Tripwire® Asset Discovery Appliance discovers all networked hosts, applications and services. By providing a comprehensive view of devices and software on your network, you gain the foundation for effective security configuration management and compliance processes. Only this appliance provides low bandwidth, non-intrusive host and network profiling for use with Tripwire...

The cybersecurity skills gap can leave many organizations without adequate staffing for the operation of their security tools. High turnover rates can also cause an organization to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies...

The cybersecurity skills gap leaves Federal agencies without adequate staffing for the operation of their security tools. High turnover rates can also cause agencies to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new,...

There isn’t an industry that hasn’t been affected by cyber threats, and the broadcast industry is no exception. In April 2015, France’s TV5Monde was attacked, resulting in eleven of its channels going dark and its social media outlets commandeered to display pro-Islamic State messages. This was preceded by an attack on WBOC in Salisbury, Maryland, where their Twitter account...

Managed service providers (MSPs) can gain a competitive advantage by bolstering their service packages with managed cybersecurity controls to make their service capabilities more robust. The current technology landscape necessitates that end-users can access services on a more flexible basis and deploy licenses on-demand. That’s why leading MSPs and managed security service...

The value of electronic health record (EHR) systems is immense. These digital records are designed to be available anytime and anywhere, connecting healthcare providers with patient data. EHRs are a central repository of patient medical histories, medications, diagnoses, immunization dates, allergies, lab results and radiology images. With access to this accurate patient...

Many organizations face the challenging threat environment by strategically choosing a security controls framework as a reference for initiating, implementing, measuring, and evaluating their security posture, as well as managing risk. While many frameworks are available, one of the most notable and commonly used is the Center for Internet Security’s CIS Controls. This well...

It’s not enough to cast a wide cybersecurity net and hope you catch the adversaries trying to compromise your data. Instead, you need to narrow your focus to make your efforts truly impactful. But which of the countless potential cybersecurity attacks out there should you choose to prioritize? MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework and...