Resources

Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Guide

Implementing Cloud Security Best Practices

Cybersecurity professionals the world over share common cloud security concerns like risk management, configuration security, and cloud compliance. As organizations expand further into the cloud, there continues to be an influx of simple mistakes that can expose organizations to significant security, privacy, and regulatory risks. Tripwire partnered with Dimensional Research to understand what...
Guide

Getting Up to Speed on GDPR

Search online for the phrase “data is the new oil” and you’ll see it’s used by (and attributed to) many people. Data is a precious and highly valuable commodity. Data is the fuel pumping through today’s digital business, powering communications and commerce. Organizations the world over are mining data to turn raw information into real insight—to drive sales and grow their business. ...
Guide

Governance, Risk, and Compliance

Governance, Risk & Compliance, or Generating Real Capability! How do we use GRC as a business enabler, and focus on the benefits it brings?
Guide

Solid Foundations for Cloud Security: Houses Built on Sand or Rock

Moving mission critical applications to the cloud provides a whole host of benefits but it also means trusting cloud providers with key aspects of security and compliance. This paper provides tools you can use to evaluate the security and compliance offerings of cloud computing partners. It also describes how Tripwire’s solutions can be used to build and deploy a rock-solid security foundation...
Guide

Executing an Efficient Cloud Security Strategy

How do organizations execute an efficient cloud security strategy and find the right cloud security tools? Tripwire asked a range of cloud security experts to share their thoughts on some of the key challenges regarding secure cloud storage and cloud computing security.
Guide

18 Expert Tips for Effective and Secure Cloud Migration

Organizations are increasingly migrating to the cloud to process their IT resources. Gartner predicts that cloud data centers will process 92 percent of workloads by 20201, while Cisco forecasts cloud workloads to increase 3.2x in that span of time2. Under the Shared Responsibility Model, migrating organizations need to ensure security in the cloud by taking adequate measures to protect their...
Guide

Cloud Control Buyer's Guide

Introduction The world of IT is moving to the cloud for flexibility, on-demand computing resources, and speed just to name a few benefits. Market data varies but estimates of cloud usage show that in the range of 20–25% of overall compute workloads are operating in public cloud environments today, with that expected to grow to 50% over the next 5–10 years. However, most organizations haven’t...
Guide

Cloud Article Anthology, vol. 1

Security leaders charged with reducing their organizations’ cloud attack surfaces have to stay continually up-to-date in a security landscape that changes in the blink of an eye. This anthology of insights from some of Tripwire’s leading cloud experts will help you understand how to prioritize and tackle your cloud security imperatives. Download your copy now to learn: Eight cloud security...
Guide

Adjusting to the Reality of Risk Management Framework

The Risk Management Framework (RMF) is an approach to systems security management that adjusts security controls based on risk factors. The practice involves a continuous cycle of identifying new threats, choosing effective controls, measuring their effectiveness and improving system security. Federal entities need to understand and utilize RMF as...
Guide

Building a Mature Vulnerability Management Program

A successful vulnerability management program requires more than the right technology. It requires dedicated people and mature processes. When done properly, the result can be a continuously improving risk management system for your organization. This white paper was written by CISSP-certified Tripwire system engineers with extensive experience in implementation of vulnerability management...
Datasheet

Tripwire Vulnerability Risk Metrics

A vulnerability management program should provide a series of metrics that outline the vulnerability risk to the organization and how the risk posture is trending. In addition to this, reports should be provided which show system owners which vulnerabilities pose the greatest risk to the organization and how to remediate them. This report outlines recommendations for vulnerability management...
Guide

The Five Stages of Vulnerability Management Maturity

One key element of an effective information security program within your organization is having a good vulnerability management (VM) program, as it can identify critical risks. Most, if not all, regulatory policies require a VM program, and information security frameworks advise implementing VM as one of first things an organization should do when building their information security program. ...
Datasheet

Calculating the ROI of a Vulnerability Management Program

Return on investment on IT security infrastructure purchases (solutions and products) has traditionally been hard to quantify. However, there are some compelling aspects of securing an organization’s infrastructure that can be identified and quantified. This discipline will continue to evolve as organizations focus on managing and balancing their security expenses and strive to control the...
Datasheet

Tripwire Vulnerability Scoring System

Vulnerability and Risk Analysis Measuring and managing the security risk associated with information and information technology remains one of the most challenging and debated problems faced by all levels of an organization. While scoring standards designed to assist with solving this problem have been developed over the past decade, a select few have accomplished this and those that have are...
Datasheet

Tripwire Vulnerability Intelligence

There’s not enough time in the day to investigate every system change and remediate every vulnerability. Ever-evolving capabilities of cyber adversaries—coupled with the dynamic nature of corporate networks— makes security prioritization increasingly difficult. With Tripwire® Enterprise and Tripwire IP360™ managed service offerings, you can minimize the amount of time you spend addressing high...
Datasheet

Tripwire IP360 Agent-Based Vulnerability Management

When should your security strategy include agent-based monitoring? It can be difficult to discern when and how to incorporate agents into your vulnerability management processes. There are several instances in which agent-based monitoring offers superior support and protection across your networks. But that doesn’t mean you need to opt for a 100 percent agent-based approach, either. There are...
Datasheet

Tripwire Cloud Deployment Services

Cloud computing has transformed business and government at an extraordinary pace by delivering business-supporting technology more efficiently than ever. The cloud has changed the way IT thinks about how to design and deliver computing technology applications and, according to Gartner, by 2015 10% of enterprise IT security will be delivered in the cloud. What if enterprises could improve IT...
Datasheet

Tripwire Asset Discovery Appliance

Tripwire® Asset Discovery Appliance discovers all networked hosts, applications and services. By providing a comprehensive view of devices and software on your network, you gain the foundation for effective security configuration management and compliance processes. Only this appliance provides low bandwidth, non-intrusive host and network profiling for use with Tripwire Enterprise. Tripwire...