Resources

a plug in a plug socket
Blog

EU Is Tightening Cybersecurity for Energy Providers

By Josh Breaker-Rolfe on Wed, 05/29/2024
The energy sector is having a tumultuous decade. During the COVID pandemic, the price of oil plummeted. In 2021, a ransomware attack forced one of the US’s most significant oil pipelines to cease operations for five days, causing a state of emergency in seventeen states. Putin’s war in Ukraine has disrupted natural gas supplies across Europe. And now, it seems, it is the electricity providers’...
Cybersecurity
Industrial Control Systems
measuring-the-effectiveness-of-file-integrity-monitoring-tools
Blog

Measuring the Effectiveness of File Integrity Monitoring Tools

By Mark Conway on Tue, 05/28/2024
A security incident can be the result of a single unauthorised change. A few may say, 'one change is inconsequential, don't sweat the small stuff.' But when it comes to infrastructure security, the detail is of paramount importance! Just a single edit to a single line item can have a negative effect on an entire file or operating system. It's...
Cybersecurity
File Integrity & Change Monitoring
HITRUST: the Path to Cyber Resilience
Blog

HITRUST: the Path to Cyber Resilience

By John Salmi on Wed, 05/22/2024
Much has been made of cyber resilience in recent years. And with good reason: failing to bounce back quickly from a security event can have dramatic financial consequences. In early 2023, Royal Mail took several days to recover from a Lockbit cyberattack, losing upwards of £10 million in the process. However, for all the talk about resilience, the industry seems to be overlooking one of its...
Cybersecurity
Compliance
File Integrity & Change Monitoring
Security Configuration Management
Making Data Integrity Easy: Simplifying NIST CSF with Tripwire
Blog

Making Data Integrity Easy: Simplifying NIST CSF with Tripwire

By Dan Jamison on Mon, 05/20/2024
When you think of the cybersecurity "CIA" triad of Confidentiality, Integrity, and Availability, which one of those is most important to your organization? While the answer may vary by season for your organization, there is no argument that they are all equally vital sides of that CIA triangle, and each deserves the correct level of care and...
Cybersecurity
File Integrity & Change Monitoring
Security Configuration Management
Guide

What Experts Have to Say About Choosing the Right Cybersecurity Frameworks

Frameworks like the Center for Internet Security (CIS) Controls, MITRE ATT&CK and the National Institute of Standards and Technology (NIST) Cybersecurity Framework give organizations clear, step-by-step methodologies for protecting their sensitive data, leveraging a wealth of industry knowledge to take the guesswork out of your security program.While these cybersecurity frameworks aren’t mandatory...
Cybersecurity
Compliance
CIS Controls
NIST
Top-7-Technical-Resource-Providers-for-ICS-Security-Professionals
Blog

Top 7 Technical Resource Providers for ICS Security Professionals

By Anastasios Arampatzis on Wed, 05/15/2024
Attacks against industrial control systems (ICS) are on the rise. Cyberattacks are more prevalent, creative, and faster than ever. So, understanding attackers' tactics is crucial. The IBM Security X-Force Threat Intelligence Index 2023 highlights that backdoor deployments enabling remote access to ICS systems were the most common type of attacker...
Industrial Control Systems
Understanding the Key Differences Between FIM and EDR
Blog

Understanding the Key Differences Between FIM and EDR

By Wade Barisoff on Wed, 05/15/2024
File integrity monitoring (FIM) and endpoint detection and response (EDR) are two cybersecurity solutions that are often foundational aspects of organizations’ security strategies. EDR is implemented in order to stop known and unknown threats at endpoints, often with advanced functions such as behavioral monitoring and analysis, antivirus protection...
Cybersecurity
File Integrity & Change Monitoring
Tripwire VERT Security Update
Blog

VERT Threat Alert: May 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 05/14/2024
Today’s VERT Alert addresses Microsoft’s May 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1106 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-30040 Up first this month, we have a security feature bypass in MSHTML. More specifically, we have an Object...
Vulnerability & Risk Management
VERT Research
The Impact of NIST SP 800-171 on SMBs
Blog

The Impact of NIST SP 800-171 on SMBs

By Josh Breaker-Rolfe on Mon, 05/06/2024
From more broad laws like GDPR to industry-specific regulations like HIPAA, most organizations today must comply with some kind of data protection guideline. Some businesses may even have to comply with numerous data protection regulations. As such, compliance with data protection regulations has become increasingly complicated. National Institute...
Cybersecurity
Compliance
NIST
Vulnerability Scanning vs. Penetration Testing
Blog

Vulnerability Scanning vs. Penetration Testing

By Babar Mahmood on Fri, 05/03/2024
In the modern digital landscape, cybersecurity is paramount, making the differentiation between vulnerability scanning and penetration testing essential for safeguarding organizational assets. Vulnerability scanning offers a broad sweep for potential security weaknesses, serving as an early warning system. Penetration testing takes a more targeted...
Vulnerability & Risk Management
Cybersecurity
Patch Priority Index
Blog

Tripwire Patch Priority Index for April 2024

By Lane Thames on Thu, 05/02/2024
Tripwire's April 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft. Firsts on the list are patches for Microsoft Edge (Chromium-based) and Chromium that resolve 2 spoofing vulnerabilities. Next on the patch priority list this month is a patch for Microsoft Office and Excel that resolves spoofing and remote...
Vulnerability & Risk Management
Cybersecurity
Blog

What Is an Axon Agent, and Why Do You Need One?

By Michael Betti on Mon, 04/15/2024
The number of endpoints in an organization often exceeds the number of employees. Managing these often disparate entities is more than a full-time job. Moreover, keeping them secure is equally difficult, yet securing all of your endpoints against cyber threats has become paramount for organizations worldwide. A common oversight that undermines these...
File Integrity & Change Monitoring
Tripwire VERT
Blog

VERT Threat Alert: April 2024 Patch Tuesday Analysis

By Tyler Reguly on Tue, 04/09/2024
Today’s VERT Alert addresses Microsoft’s April 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1101 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2024-26234 This CVE describes a Proxy Driver Spoofing Vulnerability that, thanks to Microsoft’s new CWE listings, we...
Vulnerability & Risk Management
VERT Research
AI-ML-Digital-Everest-Dodging-System-Failure-Summit-Fever
Blog

AI/ML Digital Everest: Dodging System Failure Summit Fever

By Sandy Dunn on Mon, 04/08/2024
Summit Fever Syndrome, a cause of many extreme altitude climbers' deaths, is due to a lack of oxygen and mission blindness, which leads to impaired judgment where climbers take needless risks, disregard safety precautions, and make deadly errors. Deploying AI/ML models is like climbing Mount Everest. Both climbers and AI projects chase their peaks...
Vulnerability & Risk Management
Cybersecurity
exploring-advanced-tripwire-enterprise-capabilities
Blog

Exploring Advanced Tripwire Enterprise Capabilities

By John Salmi on Fri, 04/05/2024
In today's digital landscape, it is important for organizations to depend upon the tools they use for cybersecurity. Large businesses can employ many security solutions, practices, and policies that must combine to create a robust and layered security strategy. While many of these tools are important and necessary, organizations often don't use them...
Cybersecurity
File Integrity & Change Monitoring
Security Configuration Management
tripwire_vert_patch_priority_index
Blog

Tripwire Patch Priority Index for March 2024

By Lane Thames on Wed, 04/03/2024
Tripwire's March 2024 Patch Priority Index (PPI) brings together important vulnerabilities for Microsoft, Google, and Apple. First on the patch priority list are patches for Windows Kernel and Multiple Apple products. These CVEs (CVE-2024-21338, CVE-2024-23296, CVE-2024-23225) have been added to CISA's Known Exploited Vulnerabilities (KEV) catalog....
Vulnerability & Risk Management
Bake-off: Ensuring Security in the Cyber Kitchen
Blog

Bake-off: Ensuring Security in the Cyber Kitchen

By Chris Hudson on Wed, 03/27/2024
I’ll start this one with an apology – I’ve been watching a lot of the TV show The Bear (which I’d highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together nicely (both in life and in a recipe). If you are unfamiliar with the show, it is a comedy-drama about a chef who manages his...
File Integrity & Change Monitoring
Security Configuration Management
What is Log Management, and Why Do You Need It
Blog

What Is Log Management and Why you Need it

By Luis Colunga on Wed, 03/20/2024
Thanks to the burgeoning supply chain, a host of IoT and work-from-home devices, and an expanding cloud presence, organizations are constantly ingesting new hardware into their IT environments. With each new line of code comes a fresh chance for a hidden vulnerability. With each unfound weakness, attackers gain one more opportunity to gain a...
Cybersecurity
File Integrity & Change Monitoring
Security Configuration Management
Datasheet

What Makes Fortra’s Tripwire Different

Are you weighing your options between integrity management solutions? Evaluating, purchasing, and deploying new software is hard work, especially when you get down to the granular details of understanding which solutions have which capabilities and matching those capabilities to your organization’s particular needs. In an industry buzzing with ever-changing terminology and a profusion of vendors...
Vulnerability & Risk Management
Cybersecurity
Compliance
File Integrity & Change Monitoring
Incident Detection & Investigation
Industrial Control Systems
IT Security Operations & Asset Discovery
Managed Security Services
Security Configuration Management
Critical insights into Australia’s supply chain risk landscape
Blog

Critical insights into Australia’s supply chain risk landscape

By Anirudh Chand on Tue, 03/19/2024
Australian organizations find themselves navigating a minefield of supply chain risks, with a surge in incidents stemming from multi-party breaches. These breaches are often caused by vulnerabilities in cloud or software providers and are emerging as a challenge that demands attention and proactive strategies. From July to December 2023, 483 data...
Vulnerability & Risk Management
Cybersecurity