Resources

VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog
Blog

VERT Threat Alert: October 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 10/13/2020
Image Today’s VERT Alert addresses Microsoft’s October 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-909 on Wednesday, October 14th. In-The-Wild & Disclosed CVEs (October 2020 Patch Tuesday Analysis) CVE-2020-16938 This CVE describes an information disclosure in the...
Vulnerability & Risk Management
VERT Research
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog
Blog

VERT Threat Alert: September 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 09/08/2020
Image Today’s VERT Alert addresses Microsoft’s September 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-903 on Wednesday, September 9th. In-The-Wild & Disclosed CVEs There were no in-the-wild or disclosed CVEs included in this month’s security guidance. CVE Breakdown...
Vulnerability & Risk Management
VERT Research
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog
Blog

VERT Threat Alert: August 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/11/2020
Image Today’s VERT Alert addresses Microsoft’s August 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-899 on Wednesday, August 12th. In-The-Wild & Disclosed CVEs CVE-2020-1464 A vulnerability exists in the way that Windows validates file signatures. An attacker could...
Vulnerability & Risk Management
VERT Research
Press Release
Press Release

Tripwire’s IP360™ Vulnerability Management Solution Awarded 5-Star Review from SC Media

SC Lab testers give Tripwire IP360 top rating, highlighting sophisticated reporting and risk prioritization. PORTLAND, Ore. – July, 27, 2020 – Tripwire, Inc., a global cybersecurity solutions provider protecting the world’s leading organizations, today announced that its vulnerability management solution Tripwire® IP360™ received a five-star rating by SC Media. “Vulnerability...
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog
Blog

VERT Threat Alert: July 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 07/14/2020
Image Today’s VERT Alert addresses Microsoft’s July 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-895 on Wednesday, July 15th. In-The-Wild & Disclosed CVEs  CVE-2020-1463 A vulnerability in the SharedStream Library could allow a locally authenticated attacker to run a...
Vulnerability & Risk Management
VERT Research
Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly
Blog
Blog

Design & Implementation of OEM ICS Cybersecurity Frameworks: The Good, The Bad, and The Ugly

By Editorial Staff on Sun, 07/05/2020
Image The cyber threat landscape today continues to pose a myriad of unique challenges. This is especially the case for industrial organizations due to factors such as aging equipment, poor design or implementation, skills gaps and a lack of visibility. These shortcomings are exacerbated by the mean time to breach detection, which...
Cybersecurity
Industrial Control Systems
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog
Blog

VERT Threat Alert: June 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 06/09/2020
Image Today’s VERT Alert addresses Microsoft’s June 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-888 on Wednesday, June 10th. In-The-Wild & Disclosed CVEs None of the vulnerabilities resolved this month have been publicly disclosed or exploited according to Microsoft....
Vulnerability & Risk Management
VERT Research
Climbing the Vulnerability Management Mountain: Reaching the Summit (VM Maturity Level 5)
Blog
Blog

Climbing the Vulnerability Management Mountain: Reaching the Summit (VM Maturity Level 5)

By Lamar Bailey on Mon, 05/25/2020
Image Only the truly committed ever reach the summit of anything. This sentiment holds true for vulnerability management. An organization cannot reach the summit without a serious commitment to fund and staff the program appropriately across the organization. Reaching ML:5 means tying the program to the business. Everyone must be...
Vulnerability & Risk Management
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog
Blog

VERT Threat Alert: May 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 05/12/2020
Image Today’s VERT Alert addresses Microsoft’s May 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-884 on Wednesday, May 13th. In-The-Wild & Disclosed CVEs None of the vulnerabilities resolved this month have been publicly disclosed or exploited according to Microsoft. ...
Vulnerability & Risk Management
VERT Research
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog
Blog

VERT Threat Alert: April 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 04/14/2020
Image Today’s VERT Alert addresses Microsoft’s April 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-880 on Wednesday, April 15th. In-The-Wild & Disclosed CVEs CVE-2020-0935 A vulnerability in the OneDrive for Windows desktop application could allow an attacker to...
Vulnerability & Risk Management
VERT Research
Cybersecurity in Education (K-12) with the CIS Controls
Blog
Blog

Cybersecurity in Education (K-12) with the CIS Controls

By Editorial Staff on Mon, 04/13/2020
Image Why is cybersecurity important to Education? Acknowledging recent reports of ransomware targeting educational institutions, it is no wonder that there have also been articles that attempt to lure in readers with “free” tools. What is disappointing is that these “free” tools are little more than marketing pieces that direct you...
Cybersecurity
Compliance
CIS Controls
Climbing the Vulnerability Management Mountain: Reaching Maturity Level 4
Blog
Blog

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 4

By Lamar Bailey on Mon, 02/24/2020
Image The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of data dictated by threat and patch priority. Thousands of new vulnerabilities are released each year, and no company...
Vulnerability & Risk Management
Climbing the Vulnerability Management Mountain: Reaching Maturity Level 3 – Base Camp
Blog
Blog

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 3 – Base Camp

By Lamar Bailey on Sun, 01/05/2020
Image ML:3 is base camp, and getting here means you have reached a level that others have only dreamed about. At this level, the VM program is very good, and your visibility into threats to the environment is much better than it has ever been. Prioritizing Asset Assessment The biggest change at this level is the focus on the breadth...
Vulnerability & Risk Management
Climbing the Vulnerability Management Mountain: Reaching Maturity Level 2
Blog
Blog

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 2

By Lamar Bailey on Mon, 12/02/2019
Image The path is starting to get steeper now as we climb to ML2. It is time to start defining a vulnerability management program with objectives and goals. This program is expected to grow and evolve over time as the organization grows and evolves. Document the requirements Start by documenting what is in place now and what...
Vulnerability & Risk Management
Five “W’s” for Vulnerability Management
Blog
Blog

Five “W’s” for Vulnerability Management

By Ben Layer on Sun, 12/01/2019
Image As we wind down 2019, it is a great time to think about your vulnerability management plans for the coming year. The five W’s can help guide our efforts as we resolve to improve our digital security for the coming new year. What Is Vulnerability Management? Vulnerability assessments are useful for detecting security issues...
Vulnerability & Risk Management
Forensics in the Cloud: What You Need to Know
Blog
Blog

Forensics in the Cloud: What You Need to Know

By Tripwire Guest Authors on Tue, 08/20/2019
Image Cloud computing has transformed the IT industry, as services can now be deployed in a fraction of the time that it used to take. Scalable computing solutions have spawned large cloud computing companies such as Amazon Web Services (AWS), Google Cloud and Microsoft Azure. With a click of a button, personnel can create or reset...
Cybersecurity
Cloud Security
Climbing the Vulnerability Management Mountain: Taking the First Steps Towards Enlightenment
Blog
Blog

Climbing the Vulnerability Management Mountain: Taking the First Steps Towards Enlightenment

By Lamar Bailey on Mon, 08/19/2019
Image Just as you would map a hike or climb by creating waypoints you plan to hit each day, you must plan your vulnerability management process by creating similar goals. We call these goals Maturity Levels, from ML0 to ML5, as we defined them in the last blog. You have your asset inventory from an open-source tool, asset tracking...
Vulnerability & Risk Management
Cómo madurar un programa de gestión de vulnerabilidades
Blog
Blog

How to Build a Mature Vulnerability Management Program

By Anastasios Arampatzis on Sun, 08/11/2019
Image The evolution of the cyber threat landscape highlights the emerging need for organizations to strengthen their ability to identify, analyze and evaluate cyber risks before they evolve into full-fledged security incidents. When it comes to cyber risk mitigation, the terms “patch management” and “vulnerability management” are used...
Vulnerability & Risk Management
NCSC Active Cyber Defence Report 2019: Evidence Based Vulnerability Management
Blog
Blog

NCSC Active Cyber Defence Report 2019: Evidence Based Vulnerability Management

By Anastasios Arampatzis on Fri, 07/26/2019
Image On 16 July 2019, UK’s National Cyber Security Centre (NCSC) released the second annual report of the Active Cyber Defence (ACD) program. The report seeks to show the effects that the program has on the security of the UK public sector and the wider UK cyber ecosystem. The Active Cyber Defence Program NCSC was set up in 2016 to...
Vulnerability & Risk Management