-
Tyler Reguly
Blog
Resolving Top Security Misconfigurations: What you need to know
By Jeff Moline on Mon, 01/22/2024
Image
One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into...
Blog
An Introduction to AWS Security
By Gilad David Maayan on Fri, 01/12/2024
Image
Cloud providers are becoming a core part of IT infrastructure. Amazon Web Services (AWS), the world's biggest cloud provider, is used by millions of organizations worldwide and is commonly used to run sensitive and mission-critical workloads. This makes it critical for IT and security professionals to understand the basics of...
Blog
Cloud Security Optimization: A Process for Continuous Improvement
By Gilad David Maayan on Thu, 12/28/2023
Image
Cloud optimization is the process of correctly selecting and assigning the right resources to a workload or application with the ultimate goal of minimizing costs while improving performance and efficiency. These resources can range from computational power, memory, and storage to network capabilities. The cloud optimization...
Blog
The 2023 ISC2 Cybersecurity Workforce Study Delves into Cloud Security and AI
By Katrina Thompson on Mon, 12/11/2023
Image
The security industry is at a critical juncture. Capturing the state of affairs is a recent report released by the International Information System Security Certification Consortium, or ISC2.
“A perfect storm”
As they state in their Executive Summary, “Our study shows that a perfect storm of economic uncertainty, rapidly...
Blog
The Six Pillars of Cybersecurity
By Gary Hibberd on Thu, 11/16/2023
Image
Winter is coming
In the ever-evolving landscape of cloud computing, ensuring robust security measures has never been more important. In the new ISO 27001:2022 standard, there is a new requirement for organisations to establish control of their Cloud services, which includes every flavor of cloud from Software as a Service (SaaS...
Blog
Cloud Watching Report: Key Takeaways
By Anirudh Chand on Mon, 11/13/2023
Image
The capabilities of cloud computing have changed the digital landscape significantly, and the popularity of cloud solutions only continues to increase. According to Gartner, the market for public cloud services is expected to surpass 700 billion USD by the end of 2024. The growth of cloud technologies presents a wealth of new...
Blog
Shifting Left with SAST, DAST, and SCA: Advanced Best Practices
By Tripwire Guest Authors on Thu, 10/20/2022
Image
In the past, teams incorporated security testing far after the development stage of the Software Development Lifecycle (SDLC). Security testing would influence whether the application would to proceed to production, or get passed back to the developers for remediation.
This process caused delays while teams worked on...
Datasheet
Tripwire Cloud Deployment Services
Cloud computing has transformed business and government at an extraordinary pace by delivering business-supporting technology more efficiently than ever. The cloud has changed the way IT thinks about how to design and deliver computing technology applications and, according to Gartner, by 2015 10% of enterprise IT security will be delivered in the cloud.
What if enterprises...
Datasheet
Tripwire Enterprise and Cisco AMP Threat Grid
Overview
There is mounting concern at the senior executive and board level regarding cybersecurity, driven by highly visible advanced targeted attacks. These attacks threaten precious IP, valuable customer information, company valuation and trade secrets. To truly protect valuable resources, organizations have to accept the nature of modern networked environments and devices,...
Datasheet
Cloud Data Security: Implementing Smarter Cloud Security
The trend of mass migration to the cloud brings benefits like lower operating costs, easier deployability, and the flexibility of an elastic environment. However, it’s crucial to understand that the responsibility to secure your cloud infrastructure still falls on your organization.
Cloud providers allow organizations to take advantage of their infrastructure, resulting in a...
Datasheet
The CIS Controls and Tripwire Solutions
Many organizations face the challenging threat environment by strategically choosing a security controls framework as a reference for initiating, implementing, measuring, and evaluating their security posture, as well as managing risk. While many frameworks are available, one of the most notable and commonly used is the Center for Internet Security’s CIS Controls.
This well...
Datasheet
MITRE ATT&CK Matrix with CIS Controls and Tripwire Mapping
It’s not enough to cast a wide cybersecurity net and hope you catch the adversaries trying to compromise your data. Instead, you need to narrow your focus to make your efforts truly impactful.
But which of the countless potential cybersecurity attacks out there should you choose to prioritize? MITRE’s Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK) Framework and...
Blog
CIS Control 18 Penetration Testing
By Matthew Jerzewski on Wed, 05/11/2022
Image
Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a...
Blog
CIS Control 17: Incident Response Management
By Tyler Reguly on Wed, 04/27/2022
Image
We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not...
Blog
CIS Control 16 Application Software Security
By Matthew Jerzewski on Wed, 04/20/2022
Image
The way in which we interact with applications has changed dramatically over years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations...
Blog
What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?
By Joe Pettit on Tue, 03/01/2022
Image
Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship....
Blog
CIS Control 15: Service Provider Management
By Matthew Jerzewski on Wed, 02/23/2022
Image
Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important.
Key Takeaways from Control 15
Identify your...
Blog
How to Fulfill Multiple Compliance Objectives Using the CIS Controls
By David Bisson on Tue, 01/18/2022
Image
Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with...
Blog
CIS Control 14: Security Awareness and Skill Training
By Andrew Swoboda on Wed, 12/08/2021
Image
Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to...