Resources

Datasheet

10 Ways Tripwire Outperforms Other Cybersecurity Solutions

As a security professional, you’re tasked with protecting your organization against attacks, detecting threats, identifying vulnerabilities and hardening configurations. But in an increasingly crowded marketplace, how do you choose the right cybersecurity partner? From experience and technical innovation to security expertise, Fortra's Tripwire stands out from the competition. Here are 10 reasons...

Vulnerability & Risk Management

Incident Detection & Investigation

IT Security Operations & Asset Discovery

Security Configuration Management

Guide

Navigating Industrial Cybersecurity: A Field Guide

Nearly every aspect of modern life depends on industrial control systems (ICS) operating as expected. As ICS devices become increasingly connected, they also become increasingly vulnerable. By and large, commercial and critical infrastructure industrial orgs are underprepared for the digital convergence of their IT and OT environments. ICS operators need to get a robust cybersecurity program in...

Blog

CIS Control 18 Penetration Testing

By Matthew Jerzewski on Wed, 05/11/2022

Penetration testing is something that more companies and organizations should be considering a necessary expense. I say this because over the years the cost of data breaches and other forms of malicious intrusions and disruptions are getting costlier. Per IBM Security’s “Cost of a Data Breach Report 2021,” the average cost of a breach has increased 10%...

Blog

CIS Control 17: Incident Response Management

By Tyler Reguly on Wed, 04/27/2022

We all know that it is a question of when you will be compromised and not if you will be compromised. It is unavoidable. The goal of CIS Control 17 is to ensure that you are set up for success when that inevitable breach occurs. If an organization is neither equipped nor prepared for that potential data breach, they are not likely to succeeded in...

Blog

CIS Control 16 Application Software Security

By Matthew Jerzewski on Wed, 04/20/2022

The way in which we interact with applications has changed dramatically over years. Enterprises use applications in day-to-day operations to manage their most sensitive data and control access to system resources. Instead of traversing a labyrinth of networks and systems, attackers today see an opening to turn an organizations applications against it to...

Blog

What Is the Role of Incident Response in ICS Security?

By Tripwire Guest Authors on Wed, 04/06/2022

In recent years, cyber espionage has been growing in magnitude and complexity. One of the most common targets is Industrial Control Systems (ICS) within critical infrastructure sectors. With many organizations relying more heavily on ICS networks, there has been an increase in threats and cyberattacks aimed at these systems. Not only do these attacks...

Blog

What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?

By Joe Pettit on Tue, 03/01/2022

Cloud adoption has come a long way from its early days where corporate executives questioned the stewardship of their data. The initial suspicions of “where’s my data” have been laid to rest, as administrative tools and contractual obligations have emerged to give better visibility to, and accountability of, data custodianship. Even the capabilities of...

Blog

CIS Control 15: Service Provider Management

By Matthew Jerzewski on Wed, 02/23/2022

Enterprises today rely on partners and vendors to help manage their data. Some companies depend on third-party infrastructure for day-to-day operations, so understanding the regulations and protection standards that a service provider is promising to uphold is very important. Key Takeaways from Control 15 Identify your business needs and create a...

Blog

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

By David Bisson on Tue, 01/18/2022

Earlier this year, I wrote about what’s new in Version 8 of the Center for Internet Security’s Critical Security Controls (CIS Controls). An international consortium of security professionals first created the CIS Controls back in 2008. Since then, the security community has continued to update the CIS Controls to keep pace with the evolution of...

Blog

CIS Control 14: Security Awareness and Skill Training

By Andrew Swoboda on Wed, 12/08/2021

Users who do not have the appropriate security awareness training are considered a weak link in the security of an enterprise. These untrained users are easier to exploit than finding a flaw or vulnerability in the equipment that an enterprise uses to secure its network. Attackers could convince unsuspecting users to unintentionally provide access to...

Blog

CIS Control 13: Network Monitoring and Defense

By Lane Thames on Wed, 12/01/2021

Networks form a critical core for our modern-day society and businesses. People, processes, and technologies should be in place for monitoring, detecting, logging, and preventing malicious activities that occur when an enterprise experiences an attack within or against their networks. Key Takeaways for Control 13 Enterprises should understand that...

Blog

CIS Control 12: Network Infrastructure Management

By Lane Thames on Wed, 11/24/2021

Networks form a critical core for our modern-day society and businesses. These networks are comprised of many types of components that make up the networks’ infrastructure. Network infrastructure devices can be physical or virtual and include things such as routers, switches, firewalls, and wireless access points. Unfortunately, many devices are shipped...

Blog

CIS Control 11: Data Recovery

Wed, 11/03/2021

Data loss can be a consequence of a variety of factors from malicious ransomware to hardware failures and even natural disasters. Regardless of the reason for data loss, we need to be able to restore our data. A data recovery plan begins with prioritizing our data, protecting it while it is being stored, and having a plan to recover data. Key...

Blog

CIS Control 10: Malware Defenses

By Tyler Reguly on Wed, 10/27/2021

With the continuing rise of ransomware, malware defenses are more critical than ever before with regard to securing the enterprise. Anti-Malware technologies have become an afterthought in many organizations, a technology that they’ve always had, always used, and never really thought about. This control serves as a reminder that this technology is as...

Blog

CIS Control 09: Email and Web Browser Protections

By Andrew Swoboda on Wed, 10/20/2021

Web browsers and email clients are used to interact with external and internal assets. Both applications can be used as a point of entry within an organization. Users of these applications can be manipulated using social engineering attacks. A successful social engineering attack needs to convince users to interact with malicious content. A successful...

Blog

CIS Control 08: Audit Log Management

By Tyler Reguly on Wed, 10/13/2021

Audit logs provide a rich source of data critical to preventing, detecting, understanding, and minimizing the impact of network or data compromise in a timely manner. Collection logs and regular review is useful for identifying baselines, establishing operational trends, and detecting abnormalities. In some cases, logging may be the only evidence of a...

Blog

CIS Control 07: Continuous Vulnerability Management

By Tyler Reguly on Wed, 10/06/2021

When it comes to cybersecurity, vulnerability management is one of the older technologies that still play a critical role in securing our assets. It is often overlooked, disregarded, or considered only for checkbox compliance needs, but a proper vulnerability management program can play a critical role in avoiding a series data breach. CIS Control 07...

Blog

Delivering Electrons, Generating Data Lakes, and the Security & Privacy Considerations of Running a Modern Industrial Organization

By Editorial Staff on Thu, 09/30/2021

In this episode, Patrick Miller, Founder of Ampere Industrial Security, discusses what utilities and other industrial companies need to consider when it comes to the goldmines of data they're collecting from their machines and customers. He also explains why security and privacy needs to be incorporated in these operations by design. https://open...

Blog

CIS Control 06: Access Control Management

By Tyler Reguly on Wed, 09/29/2021

CIS Control 6 merges some aspects of CIS Control 4 (admin privileges) and CIS Control 14 (access based on need to know) into a single access control management group. Access control management is a critical component in maintaining information and system security, restricting access to assets based on role and need. It is important to grant, refuse, and...

Blog

CIS Control 05: Account Management

Wed, 09/22/2021

Knowing who has credentials, how those credentials are granted, and how they are being used is the foundation of any secure environment. It begins with user accounts and the credentials they use. Maintaining a thorough inventory of all accounts and verifying any changes to those accounts as authorized and intentional vs unintended is paramount to...

10 Ways Tripwire Outperforms Other Cybersecurity Solutions

Navigating Industrial Cybersecurity: A Field Guide

CIS Control 18 Penetration Testing

CIS Control 17: Incident Response Management

CIS Control 16 Application Software Security

What Is the Role of Incident Response in ICS Security?

What Are the Benefits of Adopting the Cloud in Industrial Cybersecurity?

CIS Control 15: Service Provider Management

How to Fulfill Multiple Compliance Objectives Using the CIS Controls

CIS Control 14: Security Awareness and Skill Training

CIS Control 13: Network Monitoring and Defense

CIS Control 12: Network Infrastructure Management

CIS Control 11: Data Recovery

CIS Control 10: Malware Defenses

CIS Control 09: Email and Web Browser Protections

CIS Control 08: Audit Log Management

CIS Control 07: Continuous Vulnerability Management

Delivering Electrons, Generating Data Lakes, and the Security & Privacy Considerations of Running a Modern Industrial Organization

CIS Control 06: Access Control Management

CIS Control 05: Account Management

Contact Information

Privacy Policy

Cookie Policy

Impressum