Resources

Brace yourself – ISO27001 changes are coming
Blog

Brace yourself – ISO27001 changes are coming

By Tripwire Guest Authors on Wed, 11/02/2022
If you’re not aware already, then be prepared for change, because a new version of ISO27001 was published in October 2022! It’s all very exciting! The last change to the standard was in 2017. The changes made back then were fundamentally cosmetic, with a few minor tweaks to wording. The changes barely caused a ripple and, even today, organisations are...
Cybersecurity
Compliance
Keeping threat actors away from your supply chain
Blog

Keeping threat actors away from your supply chain

By Tripwire Guest Authors on Wed, 11/02/2022
The supply chain is a complex environment that goes deep inside a business and involves the majority of its infrastructure, operations, personnel, and outer relations: vendors, partners, and customers. To protect that matrix is extremely difficult, as there are numerous sensitive nodes, lines, and processes that a security team has to take care of:...
Vulnerability & Risk Management
Cybersecurity
New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable
Blog

New Canadian Cyberattack Data Says 80% of SMBs Are Vulnerable

By Tripwire Guest Authors on Tue, 10/25/2022
If you were to take a look at the cybersecurity news cycle, you’d be forgiven for thinking that it’s only large enterprises with expansive customer bases and budgets that are the most vulnerable to attacks. But that’s not entirely true. Even if it’s at a much smaller scale, small- and medium-sized businesses (SMBs) still have stores of sensitive...
Cybersecurity
File Integrity & Change Monitoring
Incident Detection & Investigation
What Does the Industry Want to Improve on NIST Cybersecurity Framework 2.0
Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

By Anastasios Arampatzis on Mon, 10/24/2022
The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with CSF 1...
Compliance
NIST
Industrial Control Systems
Top trends in Application Security in 2022
Blog

Shifting Left with SAST, DAST, and SCA: Advanced Best Practices

By Tripwire Guest Authors on Thu, 10/20/2022
In the past, teams incorporated security testing far after the development stage of the Software Development Lifecycle (SDLC). Security testing would influence whether the application would to proceed to production, or get passed back to the developers for remediation. This process caused delays while teams worked on remediation or, worse yet, it...
Cybersecurity
Compliance
CIS Controls
An Introduction to the State and Local Cybersecurity Grant Program
Blog

An Introduction to the State and Local Cybersecurity Grant Program (SLCGP)

By David Henderson on Wed, 10/19/2022
Cybersecurity funding in corporate environments has always been a source of anxiety for those who seek to keep organizations safe. When we examine the cybersecurity readiness of many state, local, and territorial governments, this funding struggle is taken to new heights of scarcity. Fortunately, a new program has been created by the Department of...
Cybersecurity
Compliance
Stop blaming employees for cybersecurity breaches
Blog

Stop blaming employees for cybersecurity breaches

By Tripwire Guest Authors on Tue, 10/18/2022
When companies drive a wedge between their workforce and their security culture, not only do they reduce best practices, but they also increase stress and jeopardise secure behaviours. We need to stop blaming employees for cybersecurity breaches and look at the real reasons that data is compromised. Furthermore, as long as there are humans at work,...
Cybersecurity
How Is IT/OT Convergence Transforming Smart Manufacturing?
Blog

How Is IT/OT Convergence Transforming Smart Manufacturing?

By Tripwire Guest Authors on Mon, 10/17/2022
For most modern businesses, there’s a divide between Information Technology (IT) and Operational Technology (OT). The difference between these equally integral facets of digital manufacturing is a subject currently under debate. Ultimately, information technology deals with information and data. In contrast, operational technology handles the physical...
Industrial Control Systems
Defense in Depth: 4 Essential Layers of ICS Security
Blog

Defense in Depth: 4 Essential Layers of ICS Security

By Editorial Staff on Tue, 09/20/2022
It is always said that security is never a one-size-fits-all solution.  This is true not only because of the apparent infinite varieties of equipment in each individual organization, but also, and perhaps more importantly, the different ways that every organization views security. Some spend lots of time focusing on physical security, especially those...
Industrial Control Systems
On-Demand Webinar

Industrial Cybersecurity - What You Don't Know Might Hurt You

Mon, 08/15/2022
Getting a clear assessment of your assets is the first step toward developing a mature OT network or control system. A well maintained asset inventory allows your organization to quickly manage risk affecting your operations availability, reliability and safety. Industrial environments often need to map assets to NIST, ITIL, ISO, COBIT or process automation standards like ANSI/ISA99-IEC-62443. You can achieve significant efficiency improvement and save time within industrial environments by automating asset management instead of following manual spreadsheet processes. Cyber security experts David Meltzer, Chief Research Officer at Tripwire, Tony Gore, CEO at Red Trident Inc., and John Powell, Senior Critical Infrastructure Engineer at Red Trident Inc., will discuss the practical 1-2-3 basics of industrial cyber security and how to get started automating asset management. Attendees will also learn how to build an effective strategy for protecting industrial assets - networks, endpoints and controllers. Key Takeaways: Learn how to automate and simplify the inventory process and secure your assets Understand what cyber security standards may apply to your unique environment Hear real-world tips on how to prioritize and work across functional silos within your company Receive an industrial cyber security assessment checklist to help gauge your starting point
Industrial Control Systems
Product Video

How Tripwire Helped Walgreens Take a Proactive Approach to Security

Mon, 08/15/2022
Walgreens, founded in 1901, is one of the largest pharmacy companies in the U.S., handling online and in-store sales as well as processing the prescription needs of millions of customers. It needed a security solution that would give them an integrated, all-up view into its IT ecosystem. Its Tripwire ExpertOps solution has given the company a much more proactive view and approach to its security...
Cloud Security
Guide

How Finance Companies Bank on Tripwire ExpertOps

Finance companies opt for managed services to stay compliant, bolster overburdened security teams, and get ongoing support in keeping their data safe from damaging breaches. The finance sector regularly finds itself on the front lines of emerging attack techniques; attackers commonly search for edge vulnerabilities and test new malware variations against financial systems. However, most breaches...
Compliance
PCI DSS
SOX
Guide

Multi-Cloud Security Best Practice Guide

When you opt to use multiple cloud providers, you’re implementing a multi-cloud strategy. This practice is increasingly common, and can refer to mixing SaaS (software as a service) and PaaS (platform as a service) offerings as well as public cloud environments that fall under the IaaS (infrastructure as a service) category. The most common public cloud environments today are Amazon Web Services ...
Cloud Security
Guide

A Tripwire Zero Trust Reference Architecture

The concept of Zero Trust Architecture is fairly straightforward. Networks and systems have been traditionally designed with the assumption that everybody inside a defined perimeter can be trusted and that everybody outside that perimeter is hostile. With that assumption, the idea of building an impenetrable wall around that perimeter makes perfect sense. Over time, and as technology has advanced,...
Cybersecurity
Guide

Understanding Your Attack Surface: The First Step in Risk-based Security Intelligence

As chief information security officer (CISO), it’s now a job requirement to effectively communicate with your non-technical C-suite and board of directors—preferably not just after there’s been a breach. This is the first in a series of executive white papers designed to share strategies for reducing your attack surface risk as well as how to clearly and objectively communicate your overall security posture to non-technical executives. Download this white paper and learn about: The definition of “attack surface” — and risks associated Design goals of attack surface analytics What non-technical C-suite executives and board members want
Cybersecurity
Guide

Sustaining SOX Compliance Through Automation Using COBIT Framework

Achieving compliance with the Sarbanes-Oxley Act (SOX) can be a monumental effort. Maintaining those controls and audit reporting on an ongoing basis can be even more difficult. The SEC recommends automated controls for more efficient and effective compliance results. This white paper details the SOX requirements that are best addressed by automated controls using the COBIT framework in two core...
Compliance
SOX
Guide

The Changing Role of the CISO

The chief information security officer, or CISO, is essential to the smooth and safe operation of any large organization. Over the past few years, though, the scope and scale of the CISO’s task has increased markedly. No longer simply a head of IT security, the CISO is responsible for a far wider range of cyber defenses and protective measures that extend well beyond the organization’s perimeter...
Cybersecurity