Resources

Blog

Tips to Help Leaders Improve Cyber Hygiene

The cyber threat landscape continues to be an unpredictable challenge for organizations as more of them embrace digitization. When it comes to maintaining stability and security in the age of rampant cyber attacks and record levels of data breaches plaguing businesses sector-wide, the importance of cyber hygiene cannot be overstated.Cyber threats are evolving and growing in sophistication with...
Blog

Securing Infrastructure as Code: Best Practices for State Management

IT infrastructure management is a complex task. Over the years, various methods have been used to better manage corporate environments. Whether it is network monitoring, asset control, application monitoring, or any of the other infrastructure management obligations, different solutions have been attempted to make the job easier. These undertakings became even more challenging as infrastructure...
Blog

10 Authentication Trends in 2024 and Beyond

What Is Authentication?Authentication is the process of verifying the identity of a user or system. It is a critical component of security, ensuring that only authorized individuals or entities can access sensitive information or systems.There are several methods of authentication, including knowledge-based factors (something you know, like a password), possession-based factors (something you have...
Blog

VERT Threat Alert: August 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s August 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1119 as soon as coverage is completed.In-The-Wild & Disclosed CVEsCVE-2024-38178CVE-2024-38178 describes a vulnerability in the Microsoft Edge scripting engine when run in Internet Explorer Mode. On top of requiring Edge be running in...
Blog

Find Your Best Fit: Solving the Cybersecurity Framework Puzzle

We recently presented the webcast "Find Your Best Fit, Solving the Cybersecurity Framework Puzzle." Tyler Reguly, who is a senior manager of research and development at Fortra and a former professor at his alma mater, Fanshawe College, served as the host. Tyler offered his wisdom about integrating CIS Controls into a comprehensive cybersecurity plan for your organization.Tyler examines the CIS...
Blog

Reliable Baseline Management with Fortra's Tripwire Enterprise

When performing a security assessment, many folks will focus on asset management. This is an important first step, as it often reveals assets in the environment that were previously unknown. The next step in determining how to best secure the organization is to establish a baseline of the current state, and to define what the secure baseline should be. Too often, the existing baseline is far below...
Datasheet

Tripwire Enterprise and IBM i

Many of the world's largest companies rely on IBM i operating on IBM Power Servers as their strategic platform for business-critical activities such as retail, distribution, logistics, banking, manufacturing planning, healthcare, insurance, hospitality management, government administration, and legal case management. Given the widespread use of the IBM i operating system, advanced cybersecurity...
Blog

Securing Diverse Environments: Security Configuration Management

In our technologically advanced era, where cyber threats and data breaches are constantly evolving, it's crucial for companies to focus on Security Configuration Management (SCM) to protect their resources and information. Whether dealing with infrastructure, cloud services, industrial installations, or outsourced solutions, each environment presents unique security challenges that require...
Blog

What are the Current Trends in Cloud Technology?

In recent years, cloud technology has become integral to business operations. Compared to on-premises infrastructure, it allows for improved scalability and flexibility, cost savings, collaboration, security, and data loss prevention. The cloud computing market is set to reach $679 billion in value in 2024.But what are the trends currently defining the cloud computing market? According to Donnie...
Blog

Low-Hanging Fruits Vs. Those at the Top of the Tree: Cybersecurity Edition

Companies often go for high-end cybersecurity solutions because dealing with complex problems looks impressive. The appeal of fancy tech and advanced security challenges gives them a sense of achievement and a chance to show off their skills - and says they're serious about staying ahead of cyber crooks.However, this isn't always the best strategy. Many significant risks arise from simple...
Blog

Navigating Compliance: A Guide to the U.S. Government Configuration Baseline

For cybersecurity professionals tasked with defending the public sector, tackling the U.S. Government Configuration Baseline (USGCB) is just another hurdle to a safer federal tomorrow. Part of a wide collection of necessary federal government compliance requirements, it hones in on which baseline security configurations are necessary for federally deployed IT products. While not a standalone...
Blog

VERT Threat Alert: July 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s July 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1114 as soon as coverage is completed. In-The-Wild & Disclosed CVEsCVE-2024-38112A vulnerability in the Windows MSHTML Platform could allow spoofing to occur. Successful exploitation of this vulnerability requires that the attacker convince...
Blog

A Look at Container Security Through the Lens of DevOps

Containerization has revolutionized application development, deployment, and management – and for good reason. The ability to automatically wrap an application and its dependencies into a single, easily deployable package helps developers focus on what they do best: writing code. Widely recognized as the go-to method to boost productivity and simplify the process, containerization keeps gaining...
Blog

Zero Trust Maturity: How to Know When You’re Getting Close

Zero Trust maturity might be one of the least understood security buzzwords of our era. The term “Zero Trust” was originally coined over a decade ago and described the principle of not assigning digital trust to any entity, ever, for free. It represented a fundamental paradigm shift from the trust-happy early internet days to the threat-filled cyber landscape we now know.Since then, companies have...
Blog

Where Security Starts in Your Security Projects

The successful implementation of new tools and processes hinges not just on the technology itself but on meticulous project management. From ensuring secure access to the underlying infrastructure, a new tool will be implemented upon defining clear goals and understanding the security footprint of the service. Even the earliest steps of your rollout can be important in the long run. Getting all...
Blog

VERT Threat Alert: June 2024 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s June 2024 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1110 as soon as coverage is completed. In-The-Wild & Disclosed CVEs CVE-2023-50868 The only disclosed vulnerability we have this month, is CVE-2023-50868, a DNSSEC protocol level vulnerability that can lead to denial of service. The...
Blog

Data Destruction: The Final Line of Defense Against Cyber Attacks

Data is the lifeblood of modern organizations, and while watertight data protection policies are undeniably crucial, the need for robust data destruction methods has never been more pressing. Ultimately, all parties and vendors in your supply chain trust you to maintain the integrity of their data. Once that data is no longer needed, transparency...
Blog

Cloud Sprawl: How to Tidy It Up

Cloud computing offers indisputable benefits, but with the caveat that it can quickly become a disorganized jumble unless adequately managed. It’s common for the average organization to use dozens of cloud instances, solutions, and resources scattered across multiple platforms. Such off-premises services quickly accumulate to accommodate the company...
Blog

HITRUST: the Path to Cyber Resilience

Much has been made of cyber resilience in recent years. And with good reason: failing to bounce back quickly from a security event can have dramatic financial consequences. In early 2023, Royal Mail took several days to recover from a Lockbit cyberattack, losing upwards of £10 million in the process. However, for all the talk about resilience, the industry seems to be overlooking one of its...
Blog

The UK’s Cybersecurity: Where Is it and Where Is it Going?

In early April this year, the UK's Department for Science, Innovation and Technology (DSIT) released its Cybersecurity Breaches Survey 2024. It provides a comprehensive overview of the UK's cybersecurity landscape, exploring the different cyberattacks and cybercrimes businesses, charities, and private sector educational instructions face, the...