Resources

Integrity Monitoring Use Cases: Compliance
Blog
Blog

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

By David Bruce on Fri, 11/11/2022
In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry specific (SOX, NERC, HIPAA, PCI DSS ). These regulations impact literally...
Cybersecurity
Compliance
Security Configuration Management
Developing an Effective Change Management Program
Blog
Blog

Developing an Effective Change Management Program

By John Salmi on Tue, 11/08/2022
Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized? The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing a task consisted of a sysadmin moving full-speed ahead to satisfy the...
Vulnerability & Risk Management
Cybersecurity
Security Configuration Management
Getting started with Zero Trust: What you need to consider
Blog
Blog

Getting started with Zero Trust: What you need to consider

By David Bruce on Mon, 11/07/2022
Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by careless error which could have cost them hundreds of their own currency...
Cybersecurity
Compliance
NIST
Security Configuration Management
What Does the Industry Want to Improve on NIST Cybersecurity Framework 2.0
Blog
Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

By Anastasios Arampatzis on Mon, 10/24/2022
The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with CSF 1.1 in April 2018 . The National Institute of...
Compliance
NIST
Industrial Control Systems
Guide
Guide

Beyond the Basics: Tripwire Enterprise Use Cases

Security, compliance, and IT operations leaders need a powerful and effective way to accurately identify security misconfigurations and indicators of compromise. Explore the many ways Tripwire Enterprise can protect your organization with superior security and continuous compliance.
Compliance
File Integrity & Change Monitoring
Security Configuration Management
Product Video
Product Video

How Tripwire Helped Walgreens Take a Proactive Approach to Security

Mon, 08/15/2022
Walgreens, founded in 1901, is one of the largest pharmacy companies in the U.S., handling online and in-store sales as well as processing the prescription needs of millions of customers. It needed a security solution that would give them an integrated, all-up view into its IT ecosystem. Its Tripwire ExpertOps solution has given the company a much more proactive view and approach to its security...
Cloud Security
Guide
Guide

Multi-Cloud Security Best Practice Guide

When you opt to use multiple cloud providers, you’re implementing a multi-cloud strategy. This practice is increasingly common, and can refer to mixing SaaS (software as a service) and PaaS (platform as a service) offerings as well as public cloud environments that fall under the IaaS (infrastructure as a service) category. The most common public cloud environments today are Amazon Web Services...
Cloud Security
Guide
Guide

Tripwire State of Cyber Hygiene Report

Tripwire’s State of Cyber Hygiene report reveals the results of an extensive cybersecurity survey conducted in partnership with Dimensional Research. The survey examined if and how organizations are implementing security controls that the Center for Internet Security (CIS) refers to as "Cyber Hygiene." Real-world breaches and security incidents prove over and over again that many of the most...
Security Configuration Management
Vulnerability & Risk Management
Guide
Guide

Six Security Controls to Prevent Your Cloud from Getting Hacked

There’s a common misconception that cloud providers handle cybersecurity for you. The truth is, cloud providers use a “shared responsibility model”. They protect underlying Cloud infrastructure, but leave protection of Cloud-deployed assets and data up to you. To help meet this need, the Center for Internet Security (CIS) has created the CIS Amazon Web Services Foundations benchmark policy. This...
Cloud Security
Guide
Guide

Survey: Securing Public Cloud Infrastructure

Do you have a centralized view of your organization’s security posture and policy compliance across all cloud accounts? A Tripwire and Dimensional Research survey conducted in 2021 found that only 21 percent of security professionals could answer “yes.” The survey included more than 300 cybersecurity professionals who are directly responsible for the security of public cloud infrastructure within...
Cloud Security
Guide
Guide

Security Configuration Management Buyer's Guide

Security configuration management (SCM) exists at the point where IT security and IT operations meet. It’s a core security control that combines elements of vulnerability assessment, automated remediation, and configuration assessment. The goal of SCM is to reduce security risks by ensuring that systems are properly configured — or hardened — to meet internal and/or regulatory security and...
Security Configuration Management
Guide
Guide

Securing AWS Cloud Management Configurations

Amazon has captured nearly half of the cloud market making it a prime target for attacks. When AWS accounts are compromised, the go-to payload is often cryptocurrency mining where attackers make money using stolen CPU cycles that get billed to the victim's account. Fortunately, there is guidance from the Center for Internet Security (CIS). In 2016, CIS launched the Amazon Web Services Foundations...
Cloud Security
Guide
Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NIST
PCI DSS
Guide
Guide

Implementing Cloud Security Best Practices

Cybersecurity professionals the world over share common cloud security concerns like risk management, configuration security, and cloud compliance. As organizations expand further into the cloud, there continues to be an influx of simple mistakes that can expose organizations to significant security, privacy, and regulatory risks. Tripwire partnered with Dimensional Research to understand what...
Cloud Security
Guide
Guide

Solid Foundations for Cloud Security: Houses Built on Sand or Rock

Moving mission critical applications to the cloud provides a whole host of benefits but it also means trusting cloud providers with key aspects of security and compliance. This paper provides tools you can use to evaluate the security and compliance offerings of cloud computing partners. It also describes how Tripwire’s solutions can be used to build and deploy a rock-solid security foundation for...
Cloud Security
Guide
Guide

The Executive's Guide to the CIS Controls

See how simple and effective security controls can create a framework that helps you protect your organization and data from known cyber attack vectors. This publication was designed to assist executives by providing guidance for implementing broad baseline technical controls that are required to ensure a robust network security posture. In this guide, we will cover a wide range of topics...
Compliance
CIS Controls
Security Configuration Management
Guide
Guide

Executing an Efficient Cloud Security Strategy

How do organizations execute an efficient cloud security strategy and find the right cloud security tools? Tripwire asked a range of cloud security experts to share their thoughts on some of the key challenges regarding secure cloud storage and cloud computing security.
Cloud Security
Guide
Guide

18 Expert Tips for Effective and Secure Cloud Migration

Organizations are increasingly migrating to the cloud to process their IT resources. Gartner predicts that cloud data centers will process 92 percent of workloads by 2020 1 , while Cisco forecasts cloud workloads to increase 3.2x in that span of time 2 . Under the Shared Responsibility Model, migrating organizations need to ensure security in the cloud by taking adequate measures to protect their...
Cloud Security