Resources
Guide

How Managed Services Can Help With Cybersecurity Compliance

Organizations are often overburdened with managing complex tools to handle their most important compliance responsibilities, and in many cases lack the internal headcount to manage those tools with highly-trained expertise. Managed services can solve your security staffing and resource challenges by arming your team with security expertise to maintain optimal compliance. Managed service providers...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NERC CIP
NIST
PCI DSS
SOX
What (Still) Needs to be Done to Secure the U.S. Power Grid in 2023?
Blog

What (Still) Needs to be Done to Secure the U.S. Power Grid in 2023?

By Tripwire Guest Authors on Tue, 06/27/2023
It’s no secret that the U.S. power grid is one of the main foundations of the nation’s economy, infrastructure, and daily way of life. Now that almost everything is digitized, it is hinging on it even more. We wouldn’t be able to use even most vending machines (not to mention cell towers or the internet) without a working electrical supply, and the...
Cybersecurity
Industrial Control Systems
A Sarbanes-Oxley Act (SOX) IT Compliance Primer
Blog

A Sarbanes-Oxley Act (SOX) IT Compliance Primer

By Anthony Israel-Davis on Mon, 06/26/2023
At the turn of the most recent century, the financial world was in a moment of unregulated growth, which lead to some serious corporate misdeeds in the United States. This presented the opportunity for two senators to enact a new law to ensure accurate and reliable financial reporting for public companies in the US. The result was the Sarbanes-Oxley Act...
Compliance
Security Configuration Management
Insider-Risk-Hits-Closer-to-Home
Blog

Insider Risk Hits Closer to Home

By Stefanie Shank on Wed, 06/21/2023
If you’re busy securing the perimeter, mandating strong authentication practices, and restricting software downloads, you may be missing the mark. (Just to be clear: if you are doing those things, keep it up. You’re off to a good start, and none of what follows here replaces classic and vital cybersecurity measures.) Protecting your organization from...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
The Future of Driverless Cars: Technology, Security and AI
Blog

The Future of Driverless Cars: Technology, Security and AI

By Bob Covello on Mon, 06/05/2023
Back in 2015, we published an article about the apparent perils of driverless cars. At that time, the newness and novelty of sitting back and allowing a car to drive you to your destination created a source of criminal fascination for some, and a nightmare for others. It has been eight years since the original article was published, so perhaps it is...
Vulnerability & Risk Management
Cybersecurity
Industrial Control Systems
noise_factory_soc
Blog

Do you Work in a SOC Noise Factory?

By Anthony Israel-Davis on Mon, 05/22/2023
Gabrielle is a security engineer. She deploys tools to scan for threats and vulnerabilities, read logs, and manage the security risks for her company, but is all that data really helping? Sometimes, it seems like she works in a noise factory instead of a SOC. The cacophony of all the log and event data and vulnerability scans are pouring into the SIEM,...
Cybersecurity
Incident Detection & Investigation
Beyond the firewall: How social engineers use psychology to compromise organizational cybersecurity
Blog

Beyond the firewall: How social engineers use psychology to compromise organizational cybersecurity

By Tripwire Guest Authors on Mon, 05/15/2023
A Social engineering attack is the process of exploiting weaknesses in human psychology to manipulate and persuade others to perform in a way that is harmful. Prior to the digital age, criminals would carry out these attacks in person, in what was known as a confidence game.  The perpetrators were referred to a “con men”, regardless of their gender.  ...
Cybersecurity
Incident Detection & Investigation
Allowlisting and Blocklisting: What you need to know
Blog

Allowlisting and Blocklisting: What you need to know

By Tripwire Guest Authors on Tue, 05/02/2023
The phone rings, displaying "Potential Spam," warning of the possible downfall of accepting the call. We also have the option to set specific ringtones for the special people in our lives, so we audibly know immediately who’s calling. For other callers, like the once-a-year important call from our insurance or investment rep, we'll at least add their...
Cybersecurity
Security Configuration Management
Root Cause Analysis for Deployment Failures
Blog

Root Cause Analysis for Deployment Failures

By Chris Hudson on Tue, 04/25/2023
Root Cause Analysis (RCA) is a technique used to identify the underlying reasons for a problem, with the aim of trying to prevent it from recurring in the future. It is often used in change management processes to help identify the source of any issues that arise following any modifications to a system or process. RCA is something Tripwire Enterprise...
Vulnerability & Risk Management
Incident Detection & Investigation
A Day in the Life of a SOC Team
Blog

A Day in the Life of a SOC Team

By Fortra Staff on Tue, 04/18/2023
This piece was originally published on Fortra’s AlertLogic.com Blog. Managed detection and response (MDR) would be nothing without a SOC (security operations center). They’re on the frontline of our clients’ defenses — a living, breathing layer of intelligence and protection to complement our automated cybersecurity features. These are the people who...
Cybersecurity
Incident Detection & Investigation
IT Security Operations & Asset Discovery
Datasheet

Tripwire NERC CIP Report Catalog

Fortra’s Tripwire NERC CIP Solution Suite is an advanced offering that augments Tripwire’s tools for meeting 23 of NERC CIP’s 44 requirements. The Tripwire NERC CIP Solution Suite allows you to achieve and maintain NERC CIP compliance with high efficacy and reduced effort. This suite includes continuous monitoring of cyber assets, automated assessment of security, and audit-ready evidence with...
Industrial Control Systems
What Is Microsegmentation and 5 Compelling Security Use Cases
Blog

What Is Microsegmentation and 5 Compelling Security Use Cases

By Tripwire Guest Authors on Mon, 04/17/2023
What Is Microsegmentation? Microsegmentation is a security technique that partitions a network into small, isolated sections to reduce the attack surface and reduce an organizations risk. Each microsegment is typically defined by specific security policies, accessible only to authorized users and devices. Microsegmentation is often seen as a more...
Cybersecurity
Security Configuration Management
CISA Publishes Advisory on Improving Network Monitoring and Hardening.
Blog

CISA Publishes Advisory on Improving Network Monitoring and Hardening

By Anastasios Arampatzis on Wed, 04/12/2023
CISA released in late February a cybersecurity advisory on the key findings from a recent Cybersecurity and Infrastructure Security Agency (CISA) red team assessment to provide organizations recommendations for improving their cyber posture. According to the Agency, the necessary actions to harden their environments include monitoring network activity...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
30-ransomware-prevention-tips-bw
Blog

30 Ransomware Prevention Tips

By Tripwire Guest Authors on Tue, 04/11/2023
Dealing with the aftermath of ransomware attacks is like Russian roulette. Submitting the ransom might seem like it’s the sole option for recovering locked data. Ransomware also continues to evolve as a threat category within the past year, with old names like REvil rearing their heads and new players like Black Basta emerging in 2022. Malicious actors...
Vulnerability & Risk Management
Cybersecurity
Incident Detection & Investigation
Distributed Energy Resources and Grid Security
Blog

Distributed Energy Resources and Grid Security

By Tripwire Guest Authors on Tue, 04/04/2023
As the United States government, the energy industry, and individual consumers work toward cleaner and more sustainable energy solutions, it is crucial to consider how new and advancing technologies affect, and are affected by, cybersecurity concerns. ­­­­Increasing use of smart energy devices can be useful for consumers to have more control over their...
Cybersecurity
Industrial Control Systems
A-Look-at-The-2023-Global-Automotive-Cybersecurity-Report
Blog

A Look at The 2023 Global Automotive Cybersecurity Report

By Tripwire Guest Authors on Mon, 03/20/2023
From its inception, the automotive industry has been shaped by innovation and disruption. In recent years, these transformations have taken shape in rapid digitization, ever-growing Electric Vehicle (EV) infrastructure, and advanced connectivity. These shifts have redirected the automotive industry, meeting and surpassing customer expectations for what...
Cybersecurity
Industrial Control Systems
How-Retiring-Gas-and-Coal-Plants-Affects-Grid-Stability
Blog

How Retiring Gas and Coal Plants Affects Grid Stability

By Katrina Thompson on Thu, 03/16/2023
Legacy gas and coal plants are being aged out – and no one wants to pay enough to keep them going. With increased pressure from green energy laws and added competition from renewable sources, these monsters of Old Power are being shown the door. Considering they've predated and precipitated all Industrial Revolutions (except for this last one – that was...
Vulnerability & Risk Management
Industrial Control Systems
How to Advance ICS Cybersecurity: Implement Continuous Monitoring
Blog

How to Advance ICS Cybersecurity: Implement Continuous Monitoring

By Anastasios Arampatzis on Mon, 02/06/2023
Industrial control systems are fundamental to all industrial processes, from power generation to water treatment and manufacturing. ICS refers to the collection of devices that govern a process to ensure its safe and effective execution. These devices include Supervisory Control and Data Acquisition (SCADA) systems, Distributed Control Systems (DCS),...
Industrial Control Systems
Pylon and cables
Blog

The State of the US National Cybersecurity Strategy for the Electric Grid

By Anastasios Arampatzis on Wed, 02/01/2023
The distribution systems of the U.S. energy grid — the portions of the grid that carry electricity to consumers — are growing more susceptible to cyber-attacks, in part due to the advent of monitoring and control technology and their reliance on them. However, the magnitude of the possible consequences of such attacks is not fully understood. Reports by...
Compliance
NIST
Industrial Control Systems
Network Security Threats and Defenses: A 2023 Guide
Blog

Network Security Threats and Defenses: A 2023 Guide

By Tripwire Guest Authors on Mon, 01/30/2023
What Is Network Security? Network security is a broad field, encompassing various processes, policies, rules, standards, frameworks, software, and hardware solutions. Its primary goal is to protect a network and its data from various threats, including intrusions and breaches. A network security program typically utilizes a combination of access...
Cybersecurity
Security Configuration Management