Resources

Network Security Threats and Defenses: A 2023 Guide
Blog

Network Security Threats and Defenses: A 2023 Guide

By Tripwire Guest Authors on Mon, 01/30/2023
Image What Is Network Security? Network security is a broad field, encompassing various processes, policies, rules, standards, frameworks, software, and hardware solutions. Its primary goal is to protect a network and its data from various threats, including intrusions and breaches. A network security program typically utilizes a...
Cybersecurity
Security Configuration Management
The Heightened Importance of Cybersecurity in Mobile App Development
Blog

The Heightened Importance of Cybersecurity in Mobile App Development

By Tripwire Guest Authors on Thu, 01/12/2023
Image Mobile device use is pervasive, and has eclipsed traditional computing.  We often hear how various malicious mobile apps are released into circulation.  For these reasons, mobile app development needs to focus on cybersecurity just as much as it does on functionality and flexibility, if not more so. It’s an inevitable aspect of...
Cybersecurity
Security Configuration Management
The Future of CASE Vehicles is Upon Us
Blog

The Future of Connected, Autonomous, Shared, and Electric (CASE) Vehicles is Upon Us.

By Tripwire Guest Authors on Fri, 12/30/2022
Image The popularity of electric vehicles is partly a response to the desire of achieving sustainability and carbon footprint reduction. Automobile manufacturers are making substantial investments to tackle emissions issues, create environment-friendly vehicles, and align with Environmental, Social, and Governance (ESG) requirements....
Cybersecurity
Industrial Control Systems
Choosing the Right Industrial Cybersecurity Framework
Blog

Choosing the Right Industrial Cybersecurity Framework

By John Salmi on Wed, 12/07/2022
Image   It’s no surprise that industrial environments have become increasingly valuable targets for malicious behavior. The State of Security has featured many cybersecurity events across myriad industrial verticals, including but not limited to chemical manufacturing, transportation, power generation and petrochemical. Several of...
Cybersecurity
Industrial Control Systems
How proper use of Identity and Access Management (IAM) can protect your organization from breaches
Blog

How proper use of Identity and Access Management (IAM) can protect your organization from breaches.

By Tripwire Guest Authors on Tue, 12/06/2022
Image In the world of security, authentication, and authorization methodologies are foundational aspects of defense. Authentication techniques protect against unlawful entry to systems through the verification of a user, and authorization either grants or denies the verified user’s access level. For example, if an employee from the...
Cybersecurity
Security Configuration Management
How-to-Overcome-Access-Governance-Challenges-in-MultiCloud-Environments
Blog

How to Overcome Access Governance Challenges in Multi-Cloud Environments

By Tripwire Guest Authors on Mon, 12/05/2022
Image Identity governance, also known as access governance, is an integral part of any enterprise data protection and compliance framework. Seamless and timely access to required systems or resources can significantly increase employees’ productivity and performance. However, excessive privileges or unmonitored user access can often...
Vulnerability & Risk Management
Security Configuration Management
Highlights From the Tripwire Energy & NERC Compliance Working Group
Blog

Highlights From the Tripwire Energy & NERC Compliance Working Group

By Travis Emerson on Wed, 11/30/2022
Image Recently, Tripwire held its Energy and NERC Compliance Working Group virtual event. Tripwire has customers spanning the entire energy industry, including small, medium, and large city municipals, cooperatives, and investor-owned utilities and energy companies. The information shared in these sessions offered valuable insights...
Security Configuration Management
Cyberattacks Targeting Smaller Healthcare Companies and Specialty Clinics, but Why?
Blog

Cyberattacks are targeting smaller healthcare companies and specialty clinics. But why?

By Tripwire Guest Authors on Mon, 11/28/2022
Image The healthcare industry has been a favored target for cybercriminals for many years. In the first half of 2022 alone, 324 attacks against healthcare organizations have been reported. Attackers have primarily focused on large hospitals in years past, but there has been a sudden switch to smaller healthcare companies and specialty...
Vulnerability & Risk Management
Cybersecurity
Industrial Control Systems
Integrity Monitoring Use Cases: Compliance
Blog

Security Configuration Management Use Cases: Policy Monitoring for Security

By David Bruce on Wed, 11/23/2022
Image In the business world, compliance means making sure that companies of all sizes are meeting the standards set by regulatory or oversight groups in various laws and standards, such as HIPAA, PCI DSS, SOX, and GDPR. Sometimes, an organization will self-impose its compliance by adhering to guidance and frameworks from organizations...
Vulnerability & Risk Management
Compliance
Security Configuration Management
Integrity Monitoring Use Cases: Compliance
Blog

Integrity Monitoring Use Cases: Policy Monitoring for Compliance

By David Bruce on Fri, 11/11/2022
Image In response to increasing societal concerns about the way businesses store, process, and protect the sensitive data they collect from their customers, governments and standardization organizations have enacted a patchwork of regulations and laws. Some of these are generic regulations (CCPA, GDPR), while others are industry...
Cybersecurity
Compliance
Security Configuration Management
The Cross-Sector Cybersecurity Performance Goals (CPGs): What you need to know
Blog

The Cross-Sector Cybersecurity Performance Goals (CPGs): What you need to know

By Tyler Reguly on Wed, 11/09/2022
Image The Cross-Sector Cybersecurity Performance Goals (CPGs) are a new baseline released jointly by CISA, NIST, and the interagency community, with a goal of providing consistency across all critical infrastructure. The primary webpage for these goals gives us a great understanding of what they are (and are not). It is worth delving...
Industrial Control Systems
Developing an Effective Change Management Program
Blog

Developing an Effective Change Management Program

By John Salmi on Tue, 11/08/2022
Image Change detection is easy. What is not so easy, is reconciling change. Change reconciliation is where most organizations stumble. What was the change? When was it made? Who made it? Was it authorized?  The ability to answer these questions are the elements that comprise change management. Historically, the haste of accomplishing...
Vulnerability & Risk Management
Cybersecurity
Security Configuration Management
Getting started with Zero Trust: What you need to consider
Blog

Getting started with Zero Trust: What you need to consider

By David Bruce on Mon, 11/07/2022
Image Have you ever walked up to an ATM after another person finished with the machine only to find they left it on a prompt screen asking, “Do you want to perform another transaction?” I have. Of course, I did the right thing and closed out their session before beginning my own transaction. That was a mistake an individual made by...
Cybersecurity
Compliance
NIST
Security Configuration Management
What Does the Industry Want to Improve on NIST Cybersecurity Framework 2.0
Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

By Anastasios Arampatzis on Mon, 10/24/2022
Image The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014...
Compliance
NIST
Industrial Control Systems
How Is IT/OT Convergence Transforming Smart Manufacturing?
Blog

How Is IT/OT Convergence Transforming Smart Manufacturing?

By Tripwire Guest Authors on Mon, 10/17/2022
Image For most modern businesses, there’s a divide between Information Technology (IT) and Operational Technology (OT). The difference between these equally integral facets of digital manufacturing is a subject currently under debate. Ultimately, information technology deals with information and data. In contrast, operational...
Industrial Control Systems
Guide

Beyond the Basics: Tripwire Enterprise Use Cases

Security, compliance, and IT operations leaders need a powerful and effective way to accurately identify security misconfigurations and indicators of compromise. Explore the many ways Tripwire Enterprise can protect your organization with superior security and continuous compliance.
Compliance
File Integrity & Change Monitoring
Security Configuration Management
Defense in Depth: 4 Essential Layers of ICS Security
Blog

Defense in Depth: 4 Essential Layers of ICS Security

By Editorial Staff on Tue, 09/20/2022
Image It is always said that security is never a one-size-fits-all solution.  This is true not only because of the apparent infinite varieties of equipment in each individual organization, but also, and perhaps more importantly, the different ways that every organization views security. Some spend lots of time focusing on physical...
Industrial Control Systems
On-Demand Webinar

Industrial Cybersecurity - What You Don't Know Might Hurt You

Mon, 08/15/2022
Getting a clear assessment of your assets is the first step toward developing a mature OT network or control system. A well maintained asset inventory allows your organization to quickly manage risk affecting your operations availability, reliability and safety. Industrial environments often need to map assets to NIST, ITIL, ISO, COBIT or process automation standards like ANSI/ISA99-IEC-62443. You can achieve significant efficiency improvement and save time within industrial environments by automating asset management instead of following manual spreadsheet processes. Cyber security experts David Meltzer, Chief Research Officer at Tripwire, Tony Gore, CEO at Red Trident Inc., and John Powell, Senior Critical Infrastructure Engineer at Red Trident Inc., will discuss the practical 1-2-3 basics of industrial cyber security and how to get started automating asset management. Attendees will also learn how to build an effective strategy for protecting industrial assets - networks, endpoints and controllers. Key Takeaways: Learn how to automate and simplify the inventory process and secure your assets Understand what cyber security standards may apply to your unique environment Hear real-world tips on how to prioritize and work across functional silos within your company Receive an industrial cyber security assessment checklist to help gauge your starting point
Industrial Control Systems
On-Demand Webinar

How to Balance NERC CIPv6 vs. CIPv5 Compliance (and Why it Matters)

Mon, 08/15/2022
The extension of the NERC CIPv5 deadline to July 2016 means that registered entities have gained a small window of time for their compliance projects, but they now face a combined compliance deadline for CIPv5 and CIPv6 in July. Join Nick Santora, CEO of Curricula, and Tim Erlin, Director of IT Risk & Security Strategist at Tripwire, for a discussion on the potential impact of...
Compliance
NERC CIP