Resources

Guide
Guide

Survey: Securing Public Cloud Infrastructure

Do you have a centralized view of your organization’s security posture and policy compliance across all cloud accounts? A Tripwire and Dimensional Research survey conducted in 2021 found that only 21 percent of security professionals could answer “yes.” The survey included more than 300 cybersecurity professionals who are directly responsible for the security of public cloud infrastructure within...
Cloud Security
Guide
Guide

Securing AWS Cloud Management Configurations

Amazon has captured nearly half of the cloud market making it a prime target for attacks. When AWS accounts are compromised, the go-to payload is often cryptocurrency mining where attackers make money using stolen CPU cycles that get billed to the victim's account. Fortunately, there is guidance from the Center for Internet Security (CIS). In 2016, CIS launched the Amazon Web Services Foundations...
Cloud Security
Guide
Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Compliance
CIS Controls
FISMA
GDPR
HIPAA
NIST
PCI DSS
Guide
Guide

Implementing Cloud Security Best Practices

Cybersecurity professionals the world over share common cloud security concerns like risk management, configuration security, and cloud compliance. As organizations expand further into the cloud, there continues to be an influx of simple mistakes that can expose organizations to significant security, privacy, and regulatory risks. Tripwire partnered with Dimensional Research to understand what...
Cloud Security
Guide
Guide

Solid Foundations for Cloud Security: Houses Built on Sand or Rock

Moving mission critical applications to the cloud provides a whole host of benefits but it also means trusting cloud providers with key aspects of security and compliance. This paper provides tools you can use to evaluate the security and compliance offerings of cloud computing partners. It also describes how Tripwire’s solutions can be used to build and deploy a rock-solid security foundation for...
Cloud Security
Guide
Guide

Executing an Efficient Cloud Security Strategy

How do organizations execute an efficient cloud security strategy and find the right cloud security tools? Tripwire asked a range of cloud security experts to share their thoughts on some of the key challenges regarding secure cloud storage and cloud computing security.
Cloud Security
Guide
Guide

18 Expert Tips for Effective and Secure Cloud Migration

Organizations are increasingly migrating to the cloud to process their IT resources. Gartner predicts that cloud data centers will process 92 percent of workloads by 2020 1 , while Cisco forecasts cloud workloads to increase 3.2x in that span of time 2 . Under the Shared Responsibility Model, migrating organizations need to ensure security in the cloud by taking adequate measures to protect their...
Cloud Security
Guide
Guide

Cloud Control Buyer's Guide

Introduction The world of IT is moving to the cloud for flexibility, on-demand computing resources, and speed just to name a few benefits. Market data varies but estimates of cloud usage show that in the range of 20–25% of overall compute workloads are operating in public cloud environments today, with that expected to grow to 50% over the next 5–10 years. However, most organizations haven’t moved...
Cloud Security
Guide
Guide

Cloud Article Anthology, vol. 1

Security leaders charged with reducing their organizations’ cloud attack surfaces have to stay continually up-to-date in a security landscape that changes in the blink of an eye. This anthology of insights from some of Tripwire’s leading cloud experts will help you understand how to prioritize and tackle your cloud security imperatives. Download your copy now to learn: Eight cloud security best...
Cloud Security
Datasheet
Datasheet

Tripwire ExpertOps and NIST 800-171

Federal security managers expect that most federally run systems are actively engaging with FISMA compliance for protecting federal data and systems. However, as we all know, federal information does not remain only in federally operated systems. Data and IT systems connect via the Internet and other networks for business, operations and research. Information about citizens, banking and finance...
Compliance
NIST
Datasheet
Datasheet

Tripwire Cloud Deployment Services

Cloud computing has transformed business and government at an extraordinary pace by delivering business-supporting technology more efficiently than ever. The cloud has changed the way IT thinks about how to design and deliver computing technology applications and, according to Gartner, by 2015 10% of enterprise IT security will be delivered in the cloud. What if enterprises could improve IT...
Cloud Security
Datasheet
Datasheet

Tripwire Resident Engineers

The cybersecurity skills gap can leave many organizations without adequate staffing for the operation of their security tools. High turnover rates can also cause an organization to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote...
Compliance
NERC CIP
NIST
PCI DSS
SOX
Datasheet
Datasheet

Tripwire Resident Engineers for Federal Agencies

The cybersecurity skills gap leaves Federal agencies without adequate staffing for the operation of their security tools. High turnover rates can also cause agencies to lose essential knowledge when team members leave who were familiar with the tools. To complicate matters further, the pandemic is driving the need for temporary cybersecurity support as agencies navigate new, remote work...
Compliance
NERC CIP
NIST
Datasheet
Datasheet

Improving your Cybersecurity Posture with the NIST Cybersecurity Framework

There isn’t an industry that hasn’t been affected by cyber threats, and the broadcast industry is no exception. In April 2015, France’s TV5Monde was attacked, resulting in eleven of its channels going dark and its social media outlets commandeered to display pro-Islamic State messages. This was preceded by an attack on WBOC in Salisbury, Maryland, where their Twitter account and website were...
Compliance
NIST
Datasheet
Datasheet

Maintaining the Security and Integrity of Electronic Health Record Systems

The value of electronic health record (EHR) systems is immense. These digital records are designed to be available anytime and anywhere, connecting healthcare providers with patient data. EHRs are a central repository of patient medical histories, medications, diagnoses, immunization dates, allergies, lab results and radiology images. With access to this accurate patient information, providers can...
Compliance
HIPAA
NIST
Datasheet
Datasheet

Cloud Data Security: Implementing Smarter Cloud Security

The trend of mass migration to the cloud brings benefits like lower operating costs, easier deployability, and the flexibility of an elastic environment. However, it’s crucial to understand that the responsibility to secure your cloud infrastructure still falls on your organization. Cloud providers allow organizations to take advantage of their infrastructure, resulting in a shared model for...
Cloud Security
VERT Threat Alert: September 2022 Patch Tuesday Analysis
Blog
Blog

VERT Threat Alert: August 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 08/09/2022
Today’s Patch Tuesday VERT Alert addresses Microsoft’s August 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1015 on Wednesday, August 10th. In-The-Wild & Disclosed CVEs CVE-2022-34713 According to Microsoft, CVE-2022-34713 is a variant of the Dogwalk vulnerability . There has been a lot of Twitter discussion around this Dogwalk as...
Vulnerability & Risk Management
VERT Research
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022
Blog
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 1, 2022

By Andrew Swoboda on Mon, 08/08/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 1 st , 2022. I’ve also included some comments on these stories. Windows 11 Smart App Control blocks files used to push malware Smart App Control, a Windows 11...
Vulnerability & Risk Management
VERT Research
Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022
Blog
Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of July 25, 2022

By Andrew Swoboda on Mon, 08/01/2022
All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of July 25, 2022. I’ve also included some comments on these stories. SonicWall fixed critical SQLi in Analytics and GMS products Security company SonicWall addressed a...
Vulnerability & Risk Management
VERT Research