Resources

Blog

Choosing the Right Industrial Cybersecurity Framework

By John Salmi on Wed, 12/07/2022

It’s no surprise that industrial environments have become increasingly valuable targets for malicious behavior. The State of Security has featured many cybersecurity events across myriad industrial verticals, including but not limited to chemical manufacturing , transportation , power generation and petrochemical . Several of these industries have taken great strides in improving their defense...

Blog

Cyberattacks are targeting smaller healthcare companies and specialty clinics. But why?

By Tripwire Guest Authors on Mon, 11/28/2022

The healthcare industry has been a favored target for cybercriminals for many years. In the first half of 2022 alone, 324 attacks against healthcare organizations have been reported. Attackers have primarily focused on large hospitals in years past, but there has been a sudden switch to smaller healthcare companies and specialty clinics. There seems to be a clear trend in attacks against the...

Blog

The Cross-Sector Cybersecurity Performance Goals (CPGs): What you need to know

By Tyler Reguly on Wed, 11/09/2022

The Cross-Sector Cybersecurity Performance Goals (CPGs) are a new baseline released jointly by CISA, NIST, and the interagency community, with a goal of providing consistency across all critical infrastructure. The primary webpage for these goals gives us a great understanding of what they are (and are not). It is worth delving into those specifics to understand where the CPGs apply, and how they...

Blog

VERT Threat Alert: November 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 11/08/2022

Today’s VERT Aler t addresses Microsoft’s November 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1029 on Wednesday, November 9th. In-The-Wild & Disclosed CVEs CVE-2022-41091 This vulnerability allows a malicious individual to bypass Mark of the Web . Mark of the Web is what is used to present security warnings when opening files and...

Blog

What the industry wants to improve on NIST Cybersecurity Framework 2.0

By Anastasios Arampatzis on Mon, 10/24/2022

The NIST Cybersecurity Framework was meant to be a dynamic document that is continuously revised, enhanced, and updated. These upgrades allow the Framework to keep up with technological and threat developments, incorporate lessons learned, and transform best practices into standard procedures. NIST created the Framework in 2014 and updated it with CSF 1.1 in April 2018 . The National Institute of...

Blog

How Is IT/OT Convergence Transforming Smart Manufacturing?

By Tripwire Guest Authors on Mon, 10/17/2022

For most modern businesses, there’s a divide between Information Technology (IT) and Operational Technology (OT). The difference between these equally integral facets of digital manufacturing is a subject currently under debate. Ultimately, information technology deals with information and data. In contrast, operational technology handles the physical processes necessary to use that information...

Case Study

Case Study: Why One Fortune 250 Electric & Gas Utility Trusts Fortra’s Tripwire for Unbeatable Accuracy

Vulnerability & Risk Management

Cybersecurity

Compliance

NERC CIP

PCI DSS

Industrial Control Systems

Blog

Defense in Depth: 4 Essential Layers of ICS Security

By Editorial Staff on Tue, 09/20/2022

It is always said that security is never a one-size-fits-all solution. This is true not only because of the apparent infinite varieties of equipment in each individual organization, but also, and perhaps more importantly, the different ways that every organization views security. Some spend lots of time focusing on physical security, especially those with industrial control systems ( ICS ). Others...

Blog

VERT Threat Alert: September 2022 Patch Tuesday Analysis

By Tyler Reguly on Tue, 09/13/2022

Today’s VERT Alert addresses Microsoft’s September 2022 Security Updates . VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-1021 on Wednesday, September 14th. In-The-Wild & Disclosed CVEs CVE-2022-23960 The first disclosed vulnerability this month is Spectre-BHB that is discussed in great detail on arm Developer. The Microsoft update for this vulnerability...

Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of September 5, 2022

By Andrew Swoboda on Mon, 09/12/2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of September 5 th , 2022. I’ve also included some comments on these stories. Critical RCE Vulnerability Affects Zyxel NAS Devices — Firmware Patch Released Networking...

Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022

By Andrew Swoboda on Mon, 09/05/2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 29 th , 2022. I’ve also included some comments on these stories. WordPress 6.0.2 Patches Vulnerability That Could Impact Millions of Legacy Sites The WordPress team...

Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

By Andrew Swoboda on Mon, 08/29/2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 22nd, 2022, including some commentary of mine. VMware fixed a privilege escalation issue in VMware Tools VMware this week released patches to address an important...

Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 15, 2022

By Andrew Swoboda on Mon, 08/22/2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 15 th , 2022. I’ve also included some comments on these stories. Newly Uncovered PyPI Package Drops Fileless Cryptominer to Linux Systems A now-removed rogue package...

Blog

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022

By Andrew Swoboda on Tue, 08/16/2022

All of us at Tripwire’s Vulnerability Exposure and Research Team (VERT) are constantly looking out for interesting stories and developments in the infosec world. Here’s what cybersecurity news stood out to us during the week of August 8 st , 2022. I’ve also included some comments on these stories. Slack leaked hashed passwords from its servers for years Did Slack send you a password reset link...

On-Demand Webinar

Industrial Cybersecurity - What You Don't Know Might Hurt You

Mon, 08/15/2022

Getting a clear assessment of your assets is the first step toward developing a mature OT network or control system. A well maintained asset inventory allows your organization to quickly manage risk affecting your operations availability, reliability and safety. Industrial environments often need to map assets to NIST, ITIL, ISO, COBIT or process automation standards like ANSI/ISA99-IEC-62443. You can achieve significant efficiency improvement and save time within industrial environments by automating asset management instead of following manual spreadsheet processes. Cyber security experts David Meltzer, Chief Research Officer at Tripwire, Tony Gore, CEO at Red Trident Inc., and John Powell, Senior Critical Infrastructure Engineer at Red Trident Inc., will discuss the practical 1-2-3 basics of industrial cyber security and how to get started automating asset management. Attendees will also learn how to build an effective strategy for protecting industrial assets - networks, endpoints and controllers. Key Takeaways: Learn how to automate and simplify the inventory process and secure your assets Understand what cyber security standards may apply to your unique environment Hear real-world tips on how to prioritize and work across functional silos within your company Receive an industrial cyber security assessment checklist to help gauge your starting point

Guide

Tripwire State of Industrial Cybersecurity Report

As news of cyberthreats targeting industrial environments like energy utilities and manufacturing plants continues to surface, Tripwire surveyed security professionals who work in these industries to understand how industrial organizations are protecting themselves. The survey findings revealed insights on the security professionals’ levels of concern, investment in cybersecurity, and how they are...

Guide

Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism.

Guide

Industrial Cybersecurity Experts Share 14 of Their Biggest Tips and Predictions

The task of building and running an effective cybersecurity program is a major challenge for any complex organization, but those in charge of industrial control systems (ICS) have even more to figure out than their strictly-IT counterparts. How can industrial organizations overcome the cybersecurity skills gap? What about the increasingly-difficult endeavor of bringing the IT and OT sides of the...

Guide

6 Expert Industrial Cybersecurity Tips for CISOs

Digital attacks are a growing concern for industrial control system (ICS) security professionals. In a 2019 survey conducted by Dimensional Research , 88 percent of respondents told Tripwire that they were concerned about the threat of a digital attack. An even greater percentage (93 percent) attributed their concerns to the possibility of an attack producing a shutdown or downtime. Other survey...

Guide

The Industrial Control System (ICS) Visibility Imperative

The rapid convergence of IT and OT systems can leave even the most cybersecurity-mature organizations exposed. Industrial security teams are under-reacting to new cyberthreats, and legacy operational technology simply wasn’t built to handle the risks incurred by connecting to IT systems. The main issue is visibility: You can’t secure what you can’t see. Safety, productivity, and uptime are...

Choosing the Right Industrial Cybersecurity Framework

Cyberattacks are targeting smaller healthcare companies and specialty clinics. But why?

The Cross-Sector Cybersecurity Performance Goals (CPGs): What you need to know

VERT Threat Alert: November 2022 Patch Tuesday Analysis

What the industry wants to improve on NIST Cybersecurity Framework 2.0

How Is IT/OT Convergence Transforming Smart Manufacturing?

Case Study: Why One Fortune 250 Electric & Gas Utility Trusts Fortra’s Tripwire for Unbeatable Accuracy

Defense in Depth: 4 Essential Layers of ICS Security

VERT Threat Alert: September 2022 Patch Tuesday Analysis

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of September 5, 2022

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 29, 2022

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 22, 2022

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 15, 2022

Extra, Extra, VERT Reads All About It: Cybersecurity News for the Week of August 8, 2022

Industrial Cybersecurity - What You Don't Know Might Hurt You

Tripwire State of Industrial Cybersecurity Report

Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1

Industrial Cybersecurity Experts Share 14 of Their Biggest Tips and Predictions

6 Expert Industrial Cybersecurity Tips for CISOs

The Industrial Control System (ICS) Visibility Imperative

Contact Information

Privacy Policy

Cookie Policy

Impressum