Resources

Guide
Guide

Cloud Article Anthology, vol. 1

Security leaders charged with reducing their organizations’ cloud attack surfaces have to stay continually up-to-date in a security landscape that changes in the blink of an eye. This anthology of insights from some of Tripwire’s leading cloud experts will help you understand how to prioritize and tackle your cloud security imperatives. Download your copy now to learn: Eight cloud security best...
Cloud Security
Guide
Guide

Communicating Cybersecurity to Boards and Executives: A Workbook to Help Build Cybersecurity Literacy

We’ve all heard, “it’s not a matter of if you’ll be breached, but when.” If a breach occurs, is your organization prepared to detect it quickly? Now more than ever, corporate executives and boards are asking for assurance that the organization and its sensitive data is adequately protected. This cybersecurity self-assessment is derived from the Cyber-Risk and Oversight Handbook developed by the...
Cybersecurity Skills Gap
Guide
Guide

How to Achieve Compliance with the NIS Directive

Network and information systems (NIS) and the essential functions they support play a vital role in society from ensuring the supply of electricity, water, oil and gas to the provisioning of healthcare and the safety of passenger and freight transport. In addition, computerized systems are performing vital safety-related functions designed to protect human lives. For example, such systems are...
Compliance
Guide
Guide

Adjusting to the Reality of Risk Management Framework

The Risk Management Framework ( RMF ) is an approach to systems security management that adjusts security controls based on risk factors. The practice involves a continuous cycle of identifying new threats, choosing effective controls, measuring their effectiveness and improving system security. Federal entities need to understand and utilize RMF as a core part of their FISMA compliance activities...
Vulnerability & Risk Management
Guide
Guide

Building a Mature Vulnerability Management Program

A successful vulnerability management program requires more than the right technology. It requires dedicated people and mature processes. When done properly, the result can be a continuously improving risk management system for your organization. This white paper was written by CISSP-certified Tripwire system engineers with extensive experience in implementation of vulnerability management...
Vulnerability & Risk Management
Guide
Guide

Actionable Threat Intelligence: Automated IoC Matching with Tripwire

A key security challenge is finding and rooting out malware that has already become embedded on key assets. Organizations today have myriad threat intelligence sources to leverage. However, simply getting the intelligence into your organization is not enough. Unless you have a way to operationalize myriad threat intelligence sources to make it actionable and useful, threat intelligence just...
Incident Detection & Investigation
Datasheet
Datasheet

Tripwire Vulnerability Risk Metrics

A vulnerability management program should provide a series of metrics that outline the vulnerability risk to the organization and how the risk posture is trending. In addition to this, reports should be provided which show system owners which vulnerabilities pose the greatest risk to the organization and how to remediate them. This report outlines recommendations for vulnerability management...
Vulnerability & Risk Management
Datasheet
Datasheet

Calculating the ROI of a Vulnerability Management Program

Return on investment on IT security infrastructure purchases (solutions and products) has traditionally been hard to quantify. However, there are some compelling aspects of securing an organization’s infrastructure that can be identified and quantified. This discipline will continue to evolve as organizations focus on managing and balancing their security expenses and strive to control the...
Vulnerability & Risk Management
Guide
Guide

The Five Stages of Vulnerability Management Maturity

One key element of an effective information security program within your organization is having a good vulnerability management (VM) program, as it can identify critical risks. Most, if not all, regulatory policies require a VM program, and information security frameworks advise implementing VM as one of first things an organization should do when building their information security program...
Vulnerability & Risk Management
Guide
Guide

9 Steps for Maturing Beyond Checkbox Compliance

A common mistake many organizations make is approaching cybersecurity as a series of actions taken in order to check the right compliance boxes. If this sounds familiar, it’s likely that you’ve witnessed something similar to the cycle of crisis-driven audit preparation, a suspenseful audit, remediating based on those findings, and waiting until the next hurried audit preparation phase returns...
Compliance
Datasheet
Datasheet

Tripwire Vulnerability Scoring System

Vulnerability and Risk Analysis Measuring and managing the security risk associated with information and information technology remains one of the most challenging and debated problems faced by all levels of an organization. While scoring standards designed to assist with solving this problem have been developed over the past decade, a select few have accomplished this and those that have are...
Vulnerability & Risk Management
Datasheet
Datasheet

Align with the UK Cyber Essentials Using Tripwire Solutions

As global events have led to many of us working from home, it has become more important more than ever to ensure your organisation’s network is protected and secure. Cyber Essentials is an important information assurance scheme that you can use to ensure this is the case. If you are looking to meet the standards of Cyber Essentials, Tripwire® Enterprise, Tripwire IP360™, Tripwire Log Center™, and...
Datasheet
Datasheet

Tripwire Virtual & Cloud Appliances

Vulnerability Management For The Cloud Tripwire® IP360™, our proactive vulnerability management solution, helps your IT security organization protect data and systems in corporate and cloud networks from vulnerabilities exploited by cyberthreats. Our solution provides comprehensive endpoint and network intelligence, and then applies advanced analytics to prioritize vulnerabilities. It flags the...
Datasheet
Datasheet

Tripwire Vulnerability Intelligence

There’s not enough time in the day to investigate every system change and remediate every vulnerability. Ever-evolving capabilities of cyber adversaries—coupled with the dynamic nature of corporate networks— makes security prioritization increasingly difficult. With Tripwire® Enterprise and Tripwire IP360™ managed service offerings, you can minimize the amount of time you spend addressing high...
Vulnerability & Risk Management
Datasheet
Datasheet

Achieving the United Arab Emirates (UAE) Information Assurance Standard with Tripwire Enterprise

Keeping sensitive data and assets safe is the goal of regulatory cybersecurity frameworks such as the United Arab Emirates (UAE) Information Assurance Standard. Mitigating cyber threats and ensuring the development of a secure national information and communications infrastructure and cyberspace is a strategic priority for the UAE. To this end, the UAE Information Assurance (IA) Standard acts as a...
Datasheet
Datasheet

Tripwire Mapping to the NIS Directive

NIS Directive - CAF Version 2.0 Mapping Statements in blue indicate where Tripwire product(s) meet the objective. Tripwire Product Mapping Against the NIS Directive Cyber Assessment Framework (CAF) Tripwire Product Mapping — Rationalization
Datasheet
Datasheet

23 NYCCR 500 and Tripwire Solutions

The financial services market is a key target for cyber criminals given potential financial rewards. Their motives can also be political since financial systems are critical infrastructure for society. The New York State Department of Financial Services (DFS), the regulatory body that oversees financial services companies licensed by or operating in the state, has been closely observing the ever-...
Datasheet
Datasheet

Automate Change Monitoring With Tripwire State Analyzer

Changes occur nearly every second in the typical network. These changes most commonly include those made to group memberships, which ports are open, software patches, and a variety of other categories. That is precisely why it is so important to remain compliant with standards that regulate change monitoring, such as North American Energy Reliability Corporation Critical Infrastructure Protection...
Datasheet
Datasheet

Tripwire State Analyzer Report Catalog

Tripwire® State Analyzer automates change alerts. It works in tandem with Tripwire Enterprise and Tripwire IP360™ to provide smart alerting and automation in critical security areas that are not manageable by traditional system state monitoring approaches. Originally developed for customers with high security requirements in the electric generation and transmission utilities industry, its high...
Datasheet
Datasheet

The Tripwire NERC CIP Solution Suite

The North American Electric Reliability Corporation (NERC) maintains comprehensive reliability standards that define requirements for planning and operating the bulk electric system (BES). Among these are the Critical Infrastructure Protection (CIP) Cyber Security Standards, which specify a minimum set of controls and processes for power generation and transmission companies to follow to ensure...
Compliance
NERC CIP