Guide
Secure Remote Access
As an organization’s infrastructure becomes more and more connected and complicated, it becomes more important than ever to have a safe and protected way for employees to access systems remotely. This is not just a challenge for IT environments, but OT environments as well. Nearly half of the Fortune 2000 organizations consider OT networks to be critical components of their business1. It’s...
Guide
Securing AWS Cloud Management Configurations
Amazon has captured nearly half of the cloud market making it a prime target for attacks. When AWS accounts are compromised, the go-to payload is often cryptocurrency mining where attackers make money using stolen CPU cycles that get billed to the victim's account. Fortunately, there is guidance from the Center for Internet Security (CIS). In 2016, CIS launched the Amazon Web Services Foundations...
Guide
Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1
The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism.
Guide
PCI DSS and the CIS Controls
Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...
Guide
IoT and IIoT Security Survey
How many internet of things (IoT) and industrial internet-of-things (IIoT) devices connect to your network? In particular, the increased proliferation of connected devices in the industrial space brings about growing concerns for OT operators charged with keeping their networks compliant and safe from the impacts of cyberattacks or human error. So what is the current state of IIoT cybersecurity...
Guide
Mind the Cybersecurity Gap: Why Compliance Isn't Enough
Every organization wants to be secure in the long term, but compliance might order them to focus on implementing certain safeguards within a short period. Given this situation, some organizations might elect to focus on compliance now and look at security later. This might involve designating budget for compliance before allocating additional funds for security at some point in the future. This...
Guide
Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls
The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Guide
Industrial Cybersecurity Experts Share 14 of Their Biggest Tips and Predictions
The task of building and running an effective cybersecurity program is a major challenge for any complex organization, but those in charge of industrial control systems (ICS) have even more to figure out than their strictly-IT counterparts. How can industrial organizations overcome the cybersecurity skills gap? What about the increasingly-difficult endeavor of bringing the IT and OT sides of the...
Guide
6 Expert Industrial Cybersecurity Tips for CISOs
Digital attacks are a growing concern for industrial control system (ICS) security professionals. In a 2019 survey conducted by Dimensional Research , 88 percent of respondents told Tripwire that they were concerned about the threat of a digital attack. An even greater percentage (93 percent) attributed their concerns to the possibility of an attack producing a shutdown or downtime. Other survey...
Guide
The Industrial Control System (ICS) Visibility Imperative
The rapid convergence of IT and OT systems can leave even the most cybersecurity-mature organizations exposed. Industrial security teams are under-reacting to new cyberthreats, and legacy operational technology simply wasn’t built to handle the risks incurred by connecting to IT systems. The main issue is visibility: You can’t secure what you can’t see. Safety, productivity, and uptime are...
Guide
Implementing Cloud Security Best Practices
Cybersecurity professionals the world over share common cloud security concerns like risk management, configuration security, and cloud compliance. As organizations expand further into the cloud, there continues to be an influx of simple mistakes that can expose organizations to significant security, privacy, and regulatory risks. Tripwire partnered with Dimensional Research to understand what...
Guide
Industrial Cybersecurity is Essential
Don’t believe there are real cyberthreats to your operations network and control systems? Data shows otherwise. Better foundational industrial cybersecurity practices can help prevent disruption to your operations and financial risk to your bottom line.
Guide
Federal Cybersecurity: Security Fundamentals for Federal Agencies
Cybersecurity experts are urging government agencies to protect their data with up-to-date, foundational security controls, and agencies are listening. But how can they determine where exactly to focus their efforts to maximize efficiency and ensure a strong security stance? This white paper details the four key components federal agencies need in order to establish and maintain a robust security...
Guide
5 Critical Steps: Complete Security Risk and Compliance Lifecycle for Government
Maintaining security and compliance in today’s ever-changing environment is a never-ending task. To manage that task, the most successful government organizations adopt a systematic approach that promotes continuous improvement. Tripwire is a leading provider of enterprise-class foundational controls for federal security, compliance, and IT operations. We listened to our customers to understand...
Guide
How Infosec Teams Can Overcome the Skills Gap
Does your organization have enough cybersecurity staff with a high level of expertise? If not, you’re not alone. The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83 percent of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85 percent) stated that...
Guide
Succeeding as a Cybersecurity Leader in the New Decade
You and your security team have a lot on your plate. It’s crucial to keep your organization’s network protected by maintaining a security program that minimizes risk, and it’s you and your team’s responsibility to execute this. This effort has only become more complicated as we’ve entered into a new decade. With the dramatic shift to many of us working from home in 2020—and many organizations...