Resources | Tripwire



Six Security Controls to Prevent Your Cloud from Getting Hacked

There’s a common misconception that cloud providers handle cybersecurity for you. The truth is, cloud providers use a “shared responsibility model”. They protect underlying Cloud infrastructure, but leave protection of Cloud-deployed assets and data up to you. To help meet this need, the Center for Internet Security (CIS) has created the CIS Amazon Web Services Foundations benchmark policy. This...

Tripwire 2020 Skills Gap Survey

The skills gap remains one of the biggest challenges within the cybersecurity industry. To gain more perspective on what organizations are experiencing, Tripwire partnered with Dimensional Research to survey 342 security professionals on this issue. This study explores hiring trends, how security teams are changing, and how they plan to address the issue in the face of growing cyber threats.

Tripwire State of Industrial Cybersecurity Report

As news of cyberthreats targeting industrial environments like energy utilities and manufacturing plants continues to surface, Tripwire surveyed security professionals who work in these industries to understand how industrial organizations are protecting themselves. The survey findings revealed insights on the security professionals’ levels of concern, investment in cybersecurity, and how they are...

Securing Industrial Control Systems with Tripwire

Industrial and critical infrastructure asset owners face a perfect storm of challenges from aging technology and rising cyber risk to increasing regulations and a significant cybersecurity skills gap. Building cybersecurity protection into industrial automation and process control within plant environments is not easy. This brief provides simple steps that allow industrial organizations to select...

Survey: Securing Public Cloud Infrastructure

Do you have a centralized view of your organization’s security posture and policy compliance across all cloud accounts? A Tripwire and Dimensional Research survey conducted in 2021 found that only 21 percent of security professionals could answer “yes.” The survey included more than 300 cybersecurity professionals who are directly responsible for the security of public cloud infrastructure within...

Securing the Entire Container Stack, Lifecycle and Pipeline

With the rise in popularity of containers, development and DevOps paradigms are experiencing a massive shift. You may be struggling to figure out how to secure this new class of assets and the environments they reside in. Introducing good security hygiene into the container ecosystem is not a simple task. This paper will cover all the high points of what it means to secure the entire container...

Security Configuration Management Buyer's Guide

Security Configuration Management exists at the point where IT security and IT operations meet. It’s a software-based solution that combines elements of vulnerability assessment, automated remediation, and configuration assessment. The goal of SCM is to reduce security risks by ensuring that systems are properly configured—hardened—to meet internal and/or regulatory security and compliance...

Security and Compliance for Remote Federal Workers

In response to the coronavirus ("COVID-19") pandemic, the Office of Management and Budget (OMB) made an unprecedented call for agencies to maximize telework flexibilities, resulting in 78 percent of the federal workforce working remotely. This abrupt and wide-scale shift to a remote work environment required agency security teams to adjust with little to no planning, placed a tremendous strain on...

Secure Remote Access

As an organization’s infrastructure becomes more and more connected and complicated, it becomes more important than ever to have a safe and protected way for employees to access systems remotely. This is not just a challenge for IT environments, but OT environments as well. Nearly half of the Fortune 2000 organizations consider OT networks to be critical components of their business1. It’s...

Securing AWS Cloud Management Configurations

Amazon has captured nearly half of the cloud market making it a prime target for attacks. When AWS accounts are compromised, the go-to payload is often cryptocurrency mining where attackers make money using stolen CPU cycles that get billed to the victim's account. Fortunately, there is guidance from the Center for Internet Security (CIS). In 2016, CIS launched the Amazon Web Services Foundations...

Responding to High-impact Vulnerabilities: Are You Prepared?

In information security, it’s often said, “It’s not a matter of if, but when” an organization will be hit by a breach—it's an accepted fact that preventative controls will eventually fail to keep attackers out. And now, with high-impact vulnerabilities like Heartbleed and Shellshock being discovered with some regularity, the likelihood of a serious breach is greater than ever. In this paper, we highlight how the tactics and strategies to respond to high-impact vulnerabilities differ from those used in other security events, outline the steps you can take to prepare for these vulnerabilities before they hit, and provide insight into incident response strategies.

Survey: Retail Industry Ramps Up Cybersecurity for 2020 Holiday Season

The retail industry always has to make special preparations for the holiday season. That was especially the case this year. With Covid-19 disrupting shopping behaviors and creating a surge in online shopping, security teams at these retail organizations have had to make adjustments as well. Tripwire partnered with Dimensional Research to understand how retail organizations are adapting their...

PCI DSS and the CIS Controls

Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...

Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism.

IoT and IIoT Security Survey

How many internet of things (IoT) and industrial internet-of-things (IIoT) devices connect to your network? In particular, the increased proliferation of connected devices in the industrial space brings about growing concerns for OT operators charged with keeping their networks compliant and safe from the impacts of cyberattacks or human error. So what is the current state of IIoT cybersecurity...

Tripwire and LinkShadow

LinkShadow integrates with Tripwire solutions to complete the full cycle of behavioral analytics and threat hunting, providing the combined benefits of Tripwire’s file integrity monitoring (FIM) technology and proactive threat detection. Next Generation Cybersecurity Analytics LinkShadow® Cyber Security Analytics Platform is designed to manage threats in real time. It utilizes AI based machine...