The NERC Critical Infrastructure Protection standards are designed to enhance reliability of the electrical supply by securing the connected assets on which that supply relies. When building a program for NERC CIP compliance, registered entities must balance the need to be audit ready with the resources required to achieve and maintain compliance. NERC CIP version 6 increases the amount of work...

The NERC Critical Infrastructure Protection standards are designed to enhance the reliability of the electrical supply by securing the connected assets on which that supply relies. When building a program for NERC CIP compliance, registered entities must balance the need to be audit-ready with the resources required to achieve and maintain compliance. NERC CIP compliance, especially when...

SigmaFlow is the industry leading solution for orchestrating NERC CIP compliance to achieve an ongoing state of Audit Readiness. Tripwire, Inc. is a leading global provider of advanced threat, security and compliance management solutions. Integrating these solutions offers an automated way to drastically reduce the time and resources required to manage NERC compliance and collect comprehensive...

There isn’t an industry that hasn’t been affected by cyber threats, and the broadcast industry is no exception. In April 2015, France’s TV5Monde was attacked, resulting in eleven of its channels going dark and its social media outlets commandeered to display pro-Islamic State messages. This was preceded by an attack on WBOC in Salisbury, Maryland, where their Twitter account and website were...

To enhance your Federal Information Security Management Act (FISMA) compliance grade, you must implement one of the most challenging controls in NIST SP 800-53: the Controls, Family: System Information & Integrity (SI) 7 requirement. SI-7 states that organizations must employ automated and centrally managed integrity verification tools to detect unauthorized change. This level of visibility can be...

The recently enacted European Union General Data Protection Regulation (GDPR) requires organizations to take adequate measures to ensure the security and privacy of personal data of any European citizen. This supersedes the previous Data Protection directive. As a regulation—as opposed to a mere directive—it directly imposes a uniform data security law regime on organizations that need to comply...

An Extremely Brief History of ICS Security Industrial control systems (ICS) proliferated before cybersecurity became the mission-critical concern it is today. The shift to new network technologies improves data collection, efficiency and time-to-market, but it also produces new cybersecurity risks: Many ICS are purpose-built and proprietary, making them out of sync with modern cybersecurity...

The trend of mass migration to the cloud brings benefits like lower operating costs, easier deployability, and the flexibility of an elastic environment. However, it’s crucial to understand that the responsibility to secure your cloud infrastructure still falls on your organization. Cloud providers allow organizations to take advantage of their infrastructure, resulting in a shared model for...

North American electric utility companies constantly balance the need to be audit-ready for NERC CIP compliance against their top priority: ensuring the reliability of the bulk electric system. NERC CIP compliance, especially when approached using manual methods, is complex, time-consuming, and prone to human error. Further, NERC CIP requirements often infer security skill sets beyond those of...

The multiport EAGLE40 next generation firewalls offer a comprehensive cybersecurity solution to maximize uptime in today’s stringent automated environments. Ensure heightened performance capabilities with more port options, each at one gigabit per second (Gbit/s) bandwidth Protect against physical and virtual threats with ruggedized housing and Stateful and Deep Packet Inspection (SPI/DPI) modules...

Endpoint protection platforms (EPP) and endpoint detection and response (EDR) solutions play a critical role in reducing the risk of successful attacks that exploit weakly configured endpoints and systems. These solutions alert security teams on potential cyberattacks, help with remediating misconfigurations, and can be delivered via an agent or through a service in the cloud. Where EPP/EDR Can...

FISMA requires federal agencies, and by extension, the foundations, educational institutions, organizations that receive federal funds as well as the contractors that do business with them, to develop, document, and implement information security programs to protect the confidentiality, integrity and availability of the data and systems that support government operations and assets. In meeting...

There is a misunderstanding that if you are compliant, you are secure. This isn’t the case. For example, adhering to PCI DSS v4.0 will only allow you to tick the box to say you are PCI compliant in that moment. It gives you a snapshot in time of where you are in your compliance journey. But it won’t prevent your company from suffering a breach—along with incurring fines and reputational damages...

Business Challenge Endpoint security has evolved over the last several years moving beyond simple AV protection to encompass new technologies such as application protection and privilege management, whitelisting, execution isolation and comprehensive visibility and controls. While the network and, in particular, the security proxy remain the primary control point in effective data security, the...

With notable industrial cyber events on the rise, the 2020s are shaping up to be a challenging time for operational technology (OT) operators concerned with the safety, security, and compliance of their operational technology networks. To protect their OT environments, everyone from plant managers to CISOs is facing increased pressure to deploy effective cybersecurity solutions. However...