Skip to content ↓ | Skip to navigation ↓

It’s been a fantastic year on The State of Security blog. We’ve seen a real plethora of high-quality articles and here are my 10 favorites!

A Google Cloud Platform Primer with Security Fundamentals | By Ben Layer

Though less well-known than Microsoft Azure and Amazon Web Services, Google Cloud Platform currently makes up five percent of the cloud market and is growing at a rate 76 percent year over year. Tripwire’s Ben Layer takes this rising prominence into consideration in order to outline some fundamental steps for keeping Google Cloud Platform secure.

Read the full blog, here.

Who Is Responsible for Your Cloud Security? | By Kim Crawley

Cloud services and the internet offer tremendous cost savings, efficiency and functionality. Unfortunately, putting your data on the internet exposes it to greater cybersecurity risks. It’s certainly possible to harden cloud services to make them a lot less vulnerable to cyber attack. But when Amazon or Google owns the infrastructure and your enterprise owns the data, who is responsible for keeping your cloud-hosted data secure? Guest contributor Kim Crawley addresses this issue at length.

Read the full blog, here.

A ‘How To’ for Asset Tagging | By Mike Betti

Organizations can use the Tripwire Enterprise (TE) Asset Tagging feature to automate their management of as many as thousands of assets possible, and it makes reports more meaningful for the business. But asset tagging is a process which organizations must complete in order. Recognizing this fact, Tripwire’s Mike Betti explains how organizations can create and apply tags in a meaningful way.

Read the full blog, here.

The Five Stages of File Integrity Monitoring (FIM) | By David Jamieson

As one of the Center for Internet Security’s Critical Security Controls, file integrity monitoring (FIM) is an important measure by which organizations can strengthen their digital security. But FIM can get noisy and suck up security professionals’ time if not carefully structured. As explained by Tripwire’s David Jamieson, organizations therefore need to purchase a FIM solution that’s right for them, and they need to tune it to match environmental changes.

Read the full blog, here.

NERC CIP Audits: Top 8 Dos and Don’ts | By Nick Santora

During his seven-year career at NERC, guest contributor Nick Santora was involved with quite a few projects including CIP compliance audits, investigations, auditor training and advisory sessions. He typically advised entities across North America on different tactics, techniques and insight from best practices which he had seen. Looking back on this experience in the field, Santora shares a few of the dos and don’ts for a NERC CIP audit.

Read the full blog, here

The Five Stages of Vulnerability Management  | By Irfhan Khimji

A key to having a good information security program within your organization is having a good vulnerability management program. But over the years, Tripwire’s Irfhan Khimji has seen a variety of different vulnerability management programs and worked with many companies with various levels of maturation in their VM programs. Khimji therefore takes a moment to outline the five stages of maturity based on the Capability Maturity Model (CMM) and to give an idea as to how to take your organization to the next level of maturity.

Read the full blog, here

Sextortion Scam Luring Victims in with Breached Passwords – Don’t Pay! | By Tyler Reguly

Various “sextortion scam” campaigns surfaced in 2018, with the first wave arriving in early-summer. Tripwire’s Tyler Reguly paid careful attention to this email scam as it made its rounds, and sure enough, it eventually hit his own inbox. Seeing this nefarious message firsthand, Reguly took a moment to share some things to watch out for with scams like this and to share tips on how users can protect themselves.

Read the full blog, here

Security vs. Compliance: What’s the Difference? | By Anthony Israel-Davis

Security and compliance are often said in the same breath as if they are two sides of the same coin, two members of the same team or two great tastes that go great together. But security and compliance are not the same; you can have one without the other. Acknowledging this fact, Tripwire’s Anthony Israel-Davis notes how organizations should strive towards achieving greater overlap and explains some ways how security and compliance teams can work together to create a winning alliance.

Read the full blog, here

Defense in Depth: 4 Essential Layers of ICS Security | By Dean Ferrando

As an employee of Tripwire, Dean Ferrando has had the privilege to work with different teams in different verticals across the world. During that span of time, he’s learned that while there are a lot of areas that ‘security’ can play in from things like software, hardware or even physical access, there are certain areas of security concerns that all organizations should maintain or at least adhere to (at a minimum). Ferrando highlights four realms in particular that ICS organizations should keep in mind.

Read the full blog, here.

Google’s Newest Feature: Find My Home | By Craig Young

Despite various efforts to thwart unwanted online tracking, it turns out that our connected “smart” gadgets may not only uniquely identify us but, in some cases, reveal precise physical locations. Tripwire’s Craig Young illustrates this point by revealing a new attack that works against Google Home and Chromecast devices specifically.

Read the full blog, here

['om_loaded']
['om_loaded']