Blog

Blog

Bake-off: Ensuring Security in the Cyber Kitchen

I’ll start this one with an apology – I’ve been watching a lot of the TV show The Bear (which I’d highly recommend!) and thus been thinking a lot about kitchen processes and the challenges of making everything come together nicely (both in life and in a recipe). If you are unfamiliar with the show, it is a comedy-drama about a chef who manages his deceased brother’s sandwich shop. When I see...
Blog

What Is Log Management and Why you Need it

Thanks to the burgeoning supply chain, a host of IoT and work-from-home devices, and an expanding cloud presence, organizations are constantly ingesting new hardware into their IT environments. With each new line of code comes a fresh chance for a hidden vulnerability. With each unfound weakness, attackers gain one more opportunity to gain a foothold in the organization and compromise sensitive...
Blog

Achieving continuous compliance with Tripwire’s Security Configuration Manager

Security and compliance are often tightly intertwined. The main difference is that sometimes security can outpace compliance efforts. While it is easy to infer that a more secure system exceeds a compliance requirement, an auditor should not be expected to deduce the state of a system; the evidence needs to be clear. There are many factors that can cause compliance shifts. Configurations are...
Blog

The Importance of Host-Based Intrusion Detection Systems

What Is a Host-Based Intrusion Detection System (HIDS)? A host-based intrusion detection system, or HIDS , is a network application that monitors suspicious and malicious behavior, both internally and externally. The HIDS’ job is to flag any unusual patterns of behavior that could signify a breach. By bringing this activity to the team’s attention, the HIDS enables in-house staff to investigate...
Blog

Reducing Cyber Risks with Security Configuration Management

Protecting sensitive data and other assets requires an organization to be adaptable and stay informed on things like the digital landscape and threat trends. While some aspects of security are within an organization’s control, it can be extremely difficult to manage all of the risks and vulnerabilities that are likely to arise. Security configuration management (SCM) is one way to take control of...
Blog

So You Want to Achieve NERC CIP-013-1 Compliance...

Energy efficiency and availability is a major concern for all countries and governments. The electric grid is a vital sector, and any malfunctions will create ripple effects on any nation’s economy. As the grid is heavily dependent on cyber-enabled technologies and a vast chain of suppliers, contractors, and partners, the ability to safeguard the availability and reliability of the grid is crucial...
Blog

What Are the Top 7 DDoS Mitigation Tactics for Energy Grids?

Distributed Denial of Service (DDoS) attacks occur when adversaries overwhelm a connected target’s resources, aiming to make it unavailable. Learning the best strategies to protect from DDoS attacks is critical to energy grid cybersecurity. A well-planned DDoS attack on the grid could halt essential services, cause substantial disruptions to households and businesses, and prove incredibly costly...
Blog

The Role of Security Configuration Management (SCM) in Preventing Cyberattacks

In the intricate realm of cybersecurity, the relentless surge of cyber threats demands a constant reassessment of defensive strategies. Amidst this dynamic landscape, a subtle yet indispensable player takes center stage — Security Configuration Management (SCM) . This blog embarks on an insightful journey into the critical role played by SCM in the ongoing battle against cyberattacks, shedding...
Blog

Improving OT Security in Industrial Processes

Have you ever considered that even before you enjoy the first sip of your favorite morning beverage, you have probably interacted with at least half of the 16 critical infrastructure sectors that keep a nation running? In one way or another, the simple act of brewing a cup of tea would probably not be possible without interacting with water, energy, manufacturing, food and agriculture, waste...
Blog

Customizing Security with Security Configuration Management (SCM)

Many of the breaches of the past ten years have taken advantage of weak or nonexistent security settings. Conversely, for example, companies that configured their Docker application to the CIS recommended security settings for container users and privileges were not as vulnerable to container escape exploits. Arguably, a configuration change prevented many breaches. Security configuration...
Blog

The Dangers of Default: Cybersecurity in the Age of Intent-Based Configuration

Technology has recently been evolving at the speed of light. We have seen the onset of increased cyber threats across all industries. Gone are the times when threat actors had a specific goal and target. We now live in an age where robots collect, collate, and save information for a more opportune and profitable day. It is ever more important to understand the security measures individuals and...
Blog

Security Risks of Kubernetes Helm Charts and What to do About Them

Kubernetes has emerged as the leading platform for orchestrating containerized applications. However, developers and administrators rely on an ecosystem of tools and platforms that have emerged around Kubernetes. One of these tools is Helm, a package manager that simplifies Kubernetes deployments. However, with the convenience and efficiency Helm offers, it also introduces significant security...
Blog

IBM i and Tripwire Enterprise: What you need to know

The IBM i is a midrange server that is used across many industries and businesses varying in sizes. Backed by its long history and support by IBM, a world-class innovator, the IBM i platform stands alone in the midrange server offerings. Some of the largest companies in the world use IBM i running on the IBM Power server as their strategic platform for manufacturing planning, retail, distribution...
Blog

WaterISAC: 15 Security Fundamentals You Need to Know

2023 saw two concerning attacks on public water systems, highlighting the fragility and risk to utility systems. In Pennsylvania, malicious hackers breached the Municipal Water Authority of Aliquippa system the night after Thanksgiving. The criminals were making a political statement: the technology used to manage water pressure was developed by Israel, and the criminals used this opportunity to...
Blog

US Agencies Issue Cybersecurity Guide in Response to Cybercriminals Targeting Water Systems

US federal agencies have teamed up to release a cybersecurity best practice guidance for the water and wastewater sector (WWS). The Cybersecurity and Infrastructure Security Agency (CISA), United States Environmental Protection Agency (EPA), and Federal Bureau of Investigation (FBI) have published the guide in an attempt to promote cybersecurity resilience and improve incident response in the WWS...
Blog

Resolving Top Security Misconfigurations: What you need to know

One of the most common factors that can lead to cybersecurity incidents is a security misconfiguration in software or application settings. The default settings that come with the implementation of these tools and solutions are often not configured securely, and many organizations do not invest the time and resources into ensuring that they are. Several regulatory organizations have established...
Blog

What is the Windows Security Account Manager (SAM)?

To most people, the process of logging into a Microsoft Windows machine is a simple process of entering a username and a password. However, for a cybersecurity professional, the process is a carefully orchestrated mechanism. Unfortunately, throughout the history of the various Windows operating system versions, criminals have also sought ways to disrupt this process in order to breach a network...
Blog

Expert Insight for Securing Your Critical Infrastructure

At Tripwire's recent Energy and NERC Compliance Working Group, we had the opportunity to speak with the Manager of Gas Measurement, Controls, & Cybersecurity at a large energy company. More specifically, we focused on SCADA and field assets of gas Operational Technology. The experience at the management level of such an organization provided a wealth of knowledge for the attendees. SCADA...
Blog

The Evolution of Anomaly Detection and the Importance of Configuration Monitoring in Cybersecurity

Back in 1992, when I was more concerned about my acne breakouts and being selected for the Junior cricket team, a freshman at Purdue University was studying the impact of the 1988 Morris Worm event and how it brought about unwarranted changes on Unix systems as it propagated across the network, resulting in the first Denial of Service (DoS) attack. He quickly realised that it was hard to know when...
Blog

How to Reduce Your Attack Surface

What is an Attack Surface? An attack surface is the total number of channels, pathways, or areas that threat actors can utilize to gain unauthorized access to networks. The result is that they can obtain private information or carry out a cyber-attack. An attack surface comprises the organizational assets a threat actor can exploit to gain unauthorized access. Attack surfaces include systems that...