Blog
Blog

Are You Ready for the Remote Work’s Toll on Corporate Security?

By David Henderson on Mon, 03/30/2020
Given the situation that many companies, organizations and government agencies have been forced into working remotely due to COVID-19, it is imperative to give some thought about corporate security. Using a VPN for New Stay-at-Home Workers Millions of employees are now working from the confines of their own homes in an effort to keep businesses running smoothly. In most situations, employees are...
How Organizations Can Fight to Retain Talent Amidst the Infosec Skills Gap
Blog

How Organizations Can Fight to Retain Talent Amidst the Infosec Skills Gap

By Joe Pettit on Sun, 03/22/2020
In a previous post, I shared some expert insight into how organizations can address the challenges of hiring skilled talent despite the ongoing infosec skills gap. Organizations can’t rest easy once they’ve brought on new talent, however. They need to make sure they hold onto their existing workforce. That’s easier said than done. Cybersecurity...
Blog

The State of the Cybersecurity Market: Where We’ve Come, Where We’re Going

By Irfahn Khimji on Mon, 03/16/2020
There’s an interesting trend that I have personally noticed over the past few years: organizations are starting to take cybersecurity more seriously. With the multitude of high-profile data breaches, organizations are starting to realize that cybersecurity is a significant risk to the business. This allows CISOs and other similar titles with leadership responsibilities to have a larger budget for...
The Experts' Guide on Tackling the Cybersecurity Skills Gap
Blog

The Experts' Guide on Tackling the Cybersecurity Skills Gap

By Joe Pettit on Wed, 03/11/2020
The skills gap is weighing heavily on the minds of digital security team members. In a survey of 342 security professionals, Tripwire found that 83% of infosec personnel felt more overworked in 2020 than they did a year earlier. An even greater percentage (85%) stated that it had become more difficult for their organizations to hire skilled security...
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: March 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/10/2020
Today’s VERT Alert addresses Microsoft’s March 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-874 on Wednesday, March 11th. In-The-Wild & Disclosed CVEs Microsoft has not identified any of the vulnerabilities released this month as having been identified in-the-wild or publicly...
Four Important Steps to Secure the United States 2020 Election
Blog

Four Important Steps to Secure the United States 2020 Election

By Guest Authors on Mon, 03/09/2020
It’s an unfortunate reality that cyber attacks on the U.S. 2020 election are likely to happen. However, while this is a potent threat to democracy, an even greater threat is to not take the necessary actions to prevent these attacks until it is too late. There are many different types of cyberattacks that the U.S. 2020 election could face. ...
Tripwire Patch Priority Index for August 2022
Blog

Tripwire Patch Priority Index for February 2020

By Lane Thames on Fri, 02/28/2020
Tripwire's February 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft and Adobe. Up first on the patch priority list this month are patches for Microsoft Edge and Scripting Engine. These patches resolve information disclosure, elevation of privilege, and memory corruption vulnerabilities. Next on the list are...
Red Teaming: How to Run Effective Cyber-Drills?
Blog

Red Teaming: How to Run Effective Cyber-Drills?

By Guest Authors on Thu, 02/27/2020
What is red teaming? How is it different from conventional penetration testing? Why do we need blue, red, and white teams? How are cyber-drills carried out, and what results should be expected? In this article, we will answer these and other questions related to red teaming. What is Red Teaming? The red team attacks, the blue team defends. The...
NSA Releases Cloud Vulnerability Guidance
Blog

NSA Releases Cloud Vulnerability Guidance

By Anthony Israel-Davis on Wed, 02/26/2020
The United States’ National Security Agency (NSA) has put together a short guidance document on mitigating vulnerabilities for cloud computing. At only eight pages, it is an accessible primer for cloud security and a great place to start before taking on something like the comprehensive NIST 800-53 security controls. As a guidance document, it doesn...
Climbing the Vulnerability Management Mountain: Reaching Maturity Level 4
Blog

Climbing the Vulnerability Management Mountain: Reaching Maturity Level 4

By Lamar Bailey on Mon, 02/24/2020
The climb is getting steeper, but thanks to hard work, vision and insight are much keener. At ML:4, all assets are scanned by a combination of agent and remote scans on a normal cadence. This will generate a lot of data dictated by threat and patch priority. Thousands of new vulnerabilities are released each year, and no company or product can...
Vulnerability & Risk Management
10 Must-See Talks to Attend at RSA Conference 2020
Blog

10 Must-See Talks to Attend at RSA Conference 2020

By David Bisson on Mon, 02/17/2020
RSA Conference USA is one of the most anticipated digital security events of the year. Last year, its 31 keynote presentations, more than 621 speaker sessions, 700 presenting companies on the exposition floor attracted over 42,000 attendees. Given such popularity, how could the State of Security not include this event in its list of the top...
VERT Threat Alert: June 2022 Patch Tuesday Analysis
Blog

VERT Threat Alert: February 2020 Patch Tuesday Analysis

By Tyler Reguly on Tue, 02/11/2020
Today’s VERT Alert addresses Microsoft’s February 2020 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-870 on Wednesday, February 12th. In-The-Wild & Disclosed CVEs CVE-2020-0674 A vulnerability exists in the way that Internet Explorer’s scripting engine handles objects in memory. An...
Cyber Resilience – Everything You (Really) Need to Know
Blog

Cyber Resilience – Everything You (Really) Need to Know

By Zoë Rose on Mon, 02/10/2020
What is cyber resilience? If you search the definition within the Oxford Dictionary, resilience alone is defined as “the capacity to recover quickly from difficulties; toughness.” If you narrow the definition down to cyber resilience, it shifts to maintaining vs recovery. As noted on Wikipedia, it becomes “the ability to provide and maintain an...
10 Tenets for Cyber Resilience in a Digital World
Blog

10 Tenets for Cyber Resilience in a Digital World

By Anastasios Arampatzis on Sun, 02/09/2020
Companies are facing increased and complex cybersecurity challenges in today’s interconnected digital economy. The cyber threats have become more sophisticated and may harm a company via innovative new forms of malware, through the compromise of global supply chains or by criminal and hostile state actors. The hard truth is that it is difficult to...
Tripwire Patch Priority Index for August 2022
Blog

Tripwire Patch Priority Index for January 2020

By Lane Thames on Tue, 02/04/2020
Tripwire's January 2020 Patch Priority Index (PPI) brings together important vulnerabilities from Microsoft, Oracle, VMware and Linux. Exploit Alert: Metasploit Up first on the Patch Priority Index this month are vulnerabilities that have been recently added to Metasploit. Two vulnerabilities identified by CVE-2019-9213 and CVE-2018-5333 affect...
How to Best Secure the Industrial Network for EMEA Organizations
Blog

Why Asset Visibility Is Essential to the Security of Your Industrial Environment

By Hien La on Sun, 02/02/2020
Threats against industrial environments are on the rise. Near the beginning of 2019, for example, Kaspersky Lab revealed that 47% of industrial control system (ICS) computers on which its software was installed suffered a malware infection in the past year. That was three percent higher than the previous year. These digital threats confronting ICS...
Why Privacy Matters in Cybersecurity
Blog

What "Attack Surface" Means in 2020

By Editorial Staff on Wed, 01/29/2020
Listen and subscribe to our new podcast! Tripwire’s cybersecurity podcast features 20-minute conversations with the people who protect people from cyber threats. Hosted by Tripwire’s VP of Product Management and Strategy, Tim Erlin, each episode brings on a new guest to explore the evolving threat landscape, technology trends, and cybersecurity best...