Resources

Guide

Six Security Controls to Prevent Your Cloud from Getting Hacked

There’s a common misconception that cloud providers handle cybersecurity for you. The truth is, cloud providers use a “shared responsibility model”. They protect underlying Cloud infrastructure, but leave protection of Cloud-deployed assets and data up to you. To help meet this need, the Center for Internet Security (CIS) has created the CIS Amazon Web Services Foundations benchmark policy. This...
Guide

Tripwire 2020 Skills Gap Survey

The skills gap remains one of the biggest challenges within the cybersecurity industry. To gain more perspective on what organizations are experiencing, Tripwire partnered with Dimensional Research to survey 342 security professionals on this issue. This study explores hiring trends, how security teams are changing, and how they plan to address the issue in the face of growing cyber threats. ...
Guide

Tripwire State of Industrial Cybersecurity Report

As news of cyberthreats targeting industrial environments like energy utilities and manufacturing plants continues to surface, Tripwire surveyed security professionals who work in these industries to understand how industrial organizations are protecting themselves. The survey findings revealed insights on the security professionals’ levels of concern, investment in cybersecurity, and how they are...
Guide

Survey: Securing Public Cloud Infrastructure

Do you have a centralized view of your organization’s security posture and policy compliance across all cloud accounts? A Tripwire and Dimensional Research survey conducted in 2021 found that only 21 percent of security professionals could answer “yes.” The survey included more than 300 cybersecurity professionals who are directly responsible for the security of public cloud infrastructure within...
Guide

Securing the Entire Container Stack, Lifecycle and Pipeline

With the rise in popularity of containers, development and DevOps paradigms are experiencing a massive shift. You may be struggling to figure out how to secure this new class of assets and the environments they reside in. Introducing good security hygiene into the container ecosystem is not a simple task. This paper will cover all the high points of what it means to secure the entire container...
Guide

Security and Compliance for Remote Federal Workers

In response to the coronavirus ("COVID-19") pandemic, the Office of Management and Budget (OMB) made an unprecedented call for agencies to maximize telework flexibilities, resulting in 78 percent of the federal workforce working remotely. This abrupt and wide-scale shift to a remote work environment required agency security teams to adjust with little to no planning, placed a tremendous strain on...
Guide

Security Configuration Management Buyer's Guide

Security configuration management (SCM) exists at the point where IT security and IT operations meet. It’s a core security control that combines elements of vulnerability assessment, automated remediation, and configuration assessment. The goal of SCM is to reduce security risks by ensuring that systems are properly configured — or hardened — to meet internal and/or regulatory security and...
Guide

Responding to High-impact Vulnerabilities: Are You Prepared?

In information security, it’s often said, “It’s not a matter of if, but when” an organization will be hit by a breach—it's an accepted fact that preventative controls will eventually fail to keep attackers out. And now, with high-impact vulnerabilities like Heartbleed and Shellshock being discovered with some regularity, the likelihood of a serious breach is greater than ever. In this paper, we highlight how the tactics and strategies to respond to high-impact vulnerabilities differ from those used in other security events, outline the steps you can take to prepare for these vulnerabilities before they hit, and provide insight into incident response strategies.
Guide

Survey: Retail Industry Ramps Up Cybersecurity for 2020 Holiday Season

The retail industry always has to make special preparations for the holiday season. That was especially the case this year. With Covid-19 disrupting shopping behaviors and creating a surge in online shopping, security teams at these retail organizations have had to make adjustments as well. Tripwire partnered with Dimensional Research to understand how retail organizations are adapting their...
Guide

Secure Remote Access

As an organization’s infrastructure becomes more and more connected and complicated, it becomes more important than ever to have a safe and protected way for employees to access systems remotely. This is not just a challenge for IT environments, but OT environments as well. Nearly half of the Fortune 2000 organizations consider OT networks to be critical components of their business1. It’s...
Guide

Securing AWS Cloud Management Configurations

Amazon has captured nearly half of the cloud market making it a prime target for attacks. When AWS accounts are compromised, the go-to payload is often cryptocurrency mining where attackers make money using stolen CPU cycles that get billed to the victim's account. Fortunately, there is guidance from the Center for Internet Security (CIS). In 2016, CIS launched the Amazon Web Services Foundations...
Guide

Physical Cybersecurity: ICS Attack Scenarios and CIP-007 R1

The premise of a January 27, 2015, article by CNBC is that there is good evidence that a cyber attack against nearly any country’s critical infrastructure could be imminent. This kind of reporting has become so commonplace, but this doesn’t seem like just more FUD (fear, uncertainty, and doubt) journalism. ...
Guide

PCI DSS and the CIS Controls

Benchmarks, Standards, Frameworks and Regulations: What’s the Difference? The majority of IT security guidance to industry can be placed into one of these categories: benchmarks, standards, frameworks and regulations. Most address specific security issues and offer advice based on experience, collaborated information, authorities and activities (best practices) which have proven effective. They...
Guide

IoT and IIoT Security Survey

How many internet of things (IoT) and industrial internet-of-things (IIoT) devices connect to your network? In particular, the increased proliferation of connected devices in the industrial space brings about growing concerns for OT operators charged with keeping their networks compliant and safe from the impacts of cyberattacks or human error. So what is the current state of IIoT cybersecurity...
Guide

Mind the Cybersecurity Gap: Why Compliance Isn't Enough

Every organization wants to be secure in the long term, but compliance might order them to focus on implementing certain safeguards within a short period. Given this situation, some organizations might elect to focus on compliance now and look at security later. This might involve designating budget for compliance before allocating additional funds for security at some point in the future. This...
Guide

Meeting Multiple Compliance Objectives Simultaneously With the CIS Controls

The CIS Controls are a set of recommendations comprised of controls and benchmarks. They are intended to serve as a cybersecurity “best practice” for preventing damaging attacks. The recommendations are meant to provide a holistic approach to cybersecurity and to be effective across all industries. Adhering to them serves as an effective foundation for any organization’s security and compliance...
Guide

Industrial Cybersecurity Experts Share 14 of Their Biggest Tips and Predictions

The task of building and running an effective cybersecurity program is a major challenge for any complex organization, but those in charge of industrial control systems (ICS) have even more to figure out than their strictly-IT counterparts. How can industrial organizations overcome the cybersecurity skills gap? What about the increasingly-difficult endeavor of bringing the IT and OT sides of the...