Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

October 2018

Redefining the Meaning of Operational Risk

The definition of “operational risk” is variable but it generally covers the risk of loss resulting from inadequate or failed internal processes, people and systems or from external events. I, however, want to re-examine this general definition, so that the definition of operational risk takes into account all the cybersecurity-related risks that are currently plaguing organizations today. With the current definition, one cannot quantify internal processes and people.

Improving Incident Response Time With Smarter Network Security Tools

One of the biggest concerns of any cybersecurity analyst is whether or not they will be able to stop an attack before it can do any damage. That said, making sense of the flood of alerts is, in itself, a time-consuming task. As networks become more complex and malicious attacks become more advanced, it can become difficult to hit your incident response targets. With the right network security tools, however, your organization very quickly can detect, prioritize and remediate threats.

Staying Secure When Online Shopping: Getting the Basics Right

Online shopping has become so popular that it has contributed to the fall of once giant businesses like Sears. But beneath the convenience of ordering goods at home is a mammoth cybersecurity problem that affects millions of users every year. You may think shopping on sites like Amazon and eBay is completely safe – but it’s not. Hackers can get your credit card information if your passwords are weak. Attackers can send malware to your PC as you shop.

Tripwire Visibility for ICS: Getting From Data Mountains to Event Nuggets

If you operate an industrial network, you know that it is important to recognize operational errors and malicious changes as fast as possible to prevent unsafe and costly conditions from emerging. But achieving this goal requires you to be able to ingest enormous volumes of data and reduce this to an actionable volume of events that indicate the presence of a problem. You don’t have days to get this done. You need an answer in a matter of minutes.

Enforce Docker Image CIS Policy Compliance with Tripwire for DevOps

We are working hard adding features to our new Tripwire for DevOps service, initially announced at BlackHat 2018. If you are a loyal State of Security follower, last you read we added Auditing for Amazon Machine Images (aka AMIs). Today, we are introducing CIS policy compliance auditing for Docker images. Tripwire for DevOps allows you to evaluate your Docker Images to check for policy compliance at build time.

Auditing Amazon Machine Images with Tripwire for DevOps

Tripwire for DevOps continues to add new features and capabilities. The newest of these is the ability to perform vulnerability scans against Amazon Machine Images (AMIs) in the same Tripwire for DevOps workflow used for your Docker containers. This blog will discuss the creation of AMIs and how to audit them for vulnerabilities within Tripwire for DevOps.

Clarifying the Misconceptions: Monitoring and Auditing for Container Security

An effective container security strategy consists of many parts. Organizations should first secure the build environment using secure code control along with build tools and controllers. Next, they should secure the contents of their containers using container validation, code analysis and security unit tests. Finally, they should develop a plan to protect their containers in production systems by focusing on runtime security, platform security and orchestration manager security.

Proactive System Hardening: Continuous Hardening's Coming of Age

The first article in this series examined configuration hardening—essentially looking at ports, processes and services where security configuration management (SCM) is key. The second article looked at application and version hardening strategies. This third installment will discuss the role of automation in the coming of age of what’s called “continuous hardening.”

Proactively Hardening Systems: Application and Version Hardening

The first article in this series examined configuration hardening, essentially looking at ports, processes and services as the “doors, gates and windows” into a network where security configuration management (SCM) becomes the job of determining which of these gateways should be open, closed, or locked at any given time. Now it’s time to look at application and version hardening.

Vulnerability Scanning vs. Penetration Testing

It amazes me how many people confuse the importance of vulnerability scanning with penetration testing. Vulnerability scanning cannot replace the importance of penetration testing, and penetration testing on its own cannot secure the entire network. Both are important at their respective levels, needed in cyber risk analysis and are required by standards such as PCI, HIPAA and ISO 27001.