Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2021

Tripwire ExpertOps: Managed Cybersecurity and Compliance

Welcome to Tripwire's Security-as-a-Service solution. Tripwire® ExpertOps extends your staff with experienced security professionals who leverage your in-house team. You’ll see rapid time to value with your choice of multiple services that can reduce your security risks and simplify your policy compliance—all hosted on a cloud infrastructure. Tripwire ExpertOps includes software, ongoing consulting, professional services, and cloud infrastructure in a single subscription.

Combining Monitoring Approaches For Well-Rounded FIM | Tips & Tricks Ep.2

Traditional, agent-based monitoring from Tripwire® Enterprise brings best-in-breed file integrity monitoring (FIM) to your organization’s IT infrastructure. In regular practice, an agent is deployed to a supported operating system to facilitate asset monitoring. But how do you enforce FIM on operating systems that have reached their end-of-life for support, or endpoints that aren’t able to have agents installed?

Securing AWS Management Configurations By Combating 6 Common Threats

There’s a common misconception that cloud providers handle security, a relic leftover from hosting providers of previous decades. The truth is, cloud providers use a shared responsibility model, leaving a lot of security up to the customer. Stories of AWS compromise are widespread, with attackers often costing organizations many thousands of dollars in damages.

The Hidden Benefits of Compliance

If I were to ask you why you scanned for compliance at your company, I’d bet you’d tell me it was to help you pass requirements easier, to ensure that your audits are good on the first pass and so that you could troubleshoot technical issues with another process. You didn’t know about that last one? Wait, are you telling me you don’t know about the hidden benefits of compliance that you’re getting? Let’s talk.

Turning InfoSec Success into Audit Wins | Tips & Tricks Ep.1

Security and compliance are different, yet complementary, disciplines. It’s important to understand their relationship to build a robust security program that can be used for audit success. Compliance is a kick-starter for building your security program, and security is an important focus to help ensure you are audit-ready. Join us in our Tips and Tricks series. We’ve curated this series for you, whether you are a customer looking to make the most out of your Tripwire investment, or you’re on the market for a new security solution.

Define, Reinforce and Track: Helping Develop Positive Cybersecurity Habits

Getting teams to improve security can be hard work, but it’s an important job that organisations must take seriously to protect an increasingly risky world. For this post, I wanted to explore some ways that an organisation or individual might start building a new security “habit” so that, in time, acting securely becomes automatic.

Creating Cloud Security Policies that Work

Now that the ongoing worldwide trend toward “going digital” has been accelerated by COVID-19, taking extra precautions to protect your organization’s data, communications and information assets is more important than ever. Of course, there are many traditional and emerging ways to protect and secure your business.

The Winds of Change - What SolarWinds Teaches Us

In December 2020, the world discovered that the SolarWinds’ Orion Platform had been compromised by cybercriminals, potentially affecting thousands of businesses the world over. Security groups such as the National Cyber Security Centre (NCSC) provided advice and guidance to security teams and IT companies on what actions they should take to minimize the impact on them and their customers.

REvil ransomware - what you need to know

REvil is an ambitious criminal ransomware-as-a-service (RAAS) enterprise that first came to prominence in April 2019, following the demise of another ransomware gang GandCrab. The REvil group is also known sometimes by other names such as Sodin and Sodinokibi. REvil has gained a reputation for attempting to extort far larger payments from its corporate victims than that typically seen in other attacks.

A Full Rainbow of Protection: Tripwire Is More than 'Just FIM'

Imagine an arc. Not just any arc. A rainbow. When we think of a rainbow, it conjures impressions of color, inspiration and even supernatural characteristics. Does your cybersecurity program long for a magical pot of gold at the end of a rainbow? With all the moving parts of cybersecurity, sometimes it seems like we are merely chasing rainbows. However, it doesn’t have to be that way.

What in the World Is a CISO?

Whilst employment has taken a downward curve over the last year or so, there are a variety of approaches I use when applying for a role to help my CV stand out. One key point is knowing what the job entails before submitting my cover letter and CV. This allows me to tailor my message effectively. Additionally, it enables me to find positions that I might not have originally considered. One position I think more people should be aware of is a CISO.

Just What The Cyber Doctors Ordered - OT For Pharmaceutical Companies

Several digital attacks against pharmaceutical companies have made news in the past few years. Back in 2017, for instance, Merck fell victim to NotPetya. The wiper malware spread to the pharmaceutical giant’s headquarters, rendered years of research inaccessible, affected various production facilities and caused $1.3 billion in damages, according to Bloomberg News.

6 Cybersecurity Tips for Working from Home

Here at Tripwire, we, like many others, recently surpassed the one-year anniversary of working from home due to the COVID-19 pandemic. Since March of 2020, we have converted kitchens, spare bedrooms and garages into office spaces. Our pets and children have become our coworkers, and companies are reporting a sudden increase in shirt sales as opposed to pant sales.

Agentless Monitoring with Tripwire Enterprise: What You Need to Know

As we know, Tripwire Enterprise (TE) is the de-facto go-to solution for File Integrity Monitoring (FIM). In normal operations, we deploy a TE agent to a system we want to monitor. TE then uses that agent to baseline the system against the appropriate rules, creating a known good state for that system. Moving forward, that system is monitored for change per the rules that were used to create the baseline.

White House launches plan to protect US critical infrastructure against cyber attacks

The White House is reportedly moving swiftly forward with a plan to harden the security of the US power grid against hacking attacks. According to Bloomberg, the Biden administration has a plan to dramatically improve how power utilities defend themselves against attacks from countries considered to be adversaries in cyberspace – such as Russia, Iran, North Korea, and China.

A quick round up of privacy highlights for Q1 of 2021

As expected, the start of 2021 has seen unprecedented movement in the U.S. with 22 states introducing comprehensive privacy legislation and even more introducing specific-use legislation. To date, hundreds of privacy bills were introduced across the states; to give some perspective, more than 50 privacy bills were introduced in New York alone. Undoubtedly a hot topic, it seemed anyone with an idea for a privacy bill put it in writing and introduced it to their legislature.

Securing Your Supply Chain with CIS and Tripwire

Where were you when you first heard about the SolarWinds breach? It’s not unusual for information security professionals to learn about a breach. Keeping track of the news is part of the job. The SolarWinds attack, however, was different for two primary reasons. First, it reached the level of mainstream news. The majority of breaches stay mostly in the industry press.

How Tripwire Can Help U.S. Federal Agencies Implement the CIS Controls

Digital attackers are increasingly launching sophisticated campaigns in an effort to target U.S. federal agencies and other organizations. Two recent examples demonstrate this reality. These are the SolarWinds supply chain attack and the HAFNIUM Exchange exploit campaign.

Digging Into the Third Zero-Day Chrome Flaw of 2021

Hidden deep in Google’s release notes for the new version of Chrome that shipped on March 1 is a fix for an “object lifecycle issue.” Or, for the less technically inclined, a major bug. Bugs like these have been common in Chrome, leading some to wonder whether the world’s most popular web browser is as safe as it could be? Google created Chrome as a secure browser and has loaded it with a growing set of security features along the way.

A new headache for ransomware-hit companies. Extortionists emailing your customers

Cybercriminal extortionists have adopted a new tactic to apply even more pressure on their corporate victims: contacting the victims’ customers, and asking them to demand a ransom is paid to protect their own privacy. At the end of March, Bleeping Computer reported that the Clop ransomware gang had not stopped at threatening hacked companies and contacting journalists, but had taken the additional step of direct emailing victims’ customers whose details had been found in stolen data.

Integrity: How It's More than Just Data Security and FIM

Integrity is a word thrown around a lot in the cybersecurity space. That’s not surprising. It is one of the three components that make up the CIA Triad, after all. However, the meaning and use of the word has been relatively limited in many security circles up until now. Let’s take a look at the security industry more broadly. In most conversations dealing with integrity, data security and File Integrity Monitoring (FIM) controls often end up being the primary focal areas.

Managing Your Assets with Tripwire Enterprise

Asset management is a tricky subject. In many cases, organizations have no idea about how many assets they have, let alone where they are all located. Fortunately, there are tools that can assist with reaching your asset management goals. While Tripwire Enterprise (TE) is great for detecting unauthorized changes on your system and also for ensuring your systems are hardened (as well as stay hardened), you must first get a handle on managing the assets that you’re monitoring.

Industrial IoT Needs to Catch Up to Consumer IoT

When it comes to cybersecurity, industrial IT—consisting mainly of operational technology (OT) and industrial control systems (ICS)—has failed to keep up with development in the enterprise IT world. That’s mostly because industries’ adoption of internet technology has been slower when compared with enterprises. It would take some time to close the gap, but concerted efforts have already been made to upgrade the security of industrial IT and improve the efficiency of OT and ICS.

3 Best Practices for Building Secure Container Images

Organizations are increasingly turning to containers to fuel their digital transformations. According to BMC, a 2019 survey found that more than 87% of respondents were running containers—up from 55% just two years earlier. Additionally, 90% of survey participants that were running applications in containers were doing so in production. That was up from 84% in 2018 and two-thirds of surveyed IT professionals a year before that.

Federal agencies given five days to find hacked Exchange servers

CISA, the US Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, has told federal agencies that they have until 12:00pm EDT on Monday April 5 to scan their networks for evidence of intrusion by malicious actors, and report back the results. CISA is ordering agencies with on-premises Microsoft Exchange servers to urgently conduct the scans following widespread exploitation of vulnerabilities, in fear that some compromises may have remained undetected.

Report: USB threats to ICS systems have nearly doubled

The latest Honeywell USB Threat Report 2020 indicates that the number of threats specifically targeting Operational Technology systems has nearly doubled from 16% to 28%, while the number of threats capable of disrupting those systems rose from 26% to 59% over the same period. Let’s face it. Critical infrastructure operators in manufacturing, aerospace, energy, shipping, chemical, oil and gas, pulp and paper, water and wastewater, and building automation are heavily relying on USB devices.