Automating Secure Configuration Management in the Cloud

For many organizations moving to the cloud, Infrastructure as a Service (IaaS) like AWS EC2, Azure Virtual Machines or Google Compute Engine often forms the backbone of their cloud architecture. These services allow you to create instances of pretty much any operating system almost instantly. Unfortunately, moving your IT infrastructure ... Read More

How Will the CMMC Impact My Business and How Can We Prepare? Part 3 of 3

| | CMMC, Cybersecurity, DoD, government
Combining Cyber Standards – Is ‘Unified’ Always A Good Approach? The CMMC enforcement model will require a significant adjustment to the way contractors conduct government business – from procurement to execution. In Part 2 of this series, I discussed the possible impacts of having your company’s security rating made public ... Read More

How Will the CMMC Impact My Business and How Can We Prepare? Part 2 of 3

| | CMMC, government
Part 2: Cyber Hygiene Made Public – A Necessary Evil? In part one of this series, I addressed what DoD contractors could be doing to prepare for the CMMC security level rating. In part two of the series, I want to discuss our customers’ concerns about the possible impacts of ... Read More

How Will the CMMC Impact My Business and How Can We Prepare? Part 1 of 3

| | CMMC, cyberattack, DoD, government
Part 1: Laying the Groundwork for Achieving Certification In June of this year, my colleague Tom Taylor wrote about the DoD’s announcement to instate the Cyber Security Maturity Model Certification (CMMC) and elaborated on the fact that, with the CMMC, the DoD appears to be addressing our customers’ core compliance ... Read More
40 percent said they scan monthly, quarterly or less often

The Power of Vulnerability Management: Are You Maximizing Its Value?

Tripwire has been in the business of providing vulnerability management solutions with IP360 for about 20 years. With over 20,000 vulnerabilities discovered last year alone, vulnerability management continues to be an important part of most security plans. And most organizations agree. In a recent survey, 89 percent of respondents said ... Read More

In the Event of “Shutdown, Part 2,” Trust Your Instruments

| | Cloud, Docker, Federal, government
There is a principle long held by pilots that says as follows: “You have to trust your instruments.” This principle can be applied to organizations seeking to ensure the security of cloud and other deployments while lacking adequate security expertise. “Trusting your instruments” or “automating your asset monitoring” becomes an ... Read More

Malware: Three Industry Problems and How to Solve Them

In the last few years, organizations have been subject to extortion through ransomware. Now, hackers are bypassing the nasty business of trying to get people to give them cryptocurrency to simply hijacking your processor to mine for cryptocurrency. As a result, the methods employed are growing in sophistication and creativity, ... Read More

The U.S. Government Is Getting Smarter on Cloud

| | Cloud, Federal, government, SCM
Since 2010, the U.S. Executive Office has been encouraging agencies to leverage the cloud to improve citizen services. Now, according to the new “Cloud Smart” strategy, a group of federal agencies are taking the lead to identify the best way to make that happen. Relying on input from industry and ... Read More

Security Fundamentals for Federal Agencies

Cybersecurity experts are urging government agencies to protect their data with up-to-date, foundational security controls, and agencies are listening. But how can they determine where exactly to focus their efforts to maximize efficiency and ensure a strong security stance? A new whitepaper from Tripwire details the four key components federal ... Read More