Collaborate Disseminate
It’s hardly a controversial statement to say that DevOps is changing the way that organizations build and deploy applications. There’s plenty of material, stories, whitepapers and whole companies that demonstrate this trend. There are, howe… Continue reading Security as a Quality Gate for DevOps
If you’ve been in information security for a while, you’ve likely had some experience with file integrity monitoring (FIM). It’s a capability with a long history, going back to the original open-source Tripwire tool for monitoring fil… Continue reading What Is Integrity Management?
A first pass look at the issue of net neutrality might not immediately bring to mind concerns around cybersecurity, but we shouldn’t ignore the logical security implications of fundamentally reclassifying the Internet. Let’s level set a lit… Continue reading The Security Implications of Killing Net Neutrality
You’d have to be hiding under a rock to have missed the explosion of DevOps in recent years, but with a dramatic increase in visibility and popularity, there comes more than a modicum of unsubstantiated opinion and rumor about exactly what DevOps is exactly and what benefits it might confer upon organizations that adopt it. […]… Read More
The post DevOps is the New Black appeared first on The State of Security.
News travels fast in the information security community, and the combination of politics, cloud and cybersecurity make for a rapidly moving headline. You’ve no doubt read about the disclosure of 198 million records by a political data analytics firm by now. This isn’t a case of malicious hacking, but of misconfiguration. These records were simply […]… Read More
The post The Cloud Isn’t Magic – What You Need to Know About the Latest US Citizen Data Leak appeared first on The State of Security.
Continue reading The Cloud Isn’t Magic – What You Need to Know About the Latest US Citizen Data Leak
Even if you’re not in the utility industry, it’s hard to ignore the slow march forward of the smart meter. The days of a utility employee stopping by to check the meter are well on their way out. In fact, it’s hard to imagine a system that relies on someone physically showing up to check […]… Read More
The post Using Smart Meters as a Digital Attack Vector appeared first on The State of Security.
Continue reading Using Smart Meters as a Digital Attack Vector
In January 2017, Tripwire completed a survey of 403 IT Security professionals about the most common attack types and how prepared organizations are to defend against them. You can read about the details here. There are two important conclusions from the research that I have to share for the purposes of this post. First, the […]… Read More
The post Foundational Controls for Common Attack Types appeared first on The State of Security.
Continue reading Foundational Controls for Common Attack Types
Near the bleeding edge of technology, there’s a lot of talk (and work) around DevOps and the use of containers for delivering services. This is a fast-paced environment where services are spun up and down to meet demand in an elastic cloud and code is shipped to production multiple times a day. It’s also an […]… Read More
The post Common Solutions for DevOps and Discrete Manufacturing appeared first on The State of Security.
Continue reading Common Solutions for DevOps and Discrete Manufacturing
What is it, when is it coming, and what steps should you take to comply? If you’ve been following the information security news or Twitter feeds, then you’ve no doubt seen the increase in traffic around the General Data Protection Regulation (GDPR). And there’s a good chance you’ve been ignoring it, as well. It’s time […]… Read More
The post A Primer on GDPR: What You Should Know appeared first on The State of Security.
Tripwire isn’t a patch management company, so why we conducted an extensive survey on patch fatigue is a worthwhile question to ask. The fact is, we spend a lot of time talking about and working with patches, even though we never actually deploy one for a customer. We spend so much time on patching because […]… Read More
The post Fully Patched, But Still Vulnerable appeared first on The State of Security.