Tripwire Enterprise and Zero Trust

Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and expl… Continue reading Tripwire Enterprise and Zero Trust

Best Practices for Using Tripwire Enterprise in Dynamic Environments – Part 2

In my previous article, we discussed how organizations are shifting how IT resources are deployed and managed. We covered three methods in particular: automated image creation and deployment, immutable image deployment and containers. We’ll now e… Continue reading Best Practices for Using Tripwire Enterprise in Dynamic Environments – Part 2

What could an attacker do on a server where Source Control Management (SCM) files are accessible?

I’m testing some servers with OpenVAS and I run into some SCM files that are remotely accessible:

.git/config
.git//info/exclude
.git/description
.git/HEAD that contains refs/heads/master

and

.git/refs/heads/master that … Continue reading What could an attacker do on a server where Source Control Management (SCM) files are accessible?

Why Security Configuration Management (SCM) Matters

In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as appl… Continue reading Why Security Configuration Management (SCM) Matters

Making Continuous HIPAA Compliance Easy with ExpertOps

Healthcare organizations continue to face relentless cyberattacks owing to the immense value placed on patient health information on the dark web. Patient records have almost everything the attacker needs to carry out sophisticated insurance fraud sche… Continue reading Making Continuous HIPAA Compliance Easy with ExpertOps

4 Security Controls Keeping Up with the Evolution of IT Environments

In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations’ futures lo… Continue reading 4 Security Controls Keeping Up with the Evolution of IT Environments

It’s 2018, Secure Your Budgets with Secure Configurations!

Happy 2018, everyone! With the start of a new year, everyone makes resolutions that they may or may not be able to keep. One of the most common New Year’s resolutions (and arguably the most difficult to keep) is to exercise, get healthy, and/or l… Continue reading It’s 2018, Secure Your Budgets with Secure Configurations!

What Is FIM (File Integrity Monitoring)?

File integrity monitoring (FIM) exists because change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur d… Continue reading What Is FIM (File Integrity Monitoring)?