Collaborate Disseminate
Zero Trust is a new concept to many but one I believe will be of increasing importance over the coming years. With this post, I wanted to introduce newcomers to the concept, talk about why it’s an exciting approach to improving security, and expl… Continue reading Tripwire Enterprise and Zero Trust
In my previous article, we discussed how organizations are shifting how IT resources are deployed and managed. We covered three methods in particular: automated image creation and deployment, immutable image deployment and containers. We’ll now e… Continue reading Best Practices for Using Tripwire Enterprise in Dynamic Environments – Part 2
I’m testing some servers with OpenVAS and I run into some SCM files that are remotely accessible:
.git/config
.git//info/exclude
.git/description
.git/HEAD that contains refs/heads/master
and
.git/refs/heads/master that … Continue reading What could an attacker do on a server where Source Control Management (SCM) files are accessible?
In the Godfather Part II, Michael Corleone says, “There are many things my father taught me here in this room. He taught me: keep your friends close, but your enemies closer.” This lesson Vito Corleone taught his son Michael is just as appl… Continue reading Why Security Configuration Management (SCM) Matters
Healthcare organizations continue to face relentless cyberattacks owing to the immense value placed on patient health information on the dark web. Patient records have almost everything the attacker needs to carry out sophisticated insurance fraud sche… Continue reading Making Continuous HIPAA Compliance Easy with ExpertOps
For the better part of a decade, I have spent a good amount of time analyzing security and compliance frameworks. There is beauty to be found in every one of them. Some are very high level and leave the organization to interpret how to implement the va… Continue reading Mapping the ATT&CK Framework to CIS Controls
In corporate IT environments everywhere, we are seeing widespread adoption of three basic themes: use of public cloud, adoption of DevOps, and containerization in application development. When it comes to the cloud, most organizations’ futures lo… Continue reading 4 Security Controls Keeping Up with the Evolution of IT Environments
Happy 2018, everyone! With the start of a new year, everyone makes resolutions that they may or may not be able to keep. One of the most common New Year’s resolutions (and arguably the most difficult to keep) is to exercise, get healthy, and/or l… Continue reading It’s 2018, Secure Your Budgets with Secure Configurations!
Enterprise networks are at risk of digital threats now more than ever. To remain competitive in the digital age, organizations frequently introduce new hardware devices and software installations to their IT environments. But these assets might suffer … Continue reading What Is Log Management?
File integrity monitoring (FIM) exists because change is prolific in organizations’ IT environments. Hardware assets change. Software programs change. Configuration states change. Some of these modifications are authorized insofar as they occur d… Continue reading What Is FIM (File Integrity Monitoring)?