Resources

Federal security managers expect that most federally run systems are actively engaging with FISMA compliance for protecting federal data and systems. However, as we all know, federal information does not remain only in federally operated systems. Data and IT systems connect via the internet and other networks for business, operations and research. Information about citizens, banking and finance, research and development, and many other federal connected systems transmit data outside the federal networks—and their security compliance standards. So it makes sense that FISMA would adapt to address more than the original scope of perceived threats and specifically address systems and data security that inter-agency networks, vendors, contracts and supply chain puts at risk.

Tripwire solutions have a history with government agencies, offering an 'ironclad defense,' or foundation for a layered compliance and security strategy.

When a high-profile cyberattack grabs the headlines, your first instinct may be to funnel resources into purchasing a shiny new tool to defend your organization. But often, that’s not what’s really needed.

Tripwire's integrated suite of products build on their core capabilities to deliver critical capabilities for breach detection and remediation, and address nearly every compliance standard—PCI DSS, NIST, FISMA, NERC, HIPAA, ISO/IEC 27002, DISA, SOX, and many others.

In today’s world of complex, modern web applications, accurate and automated Dynamic Application Security Testing (DAST) tools are rare, but do exist. What characteristics should you look for in a DAST tool to give you greater accuracy and ease of use?

It’s time to break down silos and drive secure innovation, together. The practice of SecOps creates an alliance between Security, IT, and DevOps to make security an inherent outcome of all business innovation and operations. The Rapid7 Insight platform equips you with the visibility, analytics, and automation you need to unite your teams and amplify your efficiency.

In 2017, Rapid7 launched the “Under the Hoodie” project to demystify the practice of penetration testing by surveying those who are in the field and conducting the investigations on what they most commonly see during client engagements. We have renewed this approach in 2018 to continue providing visibility into this often occult niche of information security.

Security organizations must rethink their vulnerability management programs. They need to monitor complex, dynamic computing environments, and respond in minutes or hours when issues are discovered—not days or weeks.

The articulated intent, to "lead an open and transparent process to identify and promote action by appropriate stakeholders to improve the resilience of the Internet and communications ecosystem and to encourage collaboration with the goal of dramatically reducing threats perpetrated by automated and distributed attacks (e.g., botnets)" is timely and appropriate.

Despite regulatory and administrative requirements, the public sector continues to be attacked and exploited by sophisticated threat actors. The fragmentation of security resources leaves federal, state and local agencies constantly fighting fires throughout the enterprise.

CrowdStrike’s Falcon MalQuery is an advanced, cloud-based malware research tool that enables security professionals and researchers to quickly search a massive dataset of malware samples, validating potential risks and staying ahead of would-be attackers.

The global CrowdStrike Falcon Intelligence™ team tracks adversaries of all types — nation-state, criminal, hacktivist — to provide the customized and actionable intelligence you need to stay ahead of disruptive threat actors targeting your organization.

The CrowdStrike Falcon® platform was designed to be open, with a focus on providing rich APIs to allow customers and partners to benefit from its power. The Falcon platform APIs access CrowdStrike cloud data, enabling you to leverage your existing security investments and enhance your protection.

The radical shift in the scale and economics of cybercrime calls for an equally radical change in how IT protects user systems. Whether it is from phishing attempts, drive-by-downloads, or malware-free intrusion techniques, endpoints are usually at the spear tip of assaults on enterprise networks.

One of the fastest growing threats in cybersecurity today, ransomware is quickly becoming the favored means for cybercriminals to extract a profit from unsuspecting victims. As ransomware mushrooms with new malware variants and new ways of scamming victims, businesses can no longer afford to discount it as a consumer-only problem.