Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

7/7/2014
04:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Tripwire and NovaTech Announce Technology Partnership and Integration

Collaboration provides secure configuration management on all ICS, SCADA and business assets.

PORTLAND, Ore. July 7, 2014 Tripwire, Inc., a leading global provider of risk-based security and compliance management solutions, and NovaTech, a provider of electric utility and process industry automation, today announced a technology partnership and integration. The partnership is part of the Tripwire NERC Alliance Network (NAN) program that has been designed to foster collaboration on critical infrastructure compliance and security solutions that help companies efficiently and effectively achieve NERC CIP compliance.

The integration between the Tripwire NERC Solution Suite and NovaTech Orion Substation Automation Platform provides mutual energy customers with automation software that drastically reduces the time and resources required to manage secure configurations and collect audit evidence for NERC compliance. This alliance brings a consistent approach to the management, auditing and maintenance of secure configurations across a wide range of devices, including ICS and SCADA devices used in substations.

“NERC CIP 5 has extended compliance boundaries deeper into substations, and compliance requires a more integrated, enterprise-wide security solution,” said Jeff Simon, director of services solutions for Tripwire. “Our alliance with NovaTech automates and consolidates the collection of corporate and bulk electric systems operations compliance evidence, saving power and utility organizations time and resources.” 

Energy organizations are required to gather, analyze, prioritize and document an overwhelming amount of vulnerability and network data in order to protect their most critical assets and meet compliance requirements. The integration of Tripwire’s NERC Solution Suite and NovaTech’s Orion Substation Automation Platform provides customers with:

·         A single process that enables continuous monitoring and rapidly captures detailed status information across a wide range of critical cyber assets, from computer systems and network devices to protective relays, ICS and SCADA devices.

·         Audit-ready reports and dashboards that are conveniently grouped via a flexible and extensible classification system.

·         Automated assessment and aggregation of security alerts that could indicate a potential security breach or configuration modifications that affect compliance status.

“The combination of NovaTech and Tripwire technologies allows us to offer our customers a powerful solution,” said Ray Wright, vice president of utility marketing for NovaTech. “Automating the collection of configuration information for all critical assets in energy organizations dramatically simplifies audit preparation and improves risk posture.”

For more information about the integration of NovaTech’s Orion Substation Automation Platform and the  Tripwire NERC Solution Suite, please visit: http://www.tripwire.com/company/partners/nercalliance/.

 

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Why Cyber-Risk Is a C-Suite Issue
Marc Wilczek, Digital Strategist & CIO Advisor,  11/12/2019
The Cold Truth about Cyber Insurance
Chris Kennedy, CISO & VP Customer Success, AttackIQ,  11/7/2019
Black Hat Q&A: Hacking a '90s Sports Car
Black Hat Staff, ,  11/7/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5230
PUBLISHED: 2019-11-13
P20 Pro, P20, Mate RS smartphones with versions earlier than Charlotte-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than Emily-AL00A 9.1.0.321(C00E320R1P1T8), versions earlier than NEO-AL00D NEO-AL00 9.1.0.321(C786E320R1P1T8) have an improper validation vulnerability. The system does not perform...
CVE-2019-5231
PUBLISHED: 2019-11-13
P30 smartphones with versions earlier than ELLE-AL00B 9.1.0.186(C00E180R2P1) have an improper authorization vulnerability. The software incorrectly performs an authorization check when a user attempts to perform certain action. Successful exploit could allow the attacker to update a crafted package.
CVE-2019-5233
PUBLISHED: 2019-11-13
Huawei smartphones with versions earlier than Taurus-AL00B 10.0.0.41(SP2C00E41R3P2) have an improper authentication vulnerability. Successful exploitation may cause the attacker to access specific components.
CVE-2019-5246
PUBLISHED: 2019-11-13
Smartphones with software of ELLE-AL00B 9.1.0.109(C00E106R1P21), 9.1.0.113(C00E110R1P21), 9.1.0.125(C00E120R1P21), 9.1.0.135(C00E130R1P21), 9.1.0.153(C00E150R1P21), 9.1.0.155(C00E150R1P21), 9.1.0.162(C00E160R2P1) have an insufficient verification vulnerability. The system does not verify certain par...
CVE-2010-4177
PUBLISHED: 2019-11-12
mysql-gui-tools (mysql-query-browser and mysql-admin) before 5.0r14+openSUSE-2.3 exposes the password of a user connected to the MySQL server in clear text form via the list of running processes.