Market Overview

Tripwire Releases State of Cyber Hygiene Report, Identifies Where Organizations Fall Behind on Basics


More than 60 percent of organizations not leveraging established
hardening benchmarks

, a leading global provider of security and compliance solutions
for enterprises and industrial organizations, today released its State
of Cyber Hygiene
report. The survey, conducted in July in
partnership with Dimensional Research, included responses from 306 IT
security professionals.

Tripwire examined how organizations are implementing security controls
that the Center for Internet Security (CIS) refers to as "Cyber
Hygiene." The survey found that almost two-thirds of the organizations
admit they do not use hardening benchmarks, like CIS or Defense
Information Systems Agency (DISA) guidelines, to establish a secure

"These industry standards are one way to leverage the broader community,
which is important with the resource constraints that most organizations
experience," said Tim Erlin, vice president of product management and
strategy at Tripwire. "It's surprising that so many respondents aren't
using established frameworks to provide a baseline for measuring their
security posture. It's vital to get a clear picture of where you are so
that you can plan a path forward."

Tripwire's State of Cyber Hygiene report explores how organizations are
implementing cybersecurity practices related to network visibility,
vulnerability management, configuration management, administrative
privileges and logging.

Other key findings in the report include:

  • Many organizations still struggle to maintain visibility of their
    environments and quickly address unauthorized potential issues.
    Attackers may only need minutes on a network to launch a successful
    attack, yet 57 percent said it takes hours, weeks, months or longer to
    detect new devices connecting to their organization's network.
  • Forty percent of organizations are not scanning for vulnerabilities
    weekly or on a more frequent basis despite recommendations, and only
    half run the more comprehensive authenticated scans. It takes 27
    percent of organizations anywhere from a month to more than one year
    to deploy a security patch.
  • Fifty-four percent are not collecting logs from all critical systems
    into a central location, and 97 percent believe they need to get more
    efficient at checking logs. About 25 percent said they were not
    efficient at all, while another 73 percent said they were fairly
    efficient but could improve.
  • Most organizations implement good basic protections around
    administrative privileges, but as low-hanging fruit, these controls
    should be in place at more organizations. Thirty-one percent of
    organizations still do not require default passwords to be changed,
    and 41 percent still don't use multifactor authentication for
    accessing administrative accounts.

"When cyberattacks make the news, it can be tempting to think a new
shiny tool is needed to protect your environment against those threats,
but that's often not the case," said Erlin. "Many of the most impactful
and widespread cybersecurity issues stem from a lack of getting the
basics right. Cyber hygiene provides the foundational breadth necessary
to manage risk in a changing landscape, and it should be the highest
priority cybersecurity investment."

To view the full State of Cyber Hygiene report, please visit:

About Tripwire

Tripwire is a leading provider of integrity assurance solutions that
improve security, compliance and IT operations in enterprises,
industrial organizations, service providers and government agencies.
Tripwire solutions are based on high-fidelity asset visibility and deep
endpoint intelligence combined with business context; together, these
solutions integrate and automate security and IT operations. Tripwire's
enterprise-class portfolio includes asset discovery, vulnerability
management, log collection, file integrity monitoring, and configuration
management that supports all widely used industry-standard frameworks.

Learn more at,
get security news, trends and insights at,
or follow us on Twitter @TripwireInc.

View Comments and Join the Discussion!