The July 19th Crowdstrike Windows outage has impacted about 8.5 million devices globally, causing entire business sectors to grind to a halt. A faulty software update led to a cascade of systems failures among airlines, financial institutions, healthcare organizations, and more. Here’s what happened On July 19th 2024, Crowdstrike released a configuration update to its […]
Despite more than a decade of cloud-enabled innovation, the traditional on-premises Security Information and Event Management (SIEM) is still the backbone of many Security Operations Centers (SOCs). Enterprise security teams are using legacy SIEM technology designed for on-site infrastructure and losing out on the flexibility and multi-cloud support offered by the latest generation of SIEM […]
As you have likely already heard, a recent Crowdstrike Falcon update has caused Blue Screen issues on Windows hosts. This is a technical issue that Crowdstrike is troubleshooting, there is no indication yet that it was caused by a cybersecurity issue. While such incidents are unfortunate, they are a part of the complex landscape we […]
Security Information and Event Management (SIEM) platforms are no longer limited to large enterprises. While proprietary platforms have much to offer small and mid-sized organizations, many security leaders are attracted to the lower licensing costs offered by open source SIEMs. These options don't always share the same features as proprietary alternatives, but they can present […]
Ransomware is projected to cost victims $265 billion by 2031 — more than ten times the damages reported in 2021. However, average ransom amounts are growing at a much slower pace. That can only mean that the frequency of successful ransomware attacks is growing. Cybercriminals are improving their techniques and targeting organizations more carefully than […]
Find out why business leaders are moving IT infrastructure back into on-premises solutions. Cloud repatriation — also known as reverse cloud migration — is becoming more common as organizations face obstacles in their cloud infrastructure strategy. Organizations are increasingly moving data, applications, and workloads from public cloud environments back to on-premises or local private cloud […]
Proofpoint is a cybersecurity platform that protects workers and data from cybercriminals that target email, social media, and mobile devices. It provides enterprise-level cloud-based solutions against phishing, social engineering, and Business Email Compromise (BEC) attacks. Proofpoint Email Protection is the flagship product, protecting user inboxes from phishing scams, imposter emails, and advanced cybersecurity threats by […]
In theory, cybersecurity is simple. Most managed cybersecurity service providers would agree they know what best practices should be implemented, and they know what technologies, skillsets and processes are required to achieve them. We all have a favorite cybersecurity framework to help compartmentalize and systematize a robust and comprehensive cybersecurity operation too. But here’s the […]
Cloud computing offers many advantages for modern businesses, such as flexibility, scalability, efficiency, and innovation. But it also poses its own challenges and security risks. How can you secure your data and assets in the cloud? Who is in charge of what in the cloud environment? The shared responsibility model helps address these questions and […]
Cybersecurity is one of the most in-demand and rewarding fields in the IT industry. As cyberthreats continue to evolve and pose challenges to individuals and businesses, cybersecurity professionals need to have a diverse set of skills to protect data, networks, and systems. We understand that each organization and security operations team will vary somewhat, and […]
For many of you reading this, it’s Q4 and you might be looking at your YTD sales and scratching your head about the low customer adoption of your cybersecurity services. Cybersecurity is a hot commodity, right? Every business needs it, right? So why aren’t your sales numbers rocketing right off your spreadsheet? In talking to […]
In terms of new critical vulnerabilities released, each year seems to be worse than the last. Unfortunately, it’s a trend that security analysts are unlikely to see decrease anytime soon. As businesses integrate new technology into their tech stack, they also introduce new avenues of attack. And these attackers are relentless. Malicious actors are able […]
The IT security industry’s skill shortage is a well-worn topic. Survey after survey indicates that a lack of skilled personnel is a critical factor in weak security posture. If the skills are not available in your organization then you could: a) ignore the problem and hope for the best, or b) get help from the outside.
So you got hit by a data breach, an all too common occurrence in today’s security environment. Who gets hit? Odds are you will say the customer. After all it’s their Personally Identifiable Information (PII) that was lost.
In simpler times, security technology approaches were clearly defined and primarily based on prevention with things like firewalls, anti-virus, web, and email gateways. There were relatively few available technology segments and a relatively clear distinction between buying security technology purchases and outsourcing engagements.
Why should you, as a merchant, comply with the PCI Security Standards? At first glance, especially if you are a smaller organization, it may seem like a lot of effort, and confusing to boot. But not only is compliance becoming increasingly important, it may not be the headache you expected.
If you are not keeping up with regular patching of your computer and the programs that run on it – then you are simply asking for trouble. Many of the breaches that make the news are caused by holes in software for which a patch existed by the vendor.
Incomplete cybersecurity information visibility comes at a cost. Without real-time comprehensive visibility, organizations experience blind spots that handcuff your cybersecurity protection and increase risk. IT environments are increasingly complex as they span on-premises, cloud, endpoint, and hybrid approaches.
Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. If it were that easy the system would just prevent the attack in the first place.
In the wake of their breach, Target announced on March 5, 2014 that their CIO, Beth Jacob was announcing her resignation. This begs the question, Will CIO's be the final victim after a breach?
In today’s business world, a major draw for many customers is the ability to stay connected while outside the office. In order to provide this connectivity, typically means having a wireless network set up for your customers. However, it also means placing your business at a potential risk.
Log collection, SIEM and security monitoring are the journey not the destination. Unfortunately, the destination is often a false positive. This is because we’ve gotten very good at collecting logs and other information from production systems, then filtering that data and presenting it on a dashboard.
While your business’ data security program should consist of many components, perhaps the most effective defense to ransomware is building a culture of data security amongst your employees.
We believe that every business should have the means to protect themselves and their customers from cyberattacks, and the PCI Security Standards Council (PCI SCC) shares this belief. We’re working together to make compliance management more efficient, and therefore, strengthen the security of all merchants.
If you’re aiming to improve your organization’s threat detection and incident response (TDIR) capabilities, I’m willing to bet you’re annoyed and frustrated by trying to navigate the managed cybersecurity market that’s rife with imprecise terminology and vendors willing to bend definitions to fit their solutions. As a result, you have an extremely difficult job in trying to find the right solutions, let alone pick the best one.
Your business’s IT network is constantly connected to the Internet, includes countless SaaS applications and API connections, and is accessed by employees and vendors located anywhere in the world. As a result, your business is always exposed to cyber-risk, some of which is avoidable, but also some of which is unavoidable. Your cyber-risk tolerance, the […]
Do you ever wonder where malware names come from? What's in a name, after all? There’s Heartbleed, Melissa, and GooLoad. There’s even ILOVEYOU. All these names appear to have come from nowhere, just like the malware they’re attached to. There is no universally adopted standard for naming malware, although you’d think there would be (more […]
A common dysfunction in many companies is the disconnect between the CISO, who views cybersecurity as an everyday priority, versus top management who may see it as a priority only when an intrusion is detected. Does your organization suffer from any of these?
The traditional method for calculating standard Return on Investment (RoI) is that it equals the gain minus the cost, divided by the cost. The higher the resulting value, the greater the RoI. The difficulty in calculating a return on security investment (RoSI), however, is that security tends not to increase profits (gain), but to decrease loss – meaning that the amount of loss avoided rather than the amount of gain achieved is the important element.
We all hear it over and over again: complying with data protection requirements is expensive. But did you know that the financial consequences of non-compliance can be far more expensive?
Threats and threat actors continue to evolve and morph, creating advanced and even more dangerous tactics to mitigate. October is National Cybersecurity Awareness Month (NCSAM). NSCAM 2019 centers on the theme of Own IT. Secure IT. Protect IT., advocating a proactive approach to enhanced cybersecurity in the workplace and at home.
Open source software is an attractive option for many IT leaders and teams, especially at small and mid-sized organizations. Instead of paying large licensing fees to an enterprise software vendor, your team can customize the source code of free open source platforms and security tools. The overall market for open source software services market was […]
Traditional threat models posit that it is necessary to protect against all attacks. While this may be true for a critical national defense network, it is unlikely to be true for the typical commercial enterprise. In fact many technically possible attacks are economically infeasible and thus not attempted by typical attackers.
Threat actors are converging on similar tactics across the board. Cybercriminals are inventive and opportunistic, leveraging any advantage they can to gain access to sensitive data and assets. However, they’re not as individualistic as often portrayed. Threat actors invest time and energy into maintaining relationships with other hackers, ransomware gangs, and criminal organizations. This can […]
Your organization needs dedicated space and infrastructure for conducting security operations. Introduction to Security Operations Centers (SOCs) Your SOC is where most of your organization’s security processes take place. Those processes require specialized equipment and expertise. Consolidating that footprint into a single place makes economic sense and drives security performance. That doesn’t mean every […]
Incident response plans give security teams a standardized set of procedures for mitigating the risks associated with security incidents. They make cyberattacks less disruptive, reduce operational downtime, and contain data breaches. Since every organization is unique, it needs to create a set of incident response playbooks designed to fit its security risk profile. It also […]
Learn how to establish robust, standardized security controls for handling any kind of incident. Data breaches and security incidents are tense, high-pressure situations where every second counts. In that scenario, having a clear and detailed incident response plan ready can mean the difference between success and failure. In an environment where one hour of downtime […]
Every organization wants to improve its information security capabilities. Part of a security leader’s job is identifying the best way to do that. However, no two organizations are exactly alike. Various stakeholders may have different ideas about what high-impact security excellence looks like in practice. Achieving meaningful security goals means getting everyone on the same […]
Find out how AI is likely to impact the cybersecurity industry in the next decade. Artificial intelligence has been an integral part of the cybersecurity industry for several years now. However, the widespread public adoption of Large Language Models (LLMs) that took place in 2023 has brought new and unexpected changes to the security landscape. […]
Efficient incident response processes lead to reduced downtime, lower security operations costs, and higher ROI on security spend. Cybersecurity is all about being prepared. Thorough incident response processes are crucial to your organizations’ ability to successfully overcome a security breach. Prevention is important, though it can only take your organization so far. There is always […]
The incident response process is necessarily a reactive one. You can only respond to an incident once it has been detected. This makes it difficult to predict or optimize incident response outcomes. If an organization has never experienced a ransomware attack, how will it know when it’s ready to face one? Incident response frameworks enable […]
The cybersecurity industry is notorious for coining terms and acronyms that rise and fall out of favor before they even have a chance to be fully understood. We get it – rapid innovation can be messy and lead to confusion and clutter. While it’s exciting and encouraging to see so many solution providers invent new solutions and improve upon others, resulting in new concepts, sometimes all of this terminology is honestly just an effort to stand out from the crowd.
2016 Verizon Breach Investigations Report (Part 1 of 3)
The 80 page report is packed with valuable data breach insights. We know time is valuable so we decided to save you some by sharing the 3 main topics you should understand from this report.
Yet another recent report confirms the obvious, that SMBs in general do not take security seriously enough. The truth is a bit more nuanced than that, of course—SMB execs generally take security very seriously, but they don’t have the dollars to do enough about it—although it amounts to the same thing.
The Georgia based fast food company, Chick-fil-A, has confirmed that it is investigating a potential credit card breach. The investigation is focused on the company’s point-of-sale (POS) network at some of its restaurants and the breach is thought to have occurred between December of 2013 and September of 2014.
2017 has been a banner year for IT Security. The massive publicity of attacks like WannaCry have focused public attention like never before on a hitherto obscure field. Non-technical people, including board members, nod gravely when listening as the CISO.
Unstructured data access governance is a big compliance concern. Unstructured data is difficult to secure because there’s so much of it, it’s growing so fast and it is user created so it doesn’t automatically get categorized and controlled like structured data in databases.
Is your organization still using Windows 7? Microsoft support is coming to a close in a few short months. If you think end-of-support for legacy systems doesn't impact your organization, think again.
Interest continues to build around pass-the-hash and related credential artifact attacks, like those made easy by Mimikatz. The main focus surrounding this subject has been hardening Windows against credential attacks, cleaning up artifacts left behind, or at least detecting PtH and related attacks when they occur.
While you’ve been busy defending against ransomware, the bad guys have been scheming about new ways to steal from you. Let’s review a tactic seen in the news called bitcoin mining.
If attackers can deploy a remote administration tool (RAT) on your network, it makes it so much easier for them. RATs make it luxurious for bad guys; it’s like being right there on your network. RATs can log keystrokes, capture screens, provide RDP-like remote control, steal password hashes, scan networks, scan for files and upload them back to home. So if you can deny attackers the use of RATs, you’ve just made life a lot harder for them.
The past year has been a hair-raising series of IT security breakdowns and headlining events reaching as high as RSA itself falling victim to a phishing attack. But as the year set on 2011, the hacker group Anonymous remained busy, providing a sobering reminder that IT Security can never rest.
The 5 W’s of security management I’ve seen it happen about a thousand times if I’ve seen it once. A high profile project ends up in a ditch because there wasn’t a proper plan defined AHEAD of time.
Securing medical records is a complex undertaking. Healthcare organizations need an array of security technologies that can be used to prevent malicious attacks and keep personal healthcare information safe, while retaining the day-to-day ease-of-use.
Ransomware burst onto the scene with high profile attacks against hospitals, law firms and other organizations. What is it and how can you detect it?
Marketplace changes are inevitable. Rapid shifts to remote work, cloud computing, and digitalization have all led to increased demand and spending on IT and cybersecurity in recent years. Enterprises and Service Providers face economic challenges of inflation, rising labor costs (if you can even hire talent), and supply chain issues. Financially motivated attacks are likely to accelerate in times of uncertainty. Smart channel leaders should be proactive and guide clients on prioritizing cybersecurity investment as a driver of business growth.
This holiday season will be like no other with the continued use of remote work, greater online sales, third-party sourcing from across the globe, and employees taking much-needed time off. Cyber criminals will take advantage of these seasonal distractions to steal sensitive data, hold it for ransom, or use you as a stepping-stone to more lucrative victims.
Years ago, in a data security nightmare not so far away…I found out how quickly a brand could change from being a favorite of mine to becoming an entity I would never trust again.
In the wake of the most recent terrorist bombing in Boston, it is easy to understand why some people would be willing to sacrifice a few liberties to the government in favor of more security. A common train of thought is that an honest person does not have anything to hide, so the intrusion into our private lives is really a minor thing. In a Utopian society, I would tend to agree with that sentiment, but we live somewhere else.
Security Information and Event Management (SIEM) is a term coined by Gartner in 2005 to describe technology used to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response
Do you embrace the matrix? The fact is, once networks get to a certain size, IT organizations begin to specialize and small kingdoms emerge.
A lot of data, an overwhelming amount actually, is available from hundreds of sources, but rarely is it observed. Having something and getting value from it are entirely different.
How many days go by between news stories involving computer breaches? The truth of the matter is that as long as sensitive data is gathered by merchants, thieves will attempt to steal it.
Businesses are always looking for ways to deliver increased value to clients while optimizing efficiency, and this year is no exception. Digital transformation, remote work, and economic uncertainty are just some of the challenges impacting organizations today. As you plan next year’s budget, it’s a good idea to assess current operational successes and opportunities to increase efficiency and effectiveness.
At Black Hat 2019, Eric Doerr, GM of the Microsoft Security Response Center, reminded attendees of the interconnectedness of enterprise software supply chains and of their vulnerability to attack. Eric highlighted how supply chain compromises come in many guises
MSSPs need airtight threat detection and rapid, reliable remediation. The optimal way to do this is to ensure you have top-notch MDR capabilities 24/7/365. Many MSSPs partner with an MDR provider to achieve this.
In what should only be considered a victory for the U.S. DOJ, 2 of the 4 alleged Subway hackers responsible for potentially $10 Million dollars in computer fraud have been sentenced, and 1 of the remaining criminal’s trial is set to begin shortly.
Ransomware is a business’ worst nightmare. This malware infects computers and restricts the users from accessing any of their data until paying the ransom. What would you do to get that data back?
The number of data breaches continues to increase. Cybercrime affects your brand, your customers and your employees in ways that are unrecoverable at times. Don't let your business be affected next.
Organizations can no longer afford to be just reactive, relying solely on detection and response when it comes to cybersecurity. Threat hunting is the next step. It is a proactive approach to uncovering threats that otherwise go undetected, like multi-stage ransomware attacks and malware that lies dormant in your network until activated to exfiltrate data.
I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security Log – especially for tracking deletion of users and groups which I’ll show you first. All you have to do is enable “Audit user accounts” and “Audit security group management” in the Default Domain Controllers Policy GPO.
Ransomware risk changed dramatically for Managed Security Service Providers (MSSPs) and their clients in 2021. The Kaseya hack used a vulnerability in the popular Virtual System Administrator (VSA) remote management software to spread ransomware through MSSPs to an estimated 1,500 small-to-medium-sized businesses (SMBs) worldwide. The Cybersecurity and Infrastructure Security Agency (CISA) warns that more of the same is coming in 2022.
This post got me thinking about a recent conversation I had with the CISO of a financial company. He commented on how quickly his team was able to instantiate a big data project with open source tools.
Security Information and Event Management (SIEM) technology is an essential component in a modern defense-in-depth strategy for IT Security. SIEM is described as such in every Best Practice recommendation from industry groups and security pundits. The absence of SIEM is repeatedly noted in Verizon Enterprise Data Breach Investigations Report as a factor in late discovery of breaches.
The insider threat is typically much more infrequent than external attacks, but they usually pose a much higher severity of risk for organizations when they do happen. While they can be perpetrated by malicious actors, it is more common the result of negligence.
Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. According to reports, observations of attacks leveraging the critical vulnerabilities are increasing very rapidly. In the span of a few days, over 30,000 organizations – small businesses and municipalities included - across the U.S. have been hacked.
Persistent threats affecting businesses of all sizes and in all verticals are becoming more consistent and hitting more frequently. The 2016 Verizon Data Breach report analyzed 100,000 incidents, of which 3,141 were confirmed data breaches.
An area of audit logging that is often confusing is the difference between two categories in the Windows security log: Account Logon events and Logon/Logoff events. These two categories are related but distinct, and the similarity in the naming convention contributes to the confusion.
Detecting virus signatures is so last year. Creating a virus with a unique signature or hash is quite literally child’s play, and most anti-virus products catch just a few percent of the malware that is active these days. You need better tools, called endpoint detection and response (EDR).
It's National Small Business Week! Let's celebrate the hard work you do and make sure your business continues to grow. Have you ever thought about what would happen if your business is affected by a data breach?
In the wake of Heartbleed, comes a new form of exposure that could potentially do much more damage than any other vulnerability of its kind. It is known as Shellshock. Shellshock affects Linux and UNIX implementations that use the BASHcommand interpreter.
MITRE ATT&CKcon 3.0, the conference dedicated to the ATT&CK community, returned at MITRE headquarters in Virginia last month. As a refresher, MITRE ATT&CK® is a knowledge base of adversary tactics and techniques based on real-world observations
For the past several months, there have been numerous stories about major retailers that have been breached by hackers. The result is that millions of credit cards have been stolen. In the case of Target, so far it is reported that 40 Million customer credit cards have been exposed, and 70 Million total records with personal information have been stolen.
Microsoft 365 is immensely popular across all industry verticals in the small-to-medium-sized business (SMB) space. It is often the killer app for a business and contains valuable, critical information about the business. Accordingly, Microsoft 365 resiliency and defense are top concerns on IT leader’s minds.
PCI compliance: that daunting phrase you always hear in the world of payments…but never truly understand. Well we’re here to sum it up for you—what it is, why it’s important and what you need to meet this standard.
Defense strategies that focus exclusively on the perimeter and on prevention do not take into account the kill chain life cycle approach; this is a reason why attackers are continuing to be so successful.
Intrusion detection and compliance are the focus of log management, SIEM and security logging. But security logs, when managed correctly are also the only control over rogue admins. Once root or admin authority has been given to, or acquired by, a user, there is little they cannot do.
Threat researchers detected threat group NOBELIUM conducting several waves of malicious spear phishing email campaigns. Each wave used different technical lures and social engineering to fine-tune which threat performed best against targeted government agencies, consultants, and non-profits in over 20 countries.
During our recent webinar “Ask Netsurion Anything,” our panel of experts addressed questions on topics ranging from meeting customer needs to business best practices. Here are the key takeaways from that session and guidance for MSPs offering security services to their customers.
In 2005, the Department of Homeland Security commissioned Livermore National Labs to produce a kind of pre-emptive post-mortem report.
Ransomware is about denying you access to your data via encryption. But that denial has to be of a great enough magnitude create sufficient motivation for the victim to pay.
We have gathered what have been common comments that we hear from business owners. And today, we would like to bust these myths!
As the summer travel season quickly approaches, most people envision exchanging work clothes and school books for shorts, flip flops, and beach umbrellas as they look forward to that well-deserved vacation. Unfortunately, hackers have their own plans this summer...
Though there are many companies out there responsible for securing merchant locations from the risks of data breaches, people’s own risky behavior often leads to their ID theft problems, no matter how well merchants protect them. And with more and more merchants accepting chip cards this year, hackers are likely to go back to tried and true methods for preying on individual cardholders.
I think one of the most underutilized features of Windows Auditing and the Security Log are Process Tracking events. In Windows 2003/XP you get these events by simply enabling the Process Tracking audit policy.
For MSPs serving clients in the healthcare industry, protecting data can be complex. With compliance enforcement like HIPAA , for instance, distinguishing the owner of your clients’ data is critical —especially due to the lack of security awareness training amidst healthcare end users. Here are the five key data security tips to better protect SMB clients in healthcare.
Bad actors/actions are more and more prevalent on the Internet. Who are they? What are they up to? Are they prowling in your network? The first two questions are answered by Threat Intelligence (TI), the last one can be provided by a SIEM that integrates TI into its functionality.
In the wake of BackOff, and numerous other data breaches, consumers are demanding answers into the how and why surrounding companies who have inadvertently allowed data to be compromised given security measures accessible today.
The evolution of Security Information and Event Management (SIEM) solutions has made a few key shifts over time. It started as simply collecting and storing logs, then morphed into correlating information with rules and alerting a team when something suspicious was happening.
Users of the EventTracker platform know that one of its primary functions is to apply built-in knowledge to reduce the flood of all security/log data to a much smaller stream of prioritized alerts.
Return on investment (ROI) - it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately yield more than the initial investment outlay. But is the investment justified?
The legal world is centered on offering clients protection—and in the current technology environment, that extends to cybersecurity. With the proper security procedures, policies, training, and IT security in law firms, advanced cybersecurity is yet another way that lawyers can protect their clients today.
The rising level of security threats and public incidents demand new approaches to people, processes, and technology that optimize manual processes and harness the benefits of automation. Automation and machine learning (ML) remove inefficiencies and the potential for error or security gaps. While programmatic threat detection and incident response minimize false positives along with staff and skill shortages, it is not a panacea or quick fix. Human analysts are still the most vital link in cybersecurity defense that differentiates you in the marketplace.
Passwords keep your accounts and network safe but may also be a gateway for hackers. Here are some quick tips we recommend when creating your passwords.
Small-to-medium-sized businesses (SMBs) are continuously seeking ways to safeguard their data and resiliency against persistent criminals through increased cyber defenses. But their security service providers often find that they are ill equipped to address advanced threats, let alone know where to begin. Managed Detection and Response (MDR) solutions are gaining traction with resource-constrained organizations looking for 24/7 proactive protection. The threat landscape and MDR marketplace is evolving, creating confusion for Managed Security Service Providers (MSSPs) and customers alike.
Over the years, security admins have repeatedly asked me how to audit file shares in Windows. Until Windows Server 2008, there were no specific events for file shares.
This type of issue with a browser is so damaging because computer hackers who take advantage of it, can execute malicious code on the affected machines without the user needing to download anything or without any indication that the machine has been compromised. All a user has to do to be infected is to go to a website that has a malicious script embedded on it, and viola you have been hacked!
How much security is enough? That’s a hard question to answer. You could spend $1 or $1M on security and still ask the same question. It’s a trick question; there is no correct answer.
You must have a heard light bulb jokes, for example: How many optimists does it take to screw in a light bulb? None, they’re convinced that the power will come back on soon.
The CDC estimates that close to 80% of office-based physicians use some form of electronic medical records. This increase, coupled with recent breaches of patients’ PHI and PII, has highlighted the need for security of medical office networks.
Change is the only constant in the IT security space. Here at Netsurion, we strive to empower organizations to take on ever-evolving cyber threats regardless of the size and scope of their business operations. With this core mission in mind, we are proud to introduce John Addeo as our new Chief Revenue Officer.
Black Hat 2019 was a learning experience and success for all. All of the hackers, presenters, vendors, and attendees have gone home, but what you learned in Vegas doesn’t have to stay in Vegas. Hopefully you are bringing new information and insights back to your daily operations. Here are some of Netsurion’s key takeaways from Black Hat 2019.
Tax season is a busy time of year for hackers, given the ample opportunities to steal personal and financial information through phishing, hacking into computer networks, or other underhanded methods. Here are five tips that go beyond the basics you probably already know, like watching out for phishing and malware, keeping your anti-virus software up-to-date and using different hard-to-guess passwords for different services.
With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such as flash drives. The good news is that the Windows Security Log does offer a way to audit removable storage access.
With most employees working from home amid COVID-19 (coronavirus) outbreak, VPN servers have now become paramount to a company's backbone, and their security and availability must be the focus going forward for IT teams. It is now more important than ever that companies and IT staff set up systems to capture metrics about the performance and availability of VPN services.
The department store giant garnered unwanted attention earlier this month when they announced that a Florida store fell victim to a team of thieves who attached extremely small devices called key loggers in line with their keyboards where they plug into the registers.
Following many high-profile data breaches, consumers have elevated data privacy to front-page news and included it as criteria for brand selection and engagement. Consumers around the globe now realize that they aren’t always aware or informed about how their private information is used or shared. Fifty-four percent of consumers are more concerned with protecting their personal information than they were a year ago, according to a survey reported by Security Magazine.
Windows supports the digitally signing of EXEs and other application files so that you can verify the provenance of software before it executes on your system. This is an important element in the defense against malware. When a software publisher like Adobe signs their application they use the private key associated with a certificate they’ve obtained from one of the major certification authorities like Verisign.
While the threats have changed over the past decade, the way systems and networks are managed have not. We continue with the same operations and support paradigm, despite the fact that internal systems are compromised regularly.
For cyber criminals, everyone’s a target. We must assume that, at some point, every organization’s IT infrastructure will be breached. That’s why we need to continuously monitor, investigate, and respond to cyber threats 24/365 if we are to avoid costly breaches.
Cybercriminals are now leveraging attack vectors previously only available to well-funded nation-state actors. Security professionals know the dangers associated with distributed denial-of-service attacks (DDoS). These attacks typically target the core data transmission protocols that form the foundation of every organization' internet services.
Cloud security is getting attention and that’s as it should be. But before you get hung up on techie security details, like whether SAML is more secure than OpenID Connect and the like, it’s good to take a step back. One of the tenets of information security is to follow the risk.
We live in a brave new world where the spies of yesteryear, like James Bond and Jason Bourne, are truly falling away into the realm of fantasy, replaced instead with hackers, doing battle on the digital front.
Traditional areas of risk — financial risk, operational risk, geopolitical risk, risk of natural disasters — have been part of organizations’ risk management for a long time. Recently, information security has bubbled to the top, and now companies are starting to put weight behind IT security and Security Operations Centers (SOC).
Why has ransomware exploded on to the scene in 2017? Because it works.
Overwhelmed by the hype from security vendors in overdrive? Notice the innovation and trends and feel like jumping on the bandwagon? It’s a urge that many buyers in mid-size companies feel and it can be overpowering. That flashy vendor demo, that rousing speech at a tradeshow, that pressure of keeping up with the Joneses. So what have you done for your security lately is a nagging thought.
The range of threats included trojans, worms, trojan downloaders and droppers, exploits and bots (backdoor trojans), among others. When untargeted (more common), the goal was profit via theft. When targeted, they were often driven by ideology.
The technological revolution has introduced a plethora of advanced solutions to help identify and stop intrusions. There is no shortage of hype, innovation, and emerging trends in today's security markets. However, data leaks and breaches persist.
Winning a marathon requires dedication and preparation. Over long periods of time. A sprint requires intense energy but for a short period of time. While some tasks in IT Security are closer to a sprint (e.g., configuring a firewall), many, like deploying and using a Security Information and Event Management (SIEM) solution, are closer to a marathon.
If you think your organization is too small to be targeted by threat actors, think again. Over 60% of organizations have experienced an exploit or breach, so the stealthy and ever-evolving hacker may already be in your organization performing reconnaissance or awaiting strategic command and control (C&C) instructions.
You’ve seen it over and over again in the headlines – small subcontractors are often soft-target gateways for hacking large clients. Middle-tier businesses are very attractive and vulnerable targets for ransomware attacks. And, as recently seen in the news, Managed Service Providers (MSPs) attacked through trusted supply-chain software vendors can put their own clients at risk. These unfortunate facts have created a demand for IT service providers, including MSPs, to expand their cybersecurity offerings or at least explain their own security preparedness to customers.
So when you are a hacker and you write the most successful financial transaction hacking software in history, what do you do next? Well, if you are the makers of Backoff, you upgrade it.
Skyrocketing ransomware threats and extortion demands show no sign of slowing down in 2022. Average ransomware demands surged by 518% in the first half of 2021 compared to 2020, while payments climbed by 82% in the same period, according to Infosecurity Magazine. Crippling ransomware attacks caused an average business downtime of six days with costs in the millions.
Is it possible to avoid security breaches? Judging from recent headlines, probably not. Victims range from startups like Kreditech, to major retailers like Target,to the US State Department and even the White House. Regardless of the security measures you have in place, it is prudent to assume you will suffer a breach at some point. Be sure to have a response plan in place — just in case.
A common dedication to providing excellent client services, a driving need to enhance cybersecurity capabilities and an outstanding cyber monetization opportunity generated tremendous energy and focus among attendees at the recently concluded first annual MSSP Live event.
There are five different ways you can log on in Windows called “logon types.” The Windows Security Log lists the logon type in event ID 4624 whenever you log on.
With distressing regularity, new breaches continue to make headlines. The biggest companies, the largest institutions both private and government are affected. Every sector is in the news.
We hear a lot about tracking privileged access today because privileged users like Domain Admins can do a lot of damage. But more importantly, if their accounts are compromised the attacker gets full control of your environment. In line with this concern, many security standards and compliance documents recommend tracking changes to privileged groups like Administrators, Domain Admins and Enterprise Admins in Windows, and related groups and roles in other applications and platforms.
Today’s modern attack surface encompasses the network, cloud, endpoints, mobile devices, and applications and is constantly under attack from well-armed cyber criminals. Vulnerability management offers strategic insight into vulnerable applications and devices from the viewpoint of a cyber criminal, that you can plug before attackers can exploit. Vulnerability management is for service providers as well as their end-customers.
Here’s our list of the Top 5 SIEM complaints:1) We bought a security information and event management (SIEM) system, but it’s too complicated and time-consuming, so we’re:
Are you familiar with the Kübler-Ross 5 Stages of Grief model? SIEM implementation (and indeed most enterprise software installations) bear a striking resemblance.
Managed service providers face a double-edged sword in the world of cyber security and cybercrime. In May 2022, a joint cybersecurity advisory from the UK, Australia, Canada, New Zealand and the US warned that MSPs are increasingly being targeted by cyber criminals. And cyber attacks on MSP customers, small-and medium-sized businesses (SMBs), will also continue to rise. It’s shaping up to be another year of increasingly sophisticated cyber incidents.
The cybersecurity threat landscape is in constant motion – ever evolving. According to Kaspersky Labs, 323,000 new malware strains are discovered daily! Clearly, this rate of increased risk to a company’s assets and business continuity warrants a smart investment in cybersecurity.
The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.
For most organizations, the network map has changed dramatically. Once organizations had a defined network perimeter that clearly distinguished “inside” from “outside.” Endpoint devices like workstations and desktops were “inside,” physically and virtually. They could be authenticated once and trusted thereafter. After all, these devices never left the building.
2016 Verizon Breach Investigations Report (Part 3 of 3)
We've covered the 4 patterns of attack used by hackers, expanded on how dangerous these attacks are and how hackers are hurting your business. But did you know, many of these attacks can be prevented with a little help and knowledge?
The event, aimed at connecting the point-of-sale (POS) technology ecosystem, was extremely successful because it gave us the perfect platform to further connect with our existing partners—and to meet and interact with industry leaders.
The FBI estimates that more than 4,000 ransomware attacks have occurred daily since the beginning of 2016. That’s a 300% increase from the previous year. This is due in part to the thriving sector of “ransomware-as-a-service.”
Computers do what they are told, whether good or bad. One of the best ways to detect intrusions is to recognize when computers are following bad instructions – whether in binary form or in some higher level scripting language.
HIPAA Logging HOWTO, Part 2 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security and privacy standards for health information – both electronic and physical. The main mission of the law is “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery” (HIPAA Act of 1996 http://www.hhs.gov/ocr/privacy/). A recent enhancement to HIPAA is called Health Information Technology for Economic and Clinical Health Act or HITECH Act.
Far too many SIEM implementations are considered to be catastrophes. Having implemented hundreds of such projects, here are the three parts of a SIEM implementation which if followed will in fact minimize the drama but maximize the ROI.
The cybersecurity market is loaded with ambiguous buzzwords and competing acronyms that make it very difficult to clearly distinguish one infosecurity capability from another. If your efforts to understand what cybersecurity components you need to focus on have left you frustrated, you're not alone. Let’s cut to the chase and separate fact from fiction regarding cybersecurity’s biggest buzzwords.
We are delighted that EventTracker is now part of the Netsurion family. On October 13, 2016 we announced our merger with managed security services Netsurion. As part of the agreement, Netsurion’s majority shareholder, Providence Strategic Growth, the equity affiliate of Providence Equity Partners, made an investment in EventTracker to accelerate growth for our combined company.
I am often asked that if Log Management is so important to the modern IT department, then how come more than 80% of the market that “should” have adopted it has not done so?
While you focus on providing the best health service for your patients, it is easy to under-estimate the risks that you may be putting your practice should you implement mobile technology without basic security measures.
Cyber criminals are constantly developing increasingly sophisticated and dangerous malware programs. Statistics for the first quarter of 2016 compared to 2015 shows that malware attacks have quadrupled.
Just how much should you be spending on IT Security? It’s a vexing question to answer for many reasons as each situation has their unique circumstances and factors. But here are some insights garnered over the last decade in cybersecurity.
Imagine the lost revenue for a major retailer if they needed to shut down all of their stores for a few days, or even a few hours, especially over the busy holiday season. The impact would be devastating.
Preparing the Infrastructure From all the uses for log data across the spectrum of security, compliance, and operations, using logs for incident response presents a truly universal scenario – you can be forced to use logs for incident response at any moment, whether you’re prepared or not.
There’s plenty of interest in all kinds of advanced security technologies like threat intelligence, strong/dynamic authentication, data loss prevention and information rights management. However, so many organizations still don’t know that the basic indicators of compromise on their network are new processes and modified executables.
SC Magazine released the results of a research survey focused on the rising acceptance of SIEM-as-a-Service for the small and medium sized enterprise. The survey found that SMEs and companies with $1 billion or more in revenue or 5,000-plus employees faced similar challenges.
It has grown more challenging to protect patient privacy and secure sensitive data under HIPAA (Health Insurance Portability and Accountability Act) as the volume and persistence of cyber attacks have increased in recent years. Healthcare institutions often have vast databases of sensitive information such as credentials and credit card data that cyber criminals seek to monetize and sell on the dark web.
Organizations use 40+ products and IT tools on average to manage networks, SaaS applications, and endpoints. This fragmented approach creates data siloes and blind spots that hamper detection and incident response. Attackers actively look for easy targets like misconfigured websites and unpatched applications to exploit. Service Providers can leverage their strong business relationships and trusted advisor roles to help businesses protect their expanding attack surface and be more proactive regarding malware and breaches.
The rise in ransomware attack volume and sophistication is a wake-up call for executives and IT departments alike. Traditional perimeter-focused defenses, such as firewalls, are no longer sufficient against stealthy and financially-motivated attackers.
For many years now, the security industry has become somewhat reliant on ‘indicators of compromise’ (IoC) to act as clues that an organization has been breached. Every year, companies invest heavily in digital forensic tools to identify the perpetrators and which parts of the network were compromised in the aftermath of an attack.
Think about the burglar alarm systems that are common in residential neighborhoods. In the eye of the passive observer, an alarm system makes a lot of sense. They watch your home while you’re asleep or away, and call the police or fire department if anything happens. So for a small monthly fee you feel secure. Unfortunately, there are a few things that the alarm companies don’t tell you.
Given today’s threat landscape, let’s acknowledge that a breach has either already occurred within our network or that it’s only a matter of time until it will. Security prevention strategies and technologies cannot guarantee safety from every attack. It is more likely that an organization has already been compromised, but just hasn’t discovered it yet. Operating with this assumption reshapes detection and response strategies in a way that pushes the limits of any organization’s infrastructure, people, processes and technologies.
Here we are going to look for Event ID 4740. This is the security event that is logged whenever an account gets locked. “User X” is getting locked out and Security Event ID 4740 are logged on respective servers with detailed information.
In this fifth article of the series, we continue to explore the basic ways businesses can keep their networks safer. These include tools you can implement on your own and understand why taking action is vital to the safety of your business.
A hot trend in the Managed Service Provider (MSP) space is emerging, transforming from an MSP to a Managed Security Service Provider (MSSP). Typically, MSPs act as an IT administrator, however, the rapid rise of cloud-based Software-as-a-Service (SaaS) is reducing margins for MSPs.
Time won't give me time: The importance of time synchronization for Log Management
No matter what business you are in, it’s likely you view ransomware as one of the top cyber threats today. Adversaries are adapting and morphing their harmful techniques to better evade detection and infect a wider set of targets. As a result, ransomware has skyrocketed in the past two years, according to Cofense.
Advances in data analytics and increased connectivity have merged to create a powerful platform for change. Today, people, objects, and connections are producing data at unprecedented rates.?According to DOMO, 90% of all data today was created in the last two years with a whopping 2.5 quintillion bytes of data being produced per day.
As ransomware groups enhance their capabilities with generative AI and sophisticated automation, security leaders need to extend their detection and response capabilities more than ever.
As the importance of protecting valuable data and systems increases, organizations are facing mounting challenges in defending against sophisticated cyber attacks. To address these threats head-on, businesses are increasingly adopting advanced security solutions such as Managed Detection Response (MDR). In this comprehensive guide, we will explore the key components of MDR, highlighting its core elements, […]
The Cisco Annual Cybersecurity Report provides insights based on threat intelligence gathered by Cisco's security experts, combined with input from nearly 3,000 Chief Security Officers (CSOs), and other security operations leaders from businesses in 13 countries.
The threat landscape continues to accelerate, with sophisticated attacks becoming more commonplace as ransomware-as-a-service accelerates and legacy security tools fail to keep up. Financially motivated cyber criminals are explicitly targeting small and medium-sized businesses to steal sensitive data.
Most merchants who have been validating their PCI compliance for a few years now probably know which SAQ type applies to them. In PCI 2.0, it has been fairly simple. And now we are facing PCI 3.0.
Business uncertainty has led to widespread adoption of working from home. Since most meaningful tasks in any organization require teamwork, this remote work approach has naturally led to a dramatic rise in the use of collaboration tools such as Zoom Conferencing.
I have fond memories of playing a board game called Hungry Hungry Hippos in my younger days. Today’s medical practices mirror the chaos of the game. Each day seems more hectic than the previous...
There is a lot of discussion around Security MSSPs, SaaS (Security as a Service) and Cloud Computing these days. I always felt I had a pretty good handle on MSSPs and SaaS. The way I look at it, you tend to outsource the entire task to Security MSSPs.
Understanding the costs behind setting up and running a Security Operations Center is important to making informed decisions about how much protection you can afford and how you will go about acquiring it. The simple answer to the question “How much does a SOC cost?” is that it depends on many variables. In this article we will break down those variables and provide typical costs that you can use to inform your decision making about how to best protect your organization.
In our interconnected world, the specter of cyber attacks casts a formidable shadow. With each technological advancement, cybercriminals adapt their tactics and strategies, posing new challenges for organizations. To effectively counter these ever-evolving threats, robust cybersecurity measures are essential. Among these measures, Managed Detection and Response (MDR) has emerged as a pivotal component in fortifying […]
By now it’s accepted that SIEM is a foundational technology for both securing a network from threats as well as demonstrating regulatory compliance. However, SIEM is not fit-and-forget technology, nor is it technically simple to implement and operate.
Nearly 60% of businesses have experienced a breach in the last two years. Have you ever considered what would happen if your business was breached? Do you have a plan of action?
No one needs to be convinced that monitoring Domain Controller security logs is important; member servers are equally as important: most people understand that member servers are where “our data” is located.
Protecting a business’ IT infrastructure and data can be difficult with the abundance of threats out there, the array of new data privacy regulations, and many cybersecurity solutions to choose from. Even today, far too many businesses still claim protection with just anti-virus and firewall, when these measures aren’t enough to keep up with advanced threats.
Today’s rapidly evolving digital landscape, organizations face an ever-growing threat of cyber-attacks. The traditional reactive approach to cybersecurity is no longer sufficient to protect sensitive data and critical systems. Managed Detection Response (MDR) solutions have emerged as a proactive and effective approach to enhance cybersecurity defense. In this blog, we will explore the core components, […]
Optimize your SIEM implementation by avoiding redundant analysis and focusing on the highest-value log data first. Deciding which logs to analyze is an important step in the process of SIEM implementation. Every organization must answer this question based on its own network infrastructure, security posture, and risk profile.
Shared threat intelligence is an attractive concept. The good guys share experiences about what the bad guys are doing thereby blunting attacks. This includes public-private partnerships like InfraGard, a partnership between the FBI and the private sector dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
Unfortunately, IT is not perfect; nothing in our world can be. Compounding the inevitable failures and weaknesses in any system designed by fallible beings, are those with malicious or larcenous intent that search for exploitable system weaknesses.
Introduction to Managed Detection Response (MDR): Managed Detection Response (MDR) has emerged as a crucial component in the field of cybersecurity, providing organizations with enhanced threat detection and response capabilities. In this blog, we will delve into the history of MDR, exploring its origins, advancements, and its current role in the modern cybersecurity landscape. Early […]
Most security technologies are ineffective against unauthorized users with stolen credentials. Cybersecurity vendors spend a great deal of time and money warning against technical exploits and ransomware attacks. These are undoubtedly serious threats, but they are not nearly as complex or dangerous as compromised credential attacks. In fact, although ransomware dominates headlines in the cybersecurity […]
This fundamental tradeoff between security, usability, and cost is critical. Yes, it is possible to have both security and usability, but at a cost, in terms of money, time and personnel. While making something both cost efficient and usable, or even making something secure and cost-efficient may not be very hard, it is however more difficult and time consuming to make something both secure and usable. This takes a lot of effort and thinking because security takes planning and resources.
Breaches continue to be reported at a dizzying pace. In 2018 alone, a diverse range of companies — including Best Buy, Delta, Orbitz, Panera, Saks Fifth Avenue, and Sears — have been victimized.?These are not small companies, nor did they have small IT budgets. So, what’s the problem?
We're thrilled to announce our momentous milestone as we start our journey of 15 years in the managed detection response field. Reflecting on our achievements, we express our appreciation for our outstanding team and valued industry partners. To honor this occasion, we're introducing Lumifi Day, a special celebration dedicated to our team members. Lumifi Day […]
Security Subsistence Syndrome (SSS) is defined as a mindset in an organization that believes it has no security choices and is underfunded, so it minimally spends to meet perceived statutory and regulatory requirements.
More Work-from-Home (WFH) scenarios due to COVID-19 present challenges as employees move from a trusted and secured office network to home networks with a variety of technology and cybersecurity rigor. Here are some tips to stay safe as you and your employees work remote.
Q. Can you share with us the journey of Datashield/Lumifi and how it has evolved in the field of Managed Detection and Response (MDR)? What were the key milestones and challenges along the way? Datashield/Lumifi has come a long way in Managed Detection and Response (MDR). Our journey began as an investment by myself and […]
Banks have always been a prime target for cybercriminals. With enormous stores of cash and consumer data, and the massive threat of financial losses, regulatory consequences, and reputational damage, there’s really no choice for financial institutions but to innovate and accelerate their cybersecurity strategies.
With UEBA-powered platforms like Exabeam, you can catch threat actors who already work within your network. External threats aren't the only kind of threat security leaders need to prepare for. Insider threats often pose an even greater risk.
You can make UEBA technology work right out of the box – but custom configuration is needed to unlock its real value. User Entity and Behavioral Analytics (UEBA) technology is a game-changing addition to any security tech stack. UEBA-enhanced insights allow security teams to detect sophisticated attacks that other technologies often miss. Compromised credentials and […]
Discover PCI DSS v4.0, the latest global standard for securing payment card data. Released March 31, 2022, it enhances security against evolving threats.
Government agencies are quietly suffering a significant uptick in security incidents and data breaches – but the cybersecurity industry doesn't seem to have noticed yet. One insight stands out among the many contained in Verizon' 2023 Data Breach Investigation Report.
Cybercriminals are adopting new, more sophisticated tactics. Security leaders can't depend on purely technical solutions that ignore the human element. If there is one broad theme to Verizon's 2023 Data Breach Report, it's that the arms race between cybercriminals and cybersecurity professionals hinges on the human element more than ever. The report declares this clearly […]
Are you compliant with PCI DSS Version 4? Restaurants, retailers, hotels, doctors' and lawyers' offices, and many more, all need to watch for PCI DSS updates to remain compliant.
Now that advanced cybersecurity protections are a must-have in today’s landscape, organizations of all sizes are increasingly seeking out and leaning on a trusted security partner to manage their security services. A recent study released by Forrester revealed that 57 percent of companies are seeking outside help for IT systems monitoring and 45 percent are outsourcing threat detection and intelligence.
RSA Conference 2020 has come and gone. It still maintains its status as the largest security event in the world, although attendance dipped from last year due to virus jitters and travel restrictions. While the mood at RSA Conference (RSAC) overall was a bit more subdued than in the past, attendee engagement with the Netsurion team to discuss co-managed SIEM in the expo hall was at an all-time high.
Automation isn't always a replacement for human expertise. The two must work together to generate lasting security value. Security Operations Centers have struggled with workforce shortages for years. Experts were already alarmed at the growing cybersecurity talent gap back in 2017.
In this fourth article in the series, we continue to explore some of the basic ways that business of all sizes can keep their computer systems safer. We will discuss the topic of programs, ports and services.
While IT security teams identify, hunt, and remove specific variants of the ransomware, there may already be unknown mutated varieties lurking dormant and ready to execute.
It’s no secret that cybersecurity threats are rising for organizations of all sizes and industries. U.S. cybersecurity authorities like the CISA, NSA, and the FBI are aware of recent reports of increased malicious cyber activity and expect this trend to continue. Organizations face security gaps and weaknesses from a patchwork of IT products and tools with little visibility and a false sense of security.
The use of stolen or compromised credentials remains the most common cause of a data breach. It was responsible for 19% of breaches studied by IBM in 2022. The reason? These attacks are relatively easy to plan and execute.
Security leaders are increasingly being asked to do more with less. In-house capabilities don't scale fast enough to keep up. Business leaders are cutting costs across the board in preparation for a potential recession. Business units that were used to receiving ample funding are hitting limits to near-term growth. Organizations that used to fund ambitious […]
In a recent webinar, we demonstrated techniques by which EventTracker monitors DNS logs to uncover attempts by malware to communicate with Command and Control (C&C) servers. Modern malware uses DNS to resolve algorithm generated domain names to find and communicate with C&C servers.
Security is an ever-escalating arms race. The good guys have gotten better about monitoring the file system for artifacts of advanced threat actors.
While software that can be installed on your PC and used to remotely connect when you are away from your home office can be very handy, it also comes with risks that may not be apparent at first.
There’s an old saying: Their bark is worse than their bite. However, this is not the case with the penalties of non-compliance when it comes to the General Data Protection Regulation (GDPR). With the enforcement date of the GDPR having passed on May 25, 2018, any company not in compliance could be in for a very nasty shock.
Imagine dealing with a silent, but mentally grating barrage of security alerts every day. The security analyst’s dilemma?
Today’s always-on digital businesses and service providers rely on web applications and APIs to fuel growth, run eCommerce sites and customer portals, and engage 24/7 with customers. Cyber criminals are also targeting these public-facing assets for monetary gain or to make a political statement. In fact, 43% of data breaches have been tied to web application vulnerabilities, highlighting the importance of understanding and protecting these business-critical assets. Managed Service Providers (MSPs) must also make protecting web applications a key priority.
Did you know that Microsoft is a security vendor? No, it’s true. For years, the company was hammered by negative public perception and the butt of jokes around the 2002 "trustworthy computing" memo. The company has steadily invested in developing a security mindset and the product results are now more visible to the public. It was the fall of 2008. A variant of a three year old relatively benign worm began infecting U.S. military networks via thumb drives.
Over 7 billion global devices in an always on and continuously connected world create a soft target for today’s attacker. Whether working to monetize data or make a political statement, adversaries are well funded and staffed in the battle for endpoint access and control.
How do you figure out when someone was actually logged onto their PC? The data is there in the security log, but it’s so much harder than you’d think.
In the dark ages of personal computers (1980′s and 90′s), you either needed to be a computer geek or have access to one if you wanted any device to work with your computer. You had to go through a complicated driver installation process, and possibly replace system files. My how the world has changed.
What is the true cost of a data breach? A data breach affects your business, brand, and reputation. But it can be prevented.
Threat hunting is gaining traction as businesses look for more proactive methods to combat multi-stage ransomware attacks and devious “low and slow” hackers. Threat hunting complements threat detection and response to provide a more comprehensive and layered approach. Many managed service providers (MSPs) actively seek ways to become proactive and offer guided remediation that actively stops and blocks threats. The lack of staff and skills, along with unfamiliarity with threat hunting processes and techniques, can all inhibit adoption.
It is becoming more and more frequent to read about electronic data breaches in the news these days. Unfortunately, what is not touched on as frequently are the physical security issues present in restaurant and retail establishments.
Every 3 years the Payment Card Industry Data Security Standard (PCI) is updated to a new version. The time for the next release is right around the corner. Are you Ready?
Despite the fact that security industry has been fighting malicious software – viruses, worms, spyware, bots and other malware since the late 1980s, malware still represents one of the key threat factors for organizations today. While silly viruses of the 1990s and noisy worms (Blaster, Slammer, etc.) of the early 2000’s have been replaced by commercial bots and so-called “advanced persistent threats,” the malware fight rages on.
Ideas to Retire is a TechTank series of blog posts that identify outdated practices in public sector IT management and suggest new ideas for improved outcomes. Dr. John Leslie King is W.W. Bishop Professor in the School of Information at the University of Michigan.
In this entry we discuss the topic of anti-virus protection. There are many questions that come up when we talk about this topic. So here are a few answers to your questions.
A new ransomware variant is sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems.
It’s clear that we are now working under the assumption of a breach. The challenge is to find the attacker before they cause damage. Once attackers gain a beach head within the organization, they pivot to other systems. The Verizon DBIR shows that compromised credentials make up a whopping 76% of all network incursions.
There is great interest among security technology and service providers about the intersection of global threat intelligence with local observations in the network. While there is certainly cause for excitement, it’s worth pausing to ask the question “Is Threat Intelligence being used effectively?”
Many of our customers and resellers have asked how Heartbleed affected Netsurion services. In a nutshell, the managed services that make up our product offerings were not directly affected by Heartbleed.
Effective Incident Response (IR) always involves the IT security professionals who know their business and cybersecurity posture best. But whose job is it to actually respond to incidents, and what are the best practices?
?The presidential debate, as entertaining as it was for many, was a great place to hear about the focus needed on cybersecurity issues in this country. Both candidates were asked the following question on the topic of cybersecurity in the U.S...
Does this sound familiar? You have no control of your environment and most of your efforts are diverted into understanding what happened, containing the damage, and remediating the issue.
Square strives to make financial transactions simple enough so that the average person on the street can participate. Before Square, a regular person without a bank supplied merchant account could not take credit cards. Today, Square allows everyone with a smart phone to accept credit cards, and now the company is focusing on another market – person to person cash payments.
Even though your business may have cybersecurity insurance, it doesn’t mean you can avoid the steps necessary to prevent bad things from happening. Similar to our own healthcare, it’s no secret that being diligent with preventative care and a consistent healthy lifestyle not only protects your health but also protects your pocketbook from more serious illness, no matter what kind of insurance you have.
Every now and then hackers develop a piece of malware that is so insidious that it changes the landscape of computer security and acceptable practices. While there are many contenders for this dubious list, CodeRed, Zeus, and now Backoff are certainly worthy of inclusion.
2015 was a tough year for the healthcare industry. Some are even calling 2015 “the year of the healthcare hack”. Last year, over 65% of the data breaches occurred in the healthcare industry...
We recently released the findings of the Security Information and Event Management (SIEM) study conducted by Cybersecurity Insights. The study surveyed over 345 IT and Security executives and practitioners, with 45% of them small and mid-sized firms with 999 or fewer employees and the balance comprised of enterprise organizations with 1,000 or more employees.
Merchants know by now that after October 1st the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction. This means that merchants will be more accountable if EMV is not implemented.
There are three cybersecurity “givens” that small-to-medium-sized businesses (SMBs) often face. One is you are not too small to be targeted by cyber criminals. Even big ransomware gangs are refocusing their efforts on mid-sized victims to avoid scrutiny. A second is that your attack surface is expanding – particularly with the move to cloud, Software-as-a-Service (SaaS) adoption, and Work-From-Home (WFH) – while threat actors continue to evolve new, more sophisticated approaches.
The year 2018 saw ransomware families such as CryptoLocker and variants like Locky continue to plague organizations as cybersecurity adversaries morph their techniques to avoid detection. Several massive data breaches this year include Quora, Ticketmaster, and Facebook that exposed over 200 million records worldwide. As the year winds down, here’s what small and mid-sized organizations may experience in 2019 with an eye towards enhancing security.
In computer terminology, a honeypot is a computer system set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of IT systems. Generally, a honeypot appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
The ELK (Elasticsearch, Logstash, Kibana) stack is a popular open source log analysis and management platform. The collection, processing, normalization, enhancement, and storage of log data from various sources are grouped under the term “log management.”
The holidays are a busy time for most business owners as they ramp up to serve consumers excited to find holiday specials, or even as they prepare for time away from their businesses to spend time with friends and family. Hackers know that you are distracted from your core duties and normal routine and will look for vulnerabilities in your systems.
We have been implementing Security Information and Event Management (SIEM) solutions for more than 10 years. We serve hundreds of active SIEM users and implementations. We have had many awesome, celebratory, cork-popping successes. Unfortunately, we’ve also had our share of sad, tearful, profanity-filled failures.
Software-as-a-Service (SaaS) applications and infrastructure providers like Amazon Web Services (AWS) and Microsoft Azure have become the norm for organizations large and small. Enhancing cloud security maturity is even more critical given the proliferation of cloud workloads and a chronic shortage of cloud expertise.
As a Managed Service Provider (MSP) offering IT infrastructure and end-user systems, your clients rely on you with their valuable assets, sensitive data, and intellectual property. What security best practices can MSPs utilize to avoid becoming a headline?
When we originally conceived the idea of SIEM and log management solution for IT managers many years ago, it was because of the problems they faced dealing with high volumes of cryptic audit logs from multiple sources. Searching, categorizing/analyzing, performing forensics and remediation for system security and operational challenges evidenced in disparate audit logs were time consuming, tedious, inconsistent and unrewarding tasks. We wanted to provide technology that would make problem detection, understanding and therefore remediation, faster and easier
Often when I engage with a prospect their first question is “How many events per second (EPS) can EventTracker handle?” People tend to confuse EPS with scalability so by simply giving back an enormous-enough number (usually larger than the previous vendor they spoke with) it convinces them your product is, indeed, scalable.
When it comes to selling security, one of the major challenges faced by managed services providers (MSPs) is changing the mind set of small- and medium-sized business (SMB) owners. With massive breaches hogging news headlines today, security is hard to ignore.
DNS is an attractive mechanism for performing malicious activities like network reconnaissance, malware downloads, or communication with their command and control servers, or data transfers out of a network. Consequently, it is critical that DNS traffic be monitored for threat protection.
The old Haunted Hotel with squeaky wood floors, welcomed all guests who dared enter the front doors. Guests arrived from every nation – every corner of world – ready to spend money and explore.
Ransomware is a popular weapon for cyber criminals. Worldwide in 2020, there were 304 million ransomware attacks, a 62% increase from the year prior, according to Statista. All verticals are vulnerable to these ransomware attacks, which if successful, are a blot on financial statements of the targeted organizations.
Customers look to Managed Security Service Providers (MSSPs) as trusted advisors in achieving digital transformation and navigating ever-evolving data security and privacy regulations. In times of uncertainty, it’s critical to over-deliver and boost your security posture.
It’s understandable that the primary goal of any healthcare practice is to keep their patients healthy and safe. But what about keeping their patients’ data safe too?
It doesn't rhyme and it's not what Whittier said but it's true. If you don't log it when it happens, the evidence is gone forever.
It was great to be back in Chicago for ChannelCon 2022. Thank you to CompTIA for their successful event, with 1,000 attendees and vendor partners for the extensive formal and informal learning opportunities enabling us to recommend and reinvigorate after the last 24 months.
As I reflect on this year, a Shakespearean quote plays out in my mind – when King Henry the Fifth is rallying his troops to attack a breach, or gap, in the wall of a city, “Once more unto the breach, dear friends”...
Ransomware has made a resurgence and is impacting both IT service providers and the businesses they serve. What if you had insights into cyber criminal tactics and techniques happening in your environment? What if you knew more about the adversaries you face in this cyber battle? Can you help prioritize potential threats to stop a ransomware attack before it’s too late? The MITRE ATT&CK framework enables defenders to optimize protection beyond legacy tools like anti-virus.
As data breaches occur more and more, it is no secret that the market needs more cybersecurity professionals. Here are a few statistics on the need to educate the next generation on pursuing cyber professional careers.
You may recall that back in 2012, then Secretary of Defense Leon Panetta warned of “a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life.” This hasn’t quite come to pass has it? Is it dumb luck? Or are we just waiting for it to happen?
When business owners start looking at Point-of-Sale (POS) systems, they may feel overwhelmed at the infinite amount of options they can find online. How does a business owner make a decision? How do they know it’s the right decision?
Analytics is an essential component of a modern SIEM solution. The ability to crunch large volumes of log and security data in order to extract meaningful insight can lead to improvements in security posture. Vendors love to tell you all about features and how their particular product is so much better than the competition.
Equifax, one of the big-three US credit bureaus, disclosed a major data breach. It affects 143 million individuals — mostly Americans, although data belonging to citizens of other countries, for the most part Canada and the United Kingdom, were also hit.
When you think about electronic security, what comes to mind? Do you consider how vulnerable your customer credit cards are, or how easily someone can break into your on-line bank account? These are the most profitable avenues of attack that thieves usually focus on, but occasionally, cybercriminals are motivated by something besides greed.
There is a new trend facing people who rely on help desks. Hackers are targeting help desks because they know that the people who provide you support have the access into your systems that they want to exploit.
Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event security information that your SIEM should be ingesting and correlating with security events more than ever before. There’s at least 4 categories of security information that you can leverage in your SIEM to provide better analysis of security events
A financially motivated ransomware gang hit 23 local governments in Texas in a coordinated attack. Ransomware is a type of malicious software, often delivered via email or drive-by web downloads, that locks up an organization’s systems until a ransom is paid or files are recovered by other means such as backup restoration.
If you manage any Linux machines, it is essential that you know where the log files are located, and what is contained in them. From a security perspective, here are 5 groups of files which are essential. Many other files are generated and will be important for system administration and troubleshooting.
The gap between the ‘time to compromise’ and the ‘time to discover’ is the detection deficit. According to Verizon DBIR, the trend lines of these have been diverging significantly in the past few years. Worse yet, the data shows that attackers are able to compromise the victim in days but thereafter are able to spend an average of 243 days undetected within the enterprise network before they are exposed.
In 2020, we saw digital transformation accelerate along with rising ransomware, threats caused by human error and misconfigurations, and challenges in IT staff retention. While there is no crystal ball, cybersecurity experts share how organizations can optimize finite resources and prioritize security measures.
Maintaining strong cybersecurity is crucial as organizations make impromptu decisions to send more and more employees to work from home to help minimize the spread and impact of COVID-19. Before you expand and extend your remote workforce, it’s critical that you take appropriate steps to ensure that by decreasing a health risk to your business, those same actions don’t conversely increase a cybersecurity risk.
When we are attacked, we feel a sense of outrage and the natural tendency is to want to somehow punish the attacker. To do this, you must first identify the attacker, preferably accurately, or else. This is easier said than done, especially online.
I’m a big believer in security analytics and detective controls in general. At least sometimes, bad guys are going to evade your preventive controls, and you need the critical defense-in-depth layers that detective controls provide through monitoring logs and all the other information a modern SIEM consumes.
Faced with rising cybersecurity concerns, MSPs and mid-sized organizations are maturing their security posture beyond a network operations center and help desk. But few have realized a centralized security operations center (SOC) with a formal charter and full-time staff.
As the second iteration of the WannaCry ransomware impacting IT infrastructure around the globe is expected, we want to arm our customers with information to be best prepared.
As the holidays swiftly approach, many of us are making lists and plans as part of the crescendo of year-end activity. We don’t want to forget anything important, but is ensuring safety from cybercrime at the top of your list?
A common hacking method is to steal information by first gaining lower-level access to your network. This can happen in a variety of ways: through a print server, via a phished email, or taking advantage of a remote control program with poor security.
Windows gives you several ways to control which computers can be logged onto with a given account. Leveraging these features is a critical way to defend against persistent attackers.
Increasing complexity and frequency of attacks have escalated the need for detection of attacks and incident response. Endpoints are the new battleground as they are a) more pervasive across the network, b) more commonly used by non-IT personnel, and c) less well-defended by IT teams who first move to secure the data center. Endpoint detection and response (EDR) solutions meet the need to rapidly investigate large numbers of systems for evidence of malicious activity, quickly uncover, and then remediate attacks and incidents.
Success starts with a well-planned strategic budget. Face the fear…now’s the time to plan for powerful yet practical cybersecurity.
While nation-state threat actors and external hackers often garner the headlines, insider threats are an often-overlooked threat vector. Rockwell-Boeing, Anthem Healthcare, and Capital One are just a few organizations with damaging data breaches caused by insiders.
What security events get logged when a user logs on to their workstation with a domain account and proceeds to run local applications and access resources on servers in the domain?
When Target announced that it had suffered a major breach of approximately 40 million credit cards and 70 million customer records, the nation as a whole took a collective gasp in shock. In the aftermath of the initial disclosure, the public then heard from Neiman Marcus that it too had suffered an electronic breach of data that may include credit cards.
Both technologies provide endpoint protection, but with different levels of sophistication. For years, endpoint detection and response (EDR) has formed the backbone of many enterprise cybersecurity solutions. EDR technology enables greater visibility into systems, allowing security professionals to detect threats from file-less attacks, document-based malware, and zero-day exploits.
It continues to be challenging being a Chief Information Security Officer (CISO) today – and this year promises no rest. As high-profile data breaches escalate, CISOs, CIOs, and other information security professionals believe their organizations are more likely than ever to fall victim to a data breach or cyber attack.
What's the cost of securing your network from a cyber attack? According to Precision Analytics and The CAP Group, many companies are now spending less than 0.2 percent of their revenue on cybersecurity, at least one-third less than financial institutions. If that's you then you may have a cyber blind spot.
The argument is an old one; are you better off with a network-based detector, assuming all hosts will eventually communicate, or should you look at each host to determine what they are up to?
A data breach today takes 127 days to detect, according to the Ponemon Institute. Comprehensive visibility and real-time analysis of device and application log data provide an early warning of cybersecurity threats before damage occurs. Log monitoring and Security Information and Event Management (SIEM) decision makers sometimes make short-sighted financial decisions to reduce log sources, only to find that it impacts security decision making and incident response.
Regulatory compliance is a necessary step for IT leaders, but it’s not sufficient enough to reduce residual IT security risk to tolerable levels. This is not news. But why is this the case? Here are three reasons:
I often encounter a dangerous misconception about the Windows Security Log: the idea that you only need to monitor domain controller logs. Domain controller security logs are absolutely critical to security but they are only a portion of your overall audit trail. Member server and workstation logs are really just as important and I’m going to focus this article on the top 4 questions you can only answer with workstation logon/logoff events.
Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing millions of plain-text passwords. But don’t panic. Though the recent vulnerability has a more terrific name than HeartBleed, it is not going to cause as much danger as HeartBleed did.
Cyberattacks against banks and financial institutions continue to rise as cybercriminals develop new tactics. The global financial sector is one of the biggest cybercrime targets in the world. The volume and sophistication of cyberattacks on banks surged in 2022, spiking considerably at the very end of the year.
Can you simply buy a “SIEM solution”? Turns out you really cannot, no matter how hard you try nor how passionately the vendor promises. What you can buy at the store is a SIEM tool, which is a completely different thing. SIEM tools are products, while implementing a security or compliance solution involves people, process, and technology. SIEM tools are a critical part of SIEM, but they’re not the whole solution.
Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. Here we will discuss the different event IDs and error codes and how you can simplify the login failure review process.
A data breach has serious consequences both directly and indirectly. Lost revenue and a tarnished brand reputation both inflict harm long after incident resolution and post breach clean-up. Still, many organizations don’t take necessary steps to protect themselves from a potentially detrimental breach.
IT workers in general, but more so IT Security professionals, pride themselves on their technical skills. Keeping abreast of the latest threats and the newest tactics to demonstrate to management and peers that one is “worthy.”
Ransomware attack frequency is at its height as there have been more than 4,000 ransomware attacks happening each day for over a year now. Follow these tips to help avoid a ransomware breach at your business.
Randy Franklin Smith compares methods for detecting malicious activity from logs including monitoring for high impact changes, setting up tripwires and anomalous changes in activity levels. Security standards and auditors make much of reviewing logs for malicious activity.
As more service providers explore offering a Managed Detection and Response (MDR) solution, they may face indecision or inertia during startup and optimization. Managed Security Service Providers (MSSPs) know that speed matters in cybersecurity as it improves attack surface coverage, team productivity.
In most previous newsletters, we have discussed the use of logging for various regulatory mandates (such as PCI DSS, HIPAA and FISMA) as well as the use of logs for incident response and malicious software tracking. This log data can also be incredibly useful for detecting and investigating insider abuse and internal attacks.
One thing I always wished you could do in Windows auditing was mandate that access to an object be audited if the user was NOT a member of a specified group. Why? Well sometimes you have data that you know a given group of people will be accessing and for that activity you have no need of an audit trail. Let’s just say you know that members of the Engineering group will be accessing your Transmogrifier project folder and you do NOT need an audit trail for when they do. But this is very sensitive data and you DO need to know if anyone else looks at Transmogrifier.
There’s a wealth of intelligence available in your DNS logs that can help you detect persistent threats. So how can you use them to see if your network has been hacked, or check for unauthorized access to sensitive intellectual property after business hours?
Just like locking your front door is crucial to protect your house, monitoring account logins to organizational servers and workstations is crucial to detect password cracking attempts. Enhance your security operations to continuously improve visibility and defenses.
We know how tempting those summer sales are! But are you being careful on where you are swiping your card?
Remote work is seemingly here to stay, with many workers forgoing their commute to work for a nice stroll to their in-home office. The WFH movement provides great flexibility but comes with even greater challenges for cybersecurity. A 200% increase in cyberattacks has been witnessed following the remote working surge, leading to a greater […]
What is Phishing? Phishing is a type of online fraud which aims to steal personal and financial information by impersonating reputable companies. Phishing can be done through email, websites, and social media. One of the most common ways phishers try to get your information is by sending you an email from a company you do […]
OpenSSL originally warned this patch would fix a critical vulnerability impacting all OpenSSL 3.0 installations. OpenSSL has released a patch fixing the headline-making vulnerability it first announced on October 27th, 2022.
The open-source cryptographic library is an industry-standard found in an enormous range of applications. In late October, the OpenSSL Project announced it would release a patch for a critical security vulnerability on November 1st, 2022. The organization did not share any details about the vulnerability itself, other than the fact that it impacts all OpenSSL […]
What is Ransomware? An organization or user's access to data on their computer is restricted by malware known as "ransomware." Cybercriminals put businesses in a situation wherein paying the ransom is the quickest and least expensive option to recover access to their data by encoding these files and requesting a ransom demand for the decryption […]
Network Detection and Response (NDR) is an exploding field of cybersecurity, providing network-wide monitoring and advanced detection of potential malicious threat actors and suspicious activity, that other tools may miss. An NDR solution continuously scans all entities of network traffic while creating a baseline of normal network activity, creating an incredibly difficult environment for attackers […]
Biometrics 101 Biometrics utilize your physical characteristics to assess identification matters such as fingerprint scans, facial recognition, retina scans, etc. as a more advanced sector of security. Biometrics is simply defined as a biological measurement or a unique physical characteristic that not even your twin would share. Think of it as you, yourself, being the […]
Starting 18 years ago, cybersecurity awareness month has magnified into a global effort to educate, inform, and empower everyone to protect themselves online as cyberthreats continue to see dramatic increases over the past decade. As our livelihoods shift predominately online, we become more vulnerable to prying eyes and malicious threat actors. This collaboration between […]
Artificial intelligence (AI) and machine learning are positioned to assist today's enterprises as they fight to defend themselves against the rising number of cyber attacks. Real-time learning and analysis of potential cyber risks is made feasible by AI and machine learning. Additionally, they use computers to create behavioral models, employing these models to forecast […]
Learn how to use the platform's security orchestration, automation, and response (SOAR) solution to quickly investigate and resolve security incidents. Exabeam enables security teams to automate their response to security incidents, dramatically reducing the time and resources required to mitigate active attacks. The platform's Incident Responder lets analysts automate time-consuming tasks when investigating incidents and […]
Cloud Attacks: Are You Still Safe? 95% of respondents are using the cloud, according to the 2016 State of the Cloud Survey. The nature of cloud-based computing offers the prospect of severe cloud security breaches despite its fast expansion, which can significantly harm an enterprise. One of the top worries is data security. How […]
What do Microsoft, Okta, T-Mobile, Nvidia, and LG all have in common? Well, for starters, they have all been extorted by one of the most prolific and unpredictable hacking groups of 2022. The group coined, LAPSUS$, remarkably infiltrated and extorted a handful of the largest, pre-imminent tech giants in the world through a unique […]
Public Wifi & Working From Home By 2025, upwards of 36 million Americans will have entirely remote or flexible occupations, an 87 percent post-pandemic rise, according to some analysts. One might infer that having the opportunity to work outside of the office has led many employees to select open areas like cafés, diners, railway stations, […]
Every online action you perform involves sharing a bit of data – over time, that data can add up. Successful organizations and influential people rely on the public Internet to promote their brands, ideas, and products. A significant amount of time and energy goes into building a brand, and most of it is spent online.
What is Cybercrime? Cybercrime is a term that refers to all criminal activity perpetrated using computers and the internet. It includes crimes like hacking, phishing, identity theft, and more. The term cybercrime was first coined in the late 1980s by William Gibson in his novel “Neuromancer”. He used it to refer to crimes […]
The flaw has been exploited in real-world attacks, but most Palo Alto customers will remain unaffected. In the second week of August, Palo Alto Networks issued a security warning for a high-severity vulnerability in its PAN-OS operating system. Many of the company' networking hardware products use this operating system, but not all of them are […]
Data disasters come in all shapes and forms, and enterprises need to have multi-layered contingencies in place. A good enterprise disaster recovery plan protects against a wide variety of scenarios. It must ensure business continuity – or provide a plausible roadmap for it – in case of natural disasters, human errors, and malicious cyberattacks.
Examining event and endpoint logs is the first step towards building comprehensive customized rulesets. Many information security leaders have significant deployments on open-source operating systems based on the Linux kernel, and for good reason. Linux distributions like Debian and Ubuntu have a reputation for visibility and security at a price that's impossible to beat – […]
Find out how to configure Linux to generate comprehensive log feeds for SIEM, UEBA, and SOAR technologies. Linux is an attractive solution for enterprises in search of a flexible, powerful operating system. Many different operating systems use the Linux kernel, such as Ubuntu, Debian, and Red Hat Enterprise Linux (RHEL), which itself is an enterprise-ready […]
Enriched data enables analysts to conduct faster, more accurate investigations in Exabeam. The first part of this series covered some of the ways analysts can use context to build custom rules in Exabeam. Teaching Exabeam to recognize network zones and asset groups enables security professionals to cluster similar behaviors together, making it easier to investigate […]
Solution Evaluation An integral step in creating a resilient cybersecurity platform is to perform an audit of your organizations existing policies and procedures. Lumifi can help with this endeavor during our Asset Criticality Assessment, during client onboarding process, and periodically on a structured timeline. Here are components we consider when looking at the entire security […]
Cybersecurity is a very important issue for any organization, and events can lead to a variety of negative outcomes; incidents often result in data theft, financial loss, and even damaged reputation. The cost of an attack is very high, which is why it's important to be prepared for the worst-case scenario. Managed Detection and Response […]
Security Orchestration, Automation and Response (SOAR) is an integrated, automated, and orchestrated set of services that provide a response to cyber incidents. It enables the rapid identification of cyber incidents and prevents them from escalating into major disasters. SOAR was developed as a response to the need for automating incident responses and remediating security incidents. SOAR utilizes a framework that can […]
We'll chat more in detail further along here, but right away, we want to tell you what the three types of firewalls are:
The SOAR in SOAR security stands for:
You can significantly improve Windows' log reporting capabilities with a few key changes. Your SIEM works by collecting log data from across the enterprise IT environment. The more detailed and comprehensive these logs are, the more accurate its insights will be. Although Windows has a basic set of log reporting capabilities built in, the operating […]
A newly discovered Spring vulnerability enables remote code execution on enterprise Java applications. In late March, a developer publicly posted exploit code describing a zero-day vulnerability in the popular Spring Framework, a popular solution for building enterprise applications in Java. Spring is part of VMWare's suite of enterprise products, designed to let developers quickly and […]
Cybersecurity leaders prioritize security event management efficiency now more than ever. Security analysts receive messages and alerts all day long. It' a core part of the job.
There’s been a lot of recent hype about security risks with the rise of virtualization, but much of it is vague and short on specifics. There is also an assumption that all the security available on a physical server simply disappears when it migrates to being a virtual machine. This is not true.
677.66 million. That's the number of cumulative detections of newly-developed malware applications worldwide in 2020. If you think your organization's basic antivirus software can keep up with this constant barrage of attacks, well, it's simply not possible.
The average IT department manages thousands of endpoints, each coming with a very real risk of cyberattack. From laptops and servers to IoT devices and digital assistants, hackers are constantly on the lookout for an open door to infiltrate.
Your security response depends heavily on what data you log, and how you log it. Your security information and event management (SIEM) solution uses logs to build an accurate picture of your organization's security profile.
The security of data and systems is one of the most important concerns in today' business world. If your data is at risk or compromised, it can cripple your operations along with the trust others have in your business.
Companies must protect important and sensitive data no matter its form. So, what is information security? It includes everything from making sure digital information is protected against hackers to assuring a physical filing cabinet full of billing information is defended against thieves.
Security Orchestration, Automation, and Response (SOAR) tools enable analysts to establish efficient workflows for handling both common and highly sophisticated threats. Even the best enterprise cybersecurity workflows suffer from scalability issues.
Press play to get an inside look at how Lumifi works with Anomali ThreatStream.
For large organizations, managed detection and response is just one of many cybersecurity solutions that must work together seamlessly. Enterprise cybersecurity professionals have to choose their tech stack wisely.
The Federal government has defined new standards for cybersecurity event logging systems. On May 12th, 2021, just days after the headline-making Colonial Pipeline ransomware attack, the White House issued an executive order on improving the nation' cybersecurity.
Castra Managed Services is excited to announce that its company co-founder, Tony Simone, has been named Exabeam' "Technical Person of the Year" for 2021. Exabeam, the Gartner Magic Quadrant leader in security information event management (SIEM), held its annual Spotlight Partner Summit early last week, where various partners met to discuss industry trends and new developments in SIEM technology.
Is your business weighing out the pros and cons of data lake and cloud archive? We can help with that. What we need to establish first is how does your organization handle the compliance regarding your company' and customer' data? Where does that data reside? Is it secure, and if you needed to recall aging data […]
A major risk for a SIEM or SOAR is not effectively using key PowerShell logs collected. We talked about the risk of incorrect and empty logs or lack of logging required for advanced detection, and once you have them we cannot assume machine learning and modeling behavior will detect everything.
Today’s threat landscape is more diverse and expansive compared to any period since the beginning of the information age. Recent security trends such as the increase in malicious activities rising by 358% from July 2019 to July 2020 and 90% of healthcare organizations reporting security breaches to highlight the increased dangers enterprises face. To effectively detect and […]
Over the 4th of July weekend, two breaches were brought to Lumifi's attention pertaining to PrintNightmare and Kaseya. Details on PrintNightmare While you likely do not have Print Servers exposed to the world (we hope not), we also wanted to note that we are aware of this and have diligently reviewed detection methodology. POC code […]
A worrisome risk for a SIEM or SOAR is not collecting key logs used or required for the advanced modeling in today's platforms. In our experience, incorrect/empty logs or lack of logging required for advanced detection (as we discussed in the first post on this topic), is obviously bad, yet failing to pick them up […]
With a clear separation in the market among the considered vendors, the newest Gartner Magic Quadrant for EPP, showcases 4 Lumifi partners who are leading in this space. Recently, Gartner released their Magic Quadrant for EPP and we saw a clear separation in the market among the considered vendors. As an industry we have witnessed […]
Statistics show that the fallout from successful cybersecurity incidents has both financial and business-related consequences. A data breach costs the average enterprises approximately $60,000, and in extreme situations, small and medium-sized businesses may go out of business within 6 months from the date the incident occurred. Thus, to determine whether the financial cost of successful […]
The cybersecurity analyst has become the third most valuable job description in the technology industry. The increasing security incidents to IT infrastructure, the demand for accountability from end-users, and the financial cost of successful breaches are significant reasons enterprises and startups are taking cybersecurity seriously. Ambitious professionals who choose a career in IT security are […]
Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with […]
Twelve days ago, F5 announced several security vulnerabilities that went primarily overshadowed by the Exchange/Hafnium situation. It's important to understand that some of these are critical, remote command execution-level vulnerabilities that require nothing more than an attacker to connect to an F5 BIG-IP device. For those devices, being positioned "in front of" web server clusters […]
As you may know, a zero-day vulnerability in Microsoft Exchange Server was published last week that is garnering a lot of attention. Microsoft has attributed this to a known threat actor that has now compromised thousands or even tens of thousands of systems with these attacks, though it's important to understand that other attackers are […]
(Updated April 2022) The success of your managed detection and response deployment hinges on asking the right questions. Managed detection and response is a valuable element of your enterprise' security posture. With the right technologies in the hands of competent, highly trained analysts, you can significantly reduce security risks while paying a fraction of what […]
A penetration test or pen test is a simulated cyber-attack against computer systems, application systems, and IT infrastructure to discover loopholes. These simulated cyber-attacks come in diverse forms with the intent of breaching a system through its servers, web or mobile applications, and other endpoints. The purpose of pen testing is to discover exploitable vulnerabilities in […]
Learn about the MITRE ATT&CK® Framework and how cybersecurity teams leverage its matrix of tactics and techniques to assess risk and vulnerabilities within an organization. Definition The MITRE ATT&CK Framework is a knowledge base of tactics and techniques that can be used as a foundation for classifying adversary behaviors and assessing an organization’s vulnerabilities. Created in 2013 by the […]
SolarWinds Log Event Manager and Splunk Enterprise Security are two of the top security information and event management tools. Both SIEM solutions differ but offer high-performing features that simplify threat detection and response within expansive networks. Here, we look at key differentiators between both options. To effectively compare both options, the following criteria were chosen […]
SOAR is an acronym thrown around a lot within the cybersecurity industry, but what does it really mean? SOAR stands for Security Orchestration, Automation and Response. SOAR tools are the technologies used to orchestrate responses to security incidents and assign responsibilities between various tools and individuals within a security team or enterprise. The working principles of […]
An organization’s choice to seek a managed security services provider (MSSP) to guard over its IT infrastructure is usually based on three major reasons. According to Gartner’s 2020 Market Guide for Managed Detection and Response Services, they are: To simplify the decision-making process while ensuring the final choice leads to a long-lasting business relationship, here […]
Organizations of all sizes rely on managed security service providers (MSSPs) to deliver managed detection and response (MDR) and additional cybersecurity services at scale. Understanding the various service options can save your organization money and resources. The difference in technology and its usage is the primary differentiating factor between MDR providers. While some rely on […]
Cybersecurity Firm, FireEye Experienced a Major Breach in December of 2020 Castra actively investigated for deeper, specific information from our sources about how FireEye detected such a sophisticated, persistent, nation-state backed novel attack on their network and systems. This likely was the most frightening and impactful breach that we have seen happen all year.
Microsoft Defender for Endpoint, formerly known as Microsoft Defender Advanced Threat Protection, provides enterprise-level protection to endpoints to prevent, detect, investigate, and respond to advanced threats. The platform provides preventative protection, post-breach detection, automated investigation, and response to possible threats or breaches in security. Whether your company is considering implementing Microsoft Defender for Endpoint or […]
Contrary to popular beliefs, an insider threat is not always a security risk within an organization's immediate perimeter. Current employees and managers aside, an insider threat could be a former employee who had access to specific information, a third-party consultant, or a business partner. In any case, malicious insiders account for about 38 percent of […]
Statistical data shows that over one-third, or 36 percent, of ransomware infections happen due to a lack of cybersecurity training across organizations across all industry verticals. Another 30 percent of the ransomware infections worldwide materialize because of weak user passwords, while 25 percent are due to poor user practices, according to managed service providers (MSPs) […]
One can broadly define vulnerability management as a set of processes and procedures to identify, analyze, and manage vulnerabilities across a critical service's operating environment. This broad definition extends to IT systems and infrastructure, which are now as critical as power generation facilities and resource gathering operations. Keeping in mind the growing number and sophistication of […]
Recapping a highlight from Cybersecurity Awareness Month, the National Institute of Standards and Technology (NIST) has released an update to its master IT security guidance document, Special Publication 800-53. This update, "Rev 5," is the first major change to SP 800-53 in seven years, and a lot has changed in cybersecurity since 2013. The new […]
bal regions and secure an optimal level of availability and responsiveness for your services. How Azure Traffic Manager Works Azure Traffic Manager is directing client requests to the most suitable service endpoint by using a DNS (Domain Name Server). The load balancer examines the health of the endpoints and then applies a traffic-routing method to distribute the traffic. […]
Azure Security Center by Microsoft is a solution that provides unified security management across hybrid cloud workloads. It offers threat protection for data centers within both cloud workloads and on-premises. The platform also works with hybrid clouds that are not part of the Azure ecosystem. The Azure Security Center is designed to resolve a pressing problem when […]
RSA Security LLC is one of the leading providers of network security services focusing on encryption and data security. Launching their services back in 1984, they are a global security company gradually transforming their business to protect organizations in the cloud. Cloud security is not just a growing business but also an irreversible trend in […]
Alphabet’s announcement concerning the inclusion of big-data security into Chronicle led to a 5% drop in the value of Spunk’s shares and sparked a debate on which security information and event management (SIEM) tool supplies better options. As with many comparisons, a definite answer on which SIEM tool is best is one that comes with […]
Mimecast is a security company that offers solutions for corporate users to secure their email communications along with threat detection technologies. Mimecast Outlook Plugin is a tool that works on Microsoft Exchange servers to protect your email platform within the widely used Outlook platform, covering a variety of threats. How the Mimecast Outlook Plugin Works […]
Lumifi has been working with leaders in malware detection and threat intelligence for years. As we launch our cloud-native Managed Detection and Response offering with Google Chronicle, we are also integrating with VirusTotal. Read our comprehensive guide to VirusTotal and its free and enterprise features. What is VirusTotal? Google’s VirusTotal is a web-based scanner that utilizes over 70 […]
SentinelOne is known for its AI-driven endpoint security protection platform (EPP). The lightweight agent integrates with leading security tools and platforms. Their team regularly announces partnerships and development with best-in-breed tools. API-First Approach SentinelOne was created with an API-first approach, made to interface seamlessly with leading security tools. Their current automation integrations include SonicWall, Fortinet, […]
Multi-factor authentication (MFA) is a method and technology to verify a user’s identity requiring two or more credential category types for the user to be able to log into a system or make a transaction. The MFA method requires a successful combination of at least two independent credentials, which generally combines one of three following credential categories: Note: Multi-factor authentication is only not limited […]
The use of managed services is growing as organizations struggle supervising multiple sophisticated software systems and advanced corporate networks. One specific area of company outsourcing is the implementation and management of cyber defenses to protect digital assets against ever-evolving security threats. Managed Security Service Providers (MSSPs) address several business-critical issues organizations face when it comes to cybersecurity. A managed security service provider can assist in creating and deploying complex security infrastructure, managing platforms and tools, performing incident response, and providing continuous 24/7/365 monitoring. […]
As I write this, yet another ransomware attack is underway. This time it’s called Petya, and it again uses SMB to spread. But here’s the thing — it uses an EXE to get its work done.
The full interview with Greg Foss, Senior Threat Researcher at VMware Carbon Black an endpoint protection focused cybersecurity solutions provider. The interview is around the recent shift to a remote workforce due to the COVID-19 pandemic. Topics of the interview include the marketing hype, addressing a remote workforce and moving forward with the Coronavirus implications. Questions Include: As […]
A virtual private network (VPN) enables two or more devices to submit and receive data using a secure private connection over a public network such as the Internet. VPNs use a technology called "tunneling" to establish a secure connection between an organization's network and an outside network through the insecure environment of a public network […]
Cybersecurity threats based on major disasters or world events are nothing new. During the coronavirus pandemic, one threat in particular has increased much more quickly than others: phishing for sensitive information in disguised emails. During March 2020 alone, phishing attacks were up 667 percent! Protecting your system from the malicious intrusion of phishing emails is […]
Organizations of all sizes are dealing with more data than ever before, and as Lumifi learns about increasingly complex attack vectors, it is worth noting that traditional SIEM may no longer fit the purpose of the modern security program. Traditional SIEMs are based on correlation rules, with no machine learning and no behavioral monitoring. Security teams, […]
Organizations of all sizes are dealing with more data than ever before, and as Castra learns about increasingly complex attack vectors, it is worth noting that traditional SIEM may no longer fit the purpose of the modern security program.
Encryption is a method to cypher data that a user sends and receives, as well as data that resides on endpoints and servers. Any organization must handle Data at Rest and Data in Transit, the former being the data stored on corporate endpoints and servers while Data in Transit representing any message or document employees […]
Dealing with credential harvesters has its perks. Day in and day out I get to personally observe how sophisticated a phishing website can be. Some websites are so elaborate that only a trained analyst can identify them, while others are so obvious no one in their right mind would fall for it. Either way, if […]
Learn about the difference between SCADA and IoT systems and how they work and compare to one another. What are SCADA systems? Supervisory control and data acquisition (SCADA) systems have been used for decades to monitor and control production facilities or equipment across industries such as oil and gas refining, energy distribution, water management, waste […]
The Sarbanes-Oxley Act (SOX) was enacted in 2002 following a series of corporate scandals involving large public companies in the United States. The main goal of the legislation was to restore the trust in the U.S. financial markets and prevent public companies from defrauding their investors. The law, also known as the “Public Company Accounting […]
As the COVID-19 pandemic continues to grip the globe, many companies are finding it necessary to transition from on-site to remote work – and experts warn this could be the new normal for the foreseeable future. Is your company ready to make the switch securely? Lumifi has some tips on making the transition with cybersecurity […]
The ICS sector is under attack. According to the Federal Bureau of Investigation (FBI), a new security threat is on the horizon for those in the Industrial Control System (ICS) sector. While the Kwampirs remote access Trojan (or RAT) is not new, it is now targeting ICS companies and especially the energy sector. The FBI […]
Carbon Black (CB) Defense is a distributed process monitoring tool for threat detection across enterprise networks. The Carbon Black sensor executes data capturing activities to discover suspicious activities that occur within a network. Once deployed, the CB Defense sensor stays on and always collects data that can be categorized and analyzed for suspicious activities To […]
If you're an accountant or tax professional, you know that tax season is also scam season and that you're a prime target. Cybercriminals are using new, sophisticated scams that can compromise your website or infiltrate your systems with remote desktop software. These join the more traditional email-based attacks that trick you into installing malware that […]
Is Phishing Still a Problem?The short answer is yes. The long answer is that it is a growing problem for businesses each day which requires greater defense. Phishing is the most popular attack vector for criminals and has grown 65% in the last year, according to Retruster. Lumifi is here to explain phishing, how attacks […]
Learn some of the basic considerations when establishing a strong password policy for your organization. Find out some of the best practices and industry standards when it comes to user access and a password policy framework. Most places of business require that their employees access their facilities by using a key or key card. In […]
One of the greatest risks for a SIEM or SOAR platform is missing that one event that helps with accurate detection. In general, misses can occur for several reasons, although in our experience, misses mostly stem from incorrect/empty PowerShell logs or merely a lack of logging required for advanced detection.
Two more security issues announced surrounding Remote Code Execution against Remote Desktop Services (RDP). Microsoft released a notice today concerning two vulnerabilities, which would result in a Remote Code Execution vulnerability against the RDP. These are being tracked under CVE-2019-1181 and CVE-2019-1182. This is akin the previous vulnerability that we notified you on, CVE-2019-0708, aka […]
There is a lot more to cyber security than just hacking... So… Everyone wants to be a penetration tester! Lately I’ve been speaking at events, conducting interviews, mentoring new security professionals and students and every single person when asked how they want their career to progress or what they are interested in doing, like clockwork […]
Every organization works hard to attain a healthy security posture. But what does that mean? It involves a properly resourced team of network security experts working to leverage the latest information security tools. The job of the security team is to prevent attacks before they happen, protect the organization in the case of an attack, […]
In-House vs. Outsourced SIEM Management: Discover the True Cost of IT Security (Updated November 2022) Your SIEM management needs will grow over time. Can your information security team follow suit? Security information event management is one of the pillars of effective information security. Capturing and investigating event logs lets security operators detect and respond to […]
Lumifi can now combine the power of Netshield's active blocking with AlienVault's USM and immediately block rogue devices AND monitor egress network traffic to effectively block malicious behaviors like malware and phishing. Through the power of Netshield's Network Access Control (NAC), Lumifi can offer unrivaled protection for the inside of your network. Firewalls are a […]
Cross Posted from Net Friends Author(s): Net Friends
There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive definitions; so let's take a look at IDS, IPS, and UTM through that lens. IDS An Intrusion Detection Sensor (IDS) is a tool that most […]
(Updated April 2022) There are many ways to optimize and automate your SIEM workflow, but you can't replace the human element.
What's the difference between malware and legitimate software? Just as malware is often purported to be legitimate software, legitimate software sometimes uses unethical marketing and operating practices. Some folks term this "Shadyware." It is marketed as useful software, which it may be in part, but it also contains annoying or harmful functionality that negatively impacts […]
Adblocking is becoming a more and more contentious topic in recent days. Publications, understandably, do not want people to block ads - they derive much of their revenue from them. Users find them to be intrusive and often feel that they impede their usage of a site; and, given the recent meteoric rise of malvertising, […]
The concept has become increasingly important as cloud infrastructure expands throughout the enterprise IT network. (Updated May 2022)
Network segmentation is the practice of dividing a formerly 'flat' network [where every device can contact every other device] into a series of segments that have restricted communication between them. What's this mean in real terms, though? And why would you want it - and is it useful outside of making PCI compliance easier? In […]
Every organization is working hard to possess a "strong security posture." But what does that mean? A strong security posture, means you possess a healthy quantity and quality of Information Security Experts (Human Beings) and Information Security Tools (Technology/Products). Information Security Experts are leveraging Information Security Tools to prevent attacks before they happen, protect the […]
