Simple Cross-Device Correlation is No Longer Enough
In today’s demanding security environment, companies are more than ever challenged to identify serious threats before they lead to a data breach. Using a SIEM tool to correlate security events is a good start, but an effective defense requires a combination of both advanced cross-device correlation and alert prioritization. We wanted to provide you some examples of […]
Next Gen SIEM for the Rest of Us
SIEM systems were first created for large enterprises and government agencies that were frequent targets of advanced cyber attacks. Back then, smaller and lower-profile organizations were able to get by with basic security tools as they were seldom the target of hackers. The world has changed and today cyber attacks have become so widespread and […]
Using a SIEM to Detect Cryptolocker Attacks
As cybercriminals continue to use ransomware as a means for profit such as Cryptolocker and Cryptowall, organizations must develop detection capabilities around this threat. SIEM technology combined with threat intelligence can be effectively used to detect ransomware. We recommend you ask your MSSP or SIEM Administrator to create the following use cases: Antivirus Repeat Infection […]
They’ve Got Your Email – Email Security Solutions
Lost or stolen laptops and now smart phones with unencrypted data account for many of the cases of compliance violations. Often the confidential data is inside an email. We recommend using an email security solution, such as Proofpoint, with integrated Data Loss Prevention (DLP) and policy-based encryption capabilities to minimize the risk of disclosing protected […]
The Vulnerability Remediation Challenge and Patch Tuesday
For the past twelve years, Microsoft’s Patch Tuesday has been a monthly reminder of the challenges with vulnerability remediation. For IT and security teams, Patch Tuesday means it’s time to assess another batch of security updates and decide which ones to deploy and when, and which ones to either defer, indefinitely or at least temporarily. […]
Anthem Inc. Data Breach – Healthcare Increasingly Target of Hackers
On January 27th, Anthem discovered that the login information for database administrators had been compromised. The investigation is ongoing, but the data breach could affect up to 80 million Anthem customers. Information stolen includes member names, member health ID numbers/Social Security numbers, dates of birth, addresses, telephone numbers, email addresses and employment information, plus some […]
Takeaways from the Penn State Security Breach
An official at Penn State stated, “In fact, on an average day last year, Penn State alone repelled more than 22 million overtly hostile cyber attacks from around the world”. This is an interesting number. However, we would surmise that they are actually counting the number of Internet drive-by attacks based source IP addresses being […]
Not Your Father’s Printer Security
As printers become more sophisticated with more resources, the discovery of new security vulnerabilities is likely to increase, which makes printer security a new focus. Hackers know that IT teams do not always prioritize securing networked printers and consider them an attractive attack vector. There are many well documented security exploits against networked printers and […]
Lessons learned from the Target Data Breach
Now that the dust has cleared from the cyber attack and data breach on Target stores last year, it is time to reflect on what happened and ensure your organization is not susceptible to a similar breakdown in security. How did Target’s data get compromised? All the facts surrounding this attack have not been disclosed […]
Recent Court Case Further Defines Organizations’ Responsibility for Cyber Breaches
It may seem unjust to be held liable by the government when a breach was actually due to actions of a criminal. However, this is not the view of the 3rd Circuit. The August 24th, 2015 opinion by the 3rd Circuit Court of appeals in FTC v. Wyndham Worldwide Corp, et al (0:14-cv-03514) reinforces the […]
CIO Guide: Why Switch to a Hybrid SOC
In today’s heightened threat environment, IT leaders must find creative ways to leverage their resources and better defend against advanced cyber attacks. Balancing the cost of IT security operations vs. the risk of a security breach is one of the toughest challenges facing IT leadership. CIOs and CISOs are seldom thanked when nothing bad happens […]
VULNERABILITY – OFFICE 365 ZWSP DETECTION
Earlier this month, security researchers at Avanan discovered a new zero-width space (ZWSP) vulnerability that was confirmed to have affected Office 365 environments between November 10th, 2018 until January 9th, 2019. ZWSP strings are non-printing Unicode characters normally used to do benign things, such as for enabling line wrapping in long words. However, with this […]
