Do you have a cyber blind spot?


What's the cost of securing your network from a cyber attack? According to Precision Analytics and The CAP Group, many companies are now spending less than 0.2 percent of their revenue on cybersecurity, at least one-third less than financial institutions. If that's you then you may have a cyber blind spot.

Time is money. Downtime is loss of money.


The technological revolution has introduced a plethora of advanced solutions to help identify and stop intrusions. There is no shortage of hype, innovation, and emerging trends in today's security markets. However, data leaks and breaches persist. Shouldn't all this technology stop attackers from gaining access to our most sensitive data? Stuxnet and WannaCry are examples of weaknesses in the flesh-and-bone portion of a security plan. These attacks could have been prevented had it not been for human mistakes.
 

Cybersecurity is an Investment, Not a Cost Center


The cybersecurity threat landscape is in constant motion – ever evolving. According to Kaspersky Labs, 323,000 new malware strains are discovered daily! Clearly, this rate of increased risk to a company’s assets and business continuity warrants a smart investment in cybersecurity.

How to Protect Your Network from Ransomware Tips from the FBI


The FBI estimates that more than 4,000 ransomware attacks have occurred daily since the beginning of 2016. That’s a 300% increase from the previous year. This is due in part to the thriving sector of “ransomware-as-a-service.” Individuals don’t need to possess a certain skill set, but rather, malware developers advertise their ransomware on the dark web to be distributed by less sophisticated attackers. This allows developers/advertisers to take their cut from the ransom amount paid.
 

The Difference Between a SIEM Solution and SIEM Tool: Features vs. Outcomes


Can you simply buy a “SIEM solution”? Turns out you really cannot, no matter how hard you try nor how passionately the vendor promises. What you can buy at the store is a SIEM tool, which is a completely different thing. SIEM tools are products, while implementing a security or compliance solution involves people, process, and technology. SIEM tools are a critical part of SIEM, but they’re not the whole solution.

Catch Malware Hiding in WMI with Sysmon


Security is an ever-escalating arms race. The good guys have gotten better about monitoring the file system for artifacts of advanced threat actors. They in turn are avoiding the file system and burrowing deeper into Windows to find places to store their malware code and dependably trigger its execution in order to gain persistence between reboots

Host-based Versus Network-based Security


The argument is an old one; are you better off with a network-based detector, assuming all hosts will eventually communicate, or should you look at each host to determine what they are up to?

Once More Unto the Data (Breach), Dear Friends


As I reflect on this year, a Shakespearean quote plays out in my mind – when King Henry the Fifth is rallying his troops to attack a breach, or gap, in the wall of a city, “Once more unto the breach, dear friends”...

For of all sad words of tongue or pen, the saddest are these: 'We weren't logging'


It doesn't rhyme and it's not what Whittier said but it's true. If you don't log it when it happens, the evidence is gone forever. I know personally of many times where the decision was made not to enable logging and was later regretted when something happened that could have been explained, attributed or proven had the logs been there.

True Cost of Data Breaches


The Cisco 2017 Annual Cybersecurity Report provides insights based on threat intelligence gathered by Cisco's security experts, combined with input from nearly 3,000 Chief Security Officers (CSOs), and other security operations leaders from businesses in 13 countries.

The Perimeter is Dead: Long-live the Perimeter


In 2005, the Department of Homeland Security commissioned Livermore National Labs to produce a kind of pre-emptive post-mortem report.

Can your Cybersecurity Posture be Called "Reactive Chaos"?


Does this sound familiar? You have no control of your environment and most of your efforts are diverted into understanding what happened, containing the damage, and remediating the issue.

Forget 007 Intel…What Truly Wins the War?


How important is intelligence in bringing victory or averting defeat? In our IT Security universe, this refers to "threat intelligence", which has been all the rage for some years now.

Security Signals Everywhere: Finding the Real Crisis in a World of Noise


Imagine dealing with a silent, but mentally grating barrage of security alerts every day. The security analyst’s dilemma? They either need to cast nets wide enough to identify all potential security incidents, or laser-focus on a few and risk missing an important attack.

EventTracker Statement on Meltdown and Spectre Vulnerability


On January 3, 2018, an industry-wide hardware-based security vulnerability was disclosed. CVE-2017-5753 and CVE-2017-5715 are the official references to Spectre, and CVE-2017-5754 is the official reference to Meltdown.

Believe it or not, compliance saves you money


We all hear it over and over again: complying with data protection requirements is expensive. But did you know that the financial consequences of non-compliance can be far more expensive?

Attribution of an attack - don’t waste time on empty calories


When we are attacked, we feel a sense of outrage and the natural tendency is to want to somehow punish the attacker. To do this, you must first identify the attacker, preferably accurately, or else. This is easier said than done, especially online.

Can you outsource the risk? Five questions to ask a managed SIEM or SOC vendor.


Given the acute shortage of security skills, managed solutions like SIEM-as-a-Service and SOC-as-a-Service such as SIEMphonic have become more widely adopted. It has proven to be an excellent way to leverage outside expertise and reduce cost, which is a challenge for companies globally. Seem too good to be true? It is and it isn’t. Regardless of how much responsibility you delegate, accountability lays firmly on the shoulders of the organization doing the delegating.

Going Mining for Bitcoin


While you’ve been busy defending against ransomware, the bad guys have been scheming about new ways to steal from you. Let’s review a tactic seen in the news called bitcoin mining. Hackers broke into servers hosted at Amazon Web Services (AWS) that holds information from multi-national, multi-billion-dollar companies, Aviva and Gemalto. The criminals were using computer power to mine the cryptocurrency, bitcoin.

Prevention is Key in Cybersecurity


“You see, but you do not observe. The distinction is clear.” Sherlock Holmes said this to John Watson in “A Scandal in Bohemia.” Holmes was referring to the number of steps from the hall to the rooms upstairs. Watson, by his own admission, has mounted those steps hundreds of times, but could not say how many there were.

Experimenting with Windows Security: Controls for Enforcing Policies


Interest continues to build around pass-the-hash and related credential artifact attacks, like those made easy by Mimikatz. The main focus surrounding this subject has been hardening Windows against credential attacks, cleaning up artifacts left behind, or at least detecting PtH and related attacks when they occur. All of this is important – especially because end-users must logon to end-user workstations, which are the most vulnerable systems on the network.

What’s Next in 2018? Our Prediction: SIEM-as-a-Utility


The traditional enterprise network has seen a tectonic shift in recent years thanks to cloud, mobility and now IoT. Where once enterprise data was confined to the office network and data center, it’s now expanded past its traditional perimeter. For instance, in a hospital, traditionally data resided in the data center, laptops, and desktop machines.

SIEM, UEBA, SOAR and Your Cybersecurity Arsenal


The evolution of Security Information and Event Management (SIEM) solutions has made a few key shifts over time. It started as simply collecting and storing logs, then morphed into correlating information with rules and alerting a team when something suspicious was happening.

You’re in the Cybersecurity Fight No Matter What: Are You Prepared?


“You’re in the fight, whether you thought you were or not”, Gen. Mike Hayden, former Director of the CIA and NSA. It may appear at first to be a scare tactic or an attempt to sow fear, uncertainty, and doubt, but truly, what this means is that it’s time to adopt the Assume Breach paradigm.

Which security functions outsource poorly and which outsource well


The IT security industry’s skill shortage is a well-worn topic. Survey after survey indicates that a lack of skilled personnel is a critical factor in weak security posture. If the skills are not available in your organization then you could: a) ignore the problem and hope for the best, or b) get help from the outside. Approach “a” is simply a dereliction of duty, and approach “b” has some negative connotations associated with the word “outsource”. It throws up images of loss of control and misaligned priorities.

Avoid Three Common Active Directory Security Pitfalls


While the threats have changed over the past decade, the way systems and networks are managed have not. We continue with the same operations and support paradigm, despite the fact that internal systems are compromised regularly.

Three myths surrounding cybersecurity


A common dysfunction in many companies is the disconnect between the CISO, who views cybersecurity as an everyday priority, versus top management who may see it as a priority only when an intrusion is detected. The seesaw goes something like this: If breaches have been few and far between then leaders tighten the reins on the cybersecurity budget until the CISO proves the need for further investment in controls.

Report All the Binary Code Executing on Your Network with Sysmon Event IDs


Computers do what they are told, whether good or bad. One of the best ways to detect intrusions is to recognize when computers are following bad instructions – whether in binary form or in some higher level scripting language. We’ll talk about scripting in the future, but in this article I want to focus on monitoring execution of binaries in the form of EXEs, DLLs and device drivers.

Can general purpose tools work for IT security?


This post got me thinking about a recent conversation I had with the CISO of a financial company. He commented on how quickly his team was able to instantiate a big data project with open source tools. He was of the view that such power could not be matched by IT security vendors who, in his opinion, charged too much money for demonstrably poorer performance.

Are you lowering your expectations to meet your SIEM performance?


It’s an old story. Admin meets SIEM. Admin falls in love with the demo provided by the SIEM vendor. Admin commits to a 3 year relationship with SIEM. And now the daily grind. The SIEM requires attention, but the Admin is busy. Knowledge of what the SIEM needs in order to perform starts to dissipate from memory as the training period recedes in the past. Log volume constantly creeps up, adding to sluggishness.