March 20, 2015 | Jaume Ayerbe

The State of Cybersecurity and Confusion

To read this blog in Spanish, please look here. The brilliant mind of Gabriel García Marquez, known affectionately as Gabo, produced a short and vivid quote: Wisdom enlightens us when it is not useful anymore Obviously his mind was not thinking about the chores that probably you have to deal with on your day job, yet I would…

March 19, 2015 | Joe Schreiber

Intrusion Detection (IDS) for Analysts

IDS device installed? Check. IDS seeing traffic? Check. IDS generating Events? Check. Analysts investigating Events? Ummm….. Investigating IDS alerts is a process like any other; however the variable nature of Information Security often makes this process difficult to adhere to. Maintaining this process is the first step to managing your IDS and its generated events. Let’s examine…

Get the latest
security news
in your inbox.

Subscribe via email

  RSS  

March 18, 2015 | Susan Torrey

CeBit and AlienVault Partnership with Deutsche Telekom and T-Systems

It’s been an exciting week for AlienVault at CeBit, we announced a partnership with Deutsche Telekom and T-Systems, the ICT division of Deutsche Telekom, to provide ‘German Mittelstand’ mid-market customers with the ability to detect and mitigate the impact of a breach. The new offering, Cyber Defense (CD), which leverages AlienVault Unified Security Management platform, was announced during Deutsche…

March 17, 2015 | Garrett Gross

Emerging Threat - FREAK

There is quite a buzz around the newly disclosed FREAK (Factoring attack on RSA Export Keys) vulnerability, affecting major browsers, servers, and even mobile devices. When exploited, this vulnerability allows an attacker to force you (or the systems in your environment) to downgrade to a weaker grade of encryption, giving the attacker a better chance of decrypting (and then stealing)…

March 13, 2015 | Kate Brew

BSides Austin 2015 - Security is Our Anthem!

There was a large and enthusiastic audience for BSides Austin 2015! Keynote, Wendy Nather, presenting “10 Crazy Ideas for Fixing Security.” Wendy discussed “new technologies that really aren’t”, and suggested we remember the past and move on. She discussed the “literary model of software development”, noting programmers are currently somewhat like artisans, suggesting a Manufacturing Model for software development. It’s…

March 10, 2015 | Kate Brew

Crosskey Gains Visibility & Combats Banking Malware with Threat Intelligence

Crosskey is a Finnish company that develops, delivers and maintains systems and solutions for Nordic banks and capital markets. Customers range from small and regional banks to the third largest bank in Finland. Altogether, Crosskey deals with the management of over 3 million banking customers (half of Finland's population) in the Nordic region. Malware targeting financial institutions, like Crosskey, is…

March 6, 2015 | Patrick Bedwell

The Ongoing Debate about the Gap between Compliance and Security

Companies required to comply with the Payment Card Industry Data Security Standard (PCI DSS) must meet a wide range of technical and operation requirements. The challenge organizations face regarding PCI compliance has shifted from achieving the minimum level required to satisfy PCI audit requirements to incorporating security best practices into everyday activities. Otherwise, the potential exists to achieve compliance yet…

March 5, 2015 | Garrett Gross

Emerging Threat - Superfish

It’s a given that nobody likes adware loaded on their new systems by the manufacturer but usually, it is no more than a nuisance and can be easily removed in most cases. However, when that software includes a major security flaw, making man-in-the-middle attacks infinitely easier to carry out, you have a major issue on your hands. Just…

March 3, 2015 | Joe Schreiber

MSSP Success Series: Name Your Assets

MSSPs, like any other business, are a factor of it’s People, Process, and Product. This series will offer insight into each of those factors and offer practical ways to achieve success. What’s in a name? A device by any other name, will work just as well… if not better Now that you are past the…

February 25, 2015 | Michelle Drolet

The 4 Es of Enterprise Security

Building a solid security program takes time. Every organization is different. It's very important to assess your technology, and consider both internal and external threats. An assessment will reveal vulnerabilities. The remediation process will help you take full advantage of your existing security assets and point you at any gaps that need filling. Even once your defenses are in place,…

February 24, 2015 | Kate Brew

Red Team and Blue Team Collaboration: A Talk at CUISPA 2015

Mike Saurbaugh, Manager of Information Security at Corning Credit Union and Kevin Johnson, CEO of Secure Ideas presented "Security by Collaboration: Rethinking Red Teams versus Blue Teams” at CUISPA 2015. Mike represented the Blue Team side, as the internal guy who works with Kevin, as a hired-gun third party Red Team. Red Team focuses on adversarial probing of security at companies.…

February 21, 2015 | Garrett Gross

Sofacy AKA Sednit/APT28/Fancy Bear Malicious Payloads

You’ve probably educated your users to not click on risky email attachments but what about Word files, spreadsheets or even PDFs? We send those all the time to our coworkers so how do we know what is legit and what isn’t? (Remember – one of the most visible breaches of our time (RSA 2011) started with a…