June 24, 2014 | Jimmy Vo

SANS Top 20 Critical Security Controls and Security Monitoring (SIEM)

While resources such as the SANS 20 Critical Controls are helpful, businesses of all sizes face similar struggles with building and maintaining their security programs and determining their critical security controls. This can be disastrous because motivated attackers may target organizations found to lack basic security controls. The deficiency in security controls is often attributed to: Lack of internal talent Lack…

June 19, 2014 | Xavier Mertens

Tracking Patient Zero

In medical science, the patient zero is defined as "the initial patient in the population of an epidemiological investigation” (Source: Wikipedia). Information security has many links with medical science, after all, the term “virus” is used in both worlds. Wikipedia defines virus as "a small infectious agent that replicates only inside the living cells of other organisms.…

Get the latest security news in your inbox.

Subscribe via Email

June 3, 2014 | Kate Brew

MSSPs Choosing AlienVault as a Platform

The Managed Security Services business seems to be thriving, and more and more MSSPs are building their businesses on AlienVault Unified Security Management (USM.) The rapid adoption is evidenced by the new additions to the AlienVault MSSP network announced today: Cegeka, Columbus Business Solutions, GoGrid, Onsight, Hawaiian Telcom, Sedara Security, Terra Verde and T-Systems Austria. It appears that one of…

May 29, 2014 | Darrick Kristich

The Road to Compliance AND Security: Why business needs a new approach

Almost every week another major company is in the media for another security breach or data leak. Last week it was eBay. This week, it was Spotify and Office, a UK-based clothing retailer. With this continued coverage on security issues, comes a growing concern that businesses are having an increasingly difficult time maintaining a solid security posture. Pile on the…

May 27, 2014 | Kate Brew

Security by Sharing! OWASP Austin: Talk on Crowd-Sourced Threat Intelligence

Jaime Blasco of AlienVault with Kyle Smith, OWASP Austin Chapter President Jaime spoke at the Austin OWASP chapter meeting on 5/27. He is a security researcher with broad experience in network security and malware analysis. The last OWASP meeting Jaime presented at was in Barcelona sixyears ago, when he was doing penetration testing. A video recording of the talk is here …

May 22, 2014 | Roger Thornton

Trust and Risk in Ether

Who do you really trust? Of course, as security practitioners, we know the best policy is to trust no one, or at least trust no one blindly. However, this policy is not all that practical in real life. We must trust a growing number of people, companies and products just to function at a most basic level today. Personal relationships,…

May 21, 2014 | Patrick Bedwell

Blackshades Smackdown & Poking China in the Eye

Monday witnessed two separate but related activities by the US government that had the industry buzzing - a global law enforcement takedown of Blackshades malware developers and users and an unprecedented calling out of specific members of the Chinese military for hacking. From an SMB perspective, it’s a “good news – bad news” story. The takedown…

May 20, 2014 | Michael Roytman

CVSS Score: A Heartbleed By Any Other Name

Heartbleed is a vulnerability with a CVSS score of only 5.0/10. As of this morning we have observed 840 breaches related to the Heartbleed vulnerability, CVE-2014-0160. More than enough has been said about the technical details of the vulnerability; hence I’d like to use this post to discuss the vulnerability management implications of Heartbleed, because they are both alarming…

May 15, 2014 | Dominique Karg

Antivirus is Dead, hmmm?  – Surprised, We are Not

When the senior vice president of information security of Symantec announced that antivirus was dead last week, it raised a few eyebrows. Antivirus is, at least nominally, a big chunk of their business. However, back in 2008, the CEO of Trend Micro was quoted as saying the antivirus industry “sucks”, so we shouldn’t be all that shocked. …

May 13, 2014 | Patrick Bedwell

Operation Saffron Rose Catches Ajax Security Team in Cyber Espionage

FireEye published a report today on ‘Operation Saffron Rose’ documenting cyber espionage activity conducted by the Ajax Security Team, a hacking group believed to be based in Iran. The group was previously known for web defacement, but apparently they’ve moved on to malware-based spying. The techniques used to install the malware and/or acquire credentials include…

May 13, 2014 | Lauren Barraco

Top 4 Security Questions to Ask of Your Data (and The Data You Need to Answer Them)

The security industry has an unhealthy love affair with complexity and sophistication. Blame it on the media, or our own tendency towards masochism... but, whatever the reason, it seems that most are more interested in putting most of our time and attention on Advanced Persistent Threats or zero day attacks than in implementing basic security practices. The sad truth is…

May 6, 2014 | Patrick Bedwell

Vulnerability Management Programs and New Age Hackers

From Drawception.com Back in the day, hackers really didn't think to gain by their activities – they broke into systems or web sites for fun and to show off their capabilities.  While this situation was pesky, it turned out that things can always be worse.  Now, with the emergence over the last several years of…

Watch a Demo ›
Get Price Free Trial