How to investigate and mitigate brute force attacks

February 12, 2020 | Garrett Gross
Garrett Gross

Garrett Gross

Sr. Manager, Field Enablement

Garrett Gross has always had an insatiable appetite for technology and information security, as well as an underlying curiosity about how it all works. Garrett has over 15 years of professional experience in information technology, filling several roles: systems administration, network engineering, product marketing, technical support, and helpdesk. In his current role in field enablement, he uses his experience to help managed security service providers be successful in evangelizing and operationalizing AlienVault USM.

February 12, 2020 | Garrett Gross

How to investigate and mitigate brute force attacks

What is a brute force attack? Why bother to pick a lock if you can simply kick in the door? That’s the logic behind the brute force attack, one of the most common of all security exploits. The idea behind brute force is simple: simply try all possibilities until you find the one that works. Typically, there is…

February 3, 2020 | Garrett Gross

Intrusion Detection Techniques, Methods & Best Practices

No security strategy is perfect, but those that work via multiple layers are better than those that don’t. At many organizations, for instance, intrusion detection/intrusion prevention (IDS / IPS) solutions have been deployed for many years as a logical combination with one or more firewalls. The idea is simple: if a firewall constitutes an entry point to the…

Get the latest security news in your inbox.

Subscribe via email


January 29, 2019 | Garrett Gross

9 Key Big Data Security Issues

What is big data security, anyway? If you haven’t been living in a cave the last five years, you have no doubt run across the phrase “big data” as an IT hot topic. But like so many other terms — “cloud” comes to mind — basic definitions, much less useful discussions of big data…

June 30, 2016 | Garrett Gross

Application Security: Methods and Best Practices

Application security is arguably the single biggest challenge confronting security professionals today. By “application,” I mean any internally-developed build, regardless of whether its primary intended platform is the Web, mobile devices, or a traditional desktop OS like Windows. This is because all application builds must go through the standard cycle of development, testing, settling on a release candidate,…

May 23, 2016 | Garrett Gross

Web Application Security: Methods and Best Practices

Web-based business services require trusted mechanisms by which money, sensitive information, or both can change hands. We know these as web applications; hackers know them as opportunities. How complicated is web application security? You can get a sense by surfing to OWASP — the Open Web Application Security Project, which organizes security-relevant information, including exploits of all kinds. This site…

March 28, 2016 | Garrett Gross

Rootkit Detection: Techniques and Best Practices

Continuing my discussion of common classes of attacks, this time I’ll be covering rootkits and rootkit detection. What is a rootkit? You can see it right in the etymology of the word itself; it’s a combination (kit) of software that, once root access is achieved, can carry out stealthy activity of a sort that is usually,…

March 16, 2016 | Garrett Gross

Buffer Overflow Attacks: Methods and Best Practices

One of the best ways to improve IT security is for security specialists to understand, at a fundamental level, how different kinds of exploits work. They tend to fall into clusters, based on certain core ideas. Among the most common forms, for instance, is buffer overflow attacks. The root idea is fairly simple: by inserting more data into a memory…

January 14, 2016 | Garrett Gross

User Behavior Analytics: Methods and Best Practices

Here’s a daunting question asked by many security professionals today: “How can I discover malicious user behavior more rapidly?” It’s hard enough after the fact to point at an event and say: “Aha, this was a breach underway.” But that, of course, is far too late. The goal should be to detect such events as they occur, in…

January 11, 2016 | Garrett Gross

Juniper ScreenOS Backdoor Eavesdropping

Juniper ScreenOS Nobody likes eavesdroppers, ESPECIALLY when the eavesdroppers are state-sponsored hackers, quite possibly from your own government. While officially unconfirmed, the discovery of backdoors in Juniper’s ScreenOS, correlated with what we know about some of the NSA’s digital interdiction methods, indicate that they might have been involved. NSA involvement or not, having any sort of…

December 15, 2015 | Garrett Gross

Matryoshka Malware from CopyKittens Group

A dangerous weapon in the hands of a skilled attacker is alarming but that same weapon in the hands of a novice can be terrifying. Lately, we have started to see activity from a group in the Middle East who, rather than write their own code, seem to be taking bits and pieces from existing malware to develop their own…

December 10, 2015 | Garrett Gross

Distributed Denial of Service Attacks: Protection Methods and Best Practices

In two recent blog entries, I discussed botnets — best practices in botnet detection and dealing with botnet command & control servers. This time I’ll be exploring one of their most commonplace tasks: distributed denial of service attacks. What is a distributed denial of service attack? The fundamental premise of distributed denial of service attacks is simple: flooding services or public…

December 4, 2015 | Garrett Gross

Cherry Picker POS Malware Scraping Memory and Evading Detection

Every holiday season, retailers become prime targets for point of sale (POS) and endpoint-based attacks due to the much higher volume of in-person and online transactions that take place. Attackers know that the high volume of transactions and need to minimize downtime leaves most IT teams in retail little time to detect unusual behavior. Security researchers are seeing increasingly sophisticated…