
Is your organization looking for a way to protect against a vendor-related breach? Do you want to enforce policies around how your vendors behave on your network? Read this blog to learn how.
Is your organization looking for a way to protect against a vendor-related breach? Do you want to enforce policies around how your vendors behave on your network? Read this blog to learn how.
This blog takes a look at crypto mining from a networking perspective. Fundamentally, crypto mining is a very long-lived TCP connection between a client and a server. The ports and protocol can vary, and the TCP communication can be encrypted. Discover how to prevent the worm from completing its crypto mining task.
Three unique use cases build a business case for deception technology as we mark the start of National Cyber Security Awareness Month (NCSAM).
A lot of CISOs look to the National Institute of Standards and Technology (NIST) and ISO for third-party validation of appropriate security controls and security program approaches. In this blog, read how NIST recommends Deception for protecting critical programs and high-value assets.
Don Gray recaps the Gartner® Security and Risk Management Summit 2019 commenting on three key points: deception prominently referenced in the keynote presentation, 7 imperatives of CARTA, and DevSecOps.
Internal and external cyber deception technology together is not your traditional approach to deception, nor to security in general. Since the days of honeypots, cybersecurity experts have utilized deception as a way to protect the network interior. Threat detection at the network perimeter, on the other hand, has seemingly been the role of firewalls. Read More…
Whatever you call the front, the ability to stop the enemy where you first face them is vital. A paired approach of deception both externally and internally represents a tremendous opportunity to reduce attack vectors and strengthen overall cyber defense.
Be our guest at RSAC 2019. Register with our special code to gain entrance to the RSAC Expo arena. Visit the large halls at the Moscone but also come visit us at the Early Stage Expo in the Marriott just down the street from the conference.
Successful adoption of cyber deception as an impactful security tool, and more than just another data generating detection solution, demands avoidance of these four common delusions. .
There are plenty of news articles claiming botnets and zombie computers are taking over the world. While I do not necessarily agree with the allegation, I believe whole heartedly botnets are the driving force of all attacks. Botnet risk is at it’s all time high. By hook or by crook, the first goal for any attacker … Continue reading >>>
Vendor Risk is a relatively new anomaly. I sometimes wonder how we ever got through the 90’s. It seems like only a few years ago when vendors received a key, code, or swipe card to come through the front door of our buildings whenever they liked. We trusted them to do their job once inside. I … Continue reading >>>
Over the past several weeks I have been practicing what I preach about password protection. I changed all my passwords to each of my online accounts to a unique password with a minimum of 20 random characters. I thought this would be a fairly simple thing to do. I decided on a common password manager, … Continue reading >>>
It’s budget season. For enterprise cybersecurity teams that means getting ready to ask for more. In most cases, not enough, but definitely more budget to find the needles in the haystacks. And most likely, more of the same stuff you already have. Far too many cybersecurity leaders are going to ask their executive teams for drastically … Continue reading >>>
Threat Intelligence has gotten a lot of attention in the last few years. What is it? Who understands it? Is it actionable? Plus think about the substantial investment for security organizations to create such a perishable good and then actually using it to protect a network can be complicated. Don’t forget the numerous reports about … Continue reading >>>
Shifts in the current cybersecurity service provider market somewhat resemble an episode of the infamous game show Wheel of Fortune, where contestants purchase letters to capitalize and prosper on the show. We’ve seen Managed Service Providers (MSPs) “buy an S”, or invest heavily in their businesses in order to become a Managed Security Service Provider … Continue reading >>>
In today’s society, when someone speaks of a “hacker”, we automatically assume that the person was trying to do something illegal and perform a major scam or breach into a network. The term “hacker” stirs up controversy among organizations and leaves a sore-spot with many. What if there was a solution… Are there good hackers today? If you answered “YES”, then you answered correctly.
Thinking you have to allow every connection to every open network port. Thinking because you have a VPN portal it’s secure. Thinking your a IDS isn’t based on variables on the past, and can predict the future. Thinking you won’t be chasing your tail over and over on false positives, and will not become jaded. … Continue reading >>>
As I read through articles on the latest security threats, breaches, door opening exploits, and vulnerabilities that left doors opened. I Ironically see a firewall ad next to the security article saying ‘The Complete Firewall Solution, Get Total Visibility Into Your Security”. The article in Reuters explained how many security systems found they were susceptible … Continue reading >>>
It takes an army of security professional today to identify, isolate, track, and eliminate security threats, and breaches. The convolution within network security in my opinion have reached irresponsible levels. The days of the past where anomalies were quickly squashed by the network staff on hand is over from what I’m reading. It always seems to be a … Continue reading >>>
The Problem The overwhelming volume of global IP traffic hitting networks today creates a crushing amount of security alerts. Too frequently, many of these alerts go unchecked while the quantity of alerts increases daily. Additionally, security analyst teams are frequently understaffed and resources/expertise are scarce across the industry. Together this presents the biggest security challenge … Continue reading >>>
The ransomware that brought hospitals throughout England and Scotland to an operational standstill is a strain of WannaCry/WannaCrypt ransomware which contains a potent and dangerous payload called ExtendBlue. What if you could block the ransomware? ExtendBlue exploits Microsoft’s SMB protocol and gives it legs. ExtendBlue allows the attacker to discover new exploitable systems within the … Continue reading >>>
Financial Services Companies in the financial services sector possess highly sensitive data, and therefore cyber-attackers typically consider the time, effort and risk of attacking them to be well worth the potential reward. At the same time that financial services companies need to leverage technology advances to support customer demands, they also need to provide superior … Continue reading >>>
Relentless brute-force attacks and distributed denial of service (DDoS) attacks against enterprises continue to be on the rise. Most recently we have seen Mirai, and now there is Hajime. While these cyberattacks bear some technical differences, network administrators need to be concerned with the similarities of their objectives. Reduce DDoS attacks by following the five … Continue reading >>>
Most investors have seen the disclaimer, “Past performance is not indicative of future results.” Network security professionals should have this in mind while considering threat intelligence as a foundational element for security strategies. The rapidly and ever-changing threat landscape makes the value of historical threat intelligence alone in predicting cyber attacks uncertain and the attacker’s … Continue reading >>>
Edge Intelligence Drives Proactive Network Defense Network security executives are increasingly identifying visibility as one of their top priorities. Visibility at the perimeter is essentially important. The ability to shine bright lights on the ingress & egress traffic at the edge can have a tremendously positive impact on network security and proactive perimeter defense. PacketViper … Continue reading >>>
Today’s threats demand more easy, proactive ways to identify, detect and respond to sophisticated attacks. Traditional security measures such as firewalls, IDS, endpoint protection, & SIEMs are each important, but each is only a piece of the network security puzzle. Threat hunting is a popular cybersecurity defense strategy. It is frequently associated with hunting for … Continue reading >>>
Mirai Back Story Mirai was the botnet that was responsible for the largest DDoS attack to date. Some said this botnet strain was considered “unsophisticated” but one could argue that it was brilliant in its simplicity. This boutique malware scanned IP addresses looking for specific open network ports and used brute force to introduce a list of default usernames and passwords. Once the victim source was infected, Mirai would disable remote … Continue reading >>>
Much concern and effort today revolves around protecting networks from the the awesome power of a large scale DDoS attack like Mirai. While the spreading of bots can be done in many forms, a good majority are spread by a simple scan to a network range, a response, then a password attempt. This is true … Continue reading >>>
Do you ever wonder who these technology research and advisory companies are speaking to when they write recommendations on security. If everyone had eight eyes, ten arms, two brains, and an unlimited budget, security would be spectacular! Well, maybe! Unfortunately, the reality of nature that limits our physiology and budgets dictates something different. Here’s my advice … Continue reading >>>
Doesn’t it seem like there are new kinds of risks and attacks on information security from government entities all the way down to security companies? Today, the new trending threats extend to connected cars, refrigerators, TVs, and homes. The scary part… it is only on the rise! The growing risk of cyberattacks combined with the proliferation of new malware technology is astronomical. The rise of ransomware … Continue reading >>>