Last month the FBI posted ALERT AC-000113-TT, which mentions an increase in unidentified cyber actors exploiting a known SharePoint vulnerability to gain access to unprotected networks. The CVE-2019-1491 vulnerability was found late last year and Microsoft posted an out-of-band patch soon after. The FBI soon raised the alert after it received reports that multiple municipalities here in the states had been compromised.Read more
So far we have used the Scrutinizer API to build a dataset that tells us how many hits our top ten countries are getting. Next, we’ll explore how easy it is to use this data to populate an open source digital heat/attack map.Read more
Every once in a while I get the opportunity to sit down and work on things that are outside of the box when it comes to Scrutinizer. Well, this month was the perfect one for that. For a long time, I’ve wanted to create a geolocation-based heatmap of countries that are being visited on the network. Honestly, I have always had a fondness for heatmaps and attack maps, specifically geo-heatmaps. With that in mind, I decided to build a script that outputs countries and their hits. I’ll then take that data and populate an open source digital heat/attack map.Read more
In my last post, titled Network Visibility: Using Dashboards to Tell a Deeper Story, we discussed how the dashboard feature of Scrutinizer can be an asset to multiple departments. I’ve had the opportunity to work with clients who had a one- or two-person shop and some who had multiple departments. There has been one common thing across all these deployments: by employing the features of the dashboard engine, they were able to reduce the time it takes to find what they are looking for. In this section, we will explore the network security department.
When it comes to network traffic monitoring, a single and unified view of your networking infrastructure is essential in ensuring that your environment is correctly watched over. It’s common to have hundreds, if not thousands, of routing and optimizing devices in today’s global networks. This tends to make monitoring things like traffic load, application usage, host usage, and more a mission-critical feature.
Earlier this year I worked on a document that addressed some of the common misconceptions about Scrutinizer. One of the subjects that caught my attention was Scrutinizer’s ability to mitigate insider threats. Honestly, I really wanted to dig deeper on all the subjects on my list, but the marketing team frowned on me passing along a hundred-page report when they were really looking or two-page fact sheet with links. As time passed, the idea of Scrutinizer’s ability to monitor, detect, and mitigate these types of threats kept on tugging at me. So when I got the opportunity to talk more about it, I jumped on it.
In today’s digital world, nothing is safe. Just today I came across this post that talks about hackers attacking network printers. It’s not far-fetched to think that your printers are a major cyberattack vector, but how can this type of attack affect your network? More importantly, how can you monitor for it?
Why should your endpoints be an important part of your network security strategy? Because even though they are out in the wild, endpoints are part of your network! We really should stop viewing endpoint devices as being separate from the rest of the network. The truth is, once an endpoint device connects to your network, it is part of your LAN/WAN and is a security concern. This means that each device with a remote connection creates a potential entry point for security threats.
In my spare time, limited as it might be, I have been taking a deep dive class on anonymous browsing. Specifically, it goes into great detail on ways to hide under the radar and on many of the legal aspects of both sides. So far the class has been right up my alley!