When my wife and I were looking to renovate our garage and landscape the yard, we went online to check our options for financing such an endeavor. Our primary bank, a typical brick-and-mortar operation with relationship managers and personal finance advisors, had a bunch of information on their website about the options we had for financing. We could do a home equity line of credit (HELOC), a personal loan, a home equity loan (second mortgage), etc. We had lots of information, but when we went down the road to application, we found that the process was extremely cumbersome and that our bank—where we’ve been a customer for over fifteen years—had grown dated along with our house. Read more
The recent SANs 2018 Survey on Endpoint Protection and Response makes clear that point-security solutions are not enough to quell the ever-growing barrage of cyberattacks. The survey polled 277 IT professionals on endpoint security concerns and practices. In this year’s survey, 42% of respondents reported that endpoint exploits were down from 53% in 2017. However, the number of those who didn’t know they had been breached jumped from 10% in 2017 to 20% in 2018. To that end, security and network professionals need a way to detect when such vulnerabilities are taking place. In this article, I’d like to outline the importance of continuing to protect your network with endpoint protection while supplementing it with network traffic analytics.
Quite some time ago, my colleague wrote about our Gigamon NetFlow support. That article will help you understand how to configure your Gigamon appliances to export rich metadata to your network and security intelligence platform. In this article, I will discuss network traffic analytics as it pertains to Gigamon, and outline some of the few areas that Gigamon can supplement the metadata exports from your existing infrastructure.
According to a recent article on BleepingComputer, a backdoor Python library can steal SSH credentials. This can lead to ssh credential misuse if undetected by IT professionals. “The module’s name is SSH Decorator (ssh-decorate), developed by Israeli developer Uri Goren, a library for handling SSH connections from Python code. On Monday, another developer noticed that multiple recent versions of the SSH Decorate module contained code that collected users’ SSH credentials and sent the data to a remote server located at: http://ssh-decorate.cf/index.php.” In this article, I’ll show you how to detect SSH credential misuse with network traffic analytics and your existing network infrastructure.
According to a recent Ponemon Institute report, the cost of insider-related breaches has escalated to over $8.7 million. What’s even more concerning is that as the cost of insider threats has increased, the cost of non-insider threats is $3.6 million, according to IBM. This means that insider incidents cost more than double that of non-insider incidents. Furthermore, the report also indicates that insider threats take more than two months to contain on average. With this in mind, I’d like to help you understand these insider threats, and how to mitigate insider threats with network traffic analytics.
According to a recent New York Times’ article, there have been cyberattacks on critical infrastructure Saudia Arabia recently. While these attacks were not elaborated on in full detail (at least not in the article), it is important to understand the importance of protecting critical infrastructure from such attacks. In this article, I’d like to help you understand what critical infrastructure is, how it’s being targeted, and how you we can protect critical infrastructure from future attacks.
One of the many robust features of Scrutinizer is the ability to create customized dashboards. Having this functionality allows IT professionals to build single-pane monitoring solutions that meet their everyday needs. This article (and video) will outline how you can create customized dashboards in Scrutinizer.Read more
With the recent news of security vulnerabilities in the Intel Active Management Technology, now seemed to be the best time to share how security and network professionals can monitor Intel AMT traffic using their existing flow and metadata collector. In this post, let’s explore what the security vulnerability is, how you can remedy the problem, and how you can look for suspicious activities that indicate a compromised system.
Transport Layer Security, or TLS, is a critical part of the internet. It allows a mechanism to secure and authenticate a connection between a host and a client. While generally considered an unbreakable security layer, TLS does have some vulnerabilities that are important for network professions to be aware of. These vulnerabilities can pose a real threat to network systems if they are not addressed. In this article, I would like to discuss how you can detect TLS vulnerabilities, as well as outline a few vulnerabilities that you should be looking for.
We’ve all come across spoofed emails at some point, and they are a real threat to the security and safety of our organizations and its employees. In this article, I’d like to explore what email spoofing is, how you can detect rogue emails on your network, and how you can take steps to safeguard your domain against spoofing attempts.