Updated: 1/6/2021
On 12/13/20, cybersecurity company FireEye published research for the SUNBURST exploit, which is affecting companies using SolarWinds software. Since the news broke, we have been experimenting with ways that Plixer’s NDR solution, Scrutinizer, can help our customers determine the impact SUNBURST may have had on their networks.
Read moreAlmost every organization is equipped with VPNs to support a remote workforce these days. Often, secure VPNs use a no-split secure tunnel, tunneling all remote workstation traffic through the security control the business has supplied. A less secure VPN option is a split-tunnel. With this method, non-business traffic routes normally within the remote network, but often with less security.
We were an early adopter of supporting Google map integration in our NetFlow collector system. Since then, we have had customers asked that we pull in the location information from SNMP (syslocation), IPAM solutions and other GPS coordinate applications in order to avoid a manual process.
This month I had the opportunity to work with a customer that wanted to use our malware incident response system for detecting data leaks. I put together a solution that met the customers goals and thought it would make a good reference for anyone who needs a solution for detecting data leakage.
Recently we went through an exercise which turned our DNS into a firewall for a well-maintained list of requested hostnames. It was designed to work with our host reputation feed that is provided to our FlowPro Defender customers who use it to uncover internal end systems that are reaching out to Internet systems that are known to host malware.
Verizon recently released the 2016 Verizon Data Breach Investigations Report. The Verizon Data Breach Investigations Report (DBIR) is an annual publication that provides an analysis of information security incidents, focusing on data breaches. As an active member in the security community I look forward to this report annually. While reading this year’s release, I discovered a hidden message! Read more
As we enter 2016 please remember to browse safely. Many users have a tendency to click on links without considering the risks of their actions. Please use caution before clicking on any links. Below is an example of a Linkedin account (kashif shahzad) commenting on a post that George “likes”. This is an example of how a trusted resource, Linkedin, can serve malicious content to us.
I got a call the other day that lead to a fast incident response relating to a C2 domain communication. I thought I would share the steps I took to investigate the event. Ultimately I learned that Google Chrome and its pre-fetch technology can be a bit of a trouble maker.
This morning our malware incident response system triggered an event for suspected DNS “Command and Control” activities. Our security team jumped on it and I thought what we learned in the process of following up on the event was blog worthy.
Companies using Data.com which is maintained by Salesforce could be in for an infection if they aren’t careful what they click on. These days attack vectors can come from anywhere, even the trusted resources we use. Many would consider data.com a trusted resource, but I’m starting to evaluate exactly what we consider a trusted resource and just how trustworthy are they.
