Almost every organization is equipped with VPNs to support a remote workforce these days. Often, secure VPNs use a no-split secure tunnel, tunneling all remote workstation traffic through the security control the business has supplied. A less secure VPN option is a split-tunnel. With this method, non-business traffic routes normally within the remote network, but often with less security.
Author: Thomas
Thomas Pore is the Director of IT and Field Engineering at Plixer. He developed and leads, the Malware Incident Response and Advanced NetFlow Training programs which are being offered in cities across the USA. He is also an adjunct professor at the local community college and teaches ethical hacking. Thomas travels the globe meeting with customers and trying improve the Scrutinizer network incident response system. He helps clients optimize threat detection strategies and aids in the configuration of custom incident response solutions. He has a Bachelor of Science in Computer Science from Dickinson College.
Google Map Integration | GPS Coordinates
We were an early adopter of supporting Google map integration in our NetFlow collector system. Since then, we have had customers asked that we pull in the location information from SNMP (syslocation), IPAM solutions and other GPS coordinate applications in order to avoid a manual process.
Detecting Data Leaks
This month I had the opportunity to work with a customer that wanted to use our malware incident response system for detecting data leaks. I put together a solution that met the customers goals and thought it would make a good reference for anyone who needs a solution for detecting data leakage.
DNS Firewall : Free Update to Bind
Recently we went through an exercise which turned our DNS into a firewall for a well-maintained list of requested hostnames. It was designed to work with our host reputation feed that is provided to our FlowPro Defender customers who use it to uncover internal end systems that are reaching out to Internet systems that are known to host malware.
Verizon DBIR Hidden Message: cyber.pathogen.ai
Verizon recently released the 2016 Verizon Data Breach Investigations Report. The Verizon Data Breach Investigations Report (DBIR) is an annual publication that provides an analysis of information security incidents, focusing on data breaches. As an active member in the security community I look forward to this report annually. While reading this year’s release, I discovered a hidden message! Read more
LinkedIn Malware : Safe Browsing
As we enter 2016 please remember to browse safely. Many users have a tendency to click on links without considering the risks of their actions. Please use caution before clicking on any links. Below is an example of a Linkedin account (kashif shahzad) commenting on a post that George “likes”. This is an example of how a trusted resource, Linkedin, can serve malicious content to us.
Incident Response to C2 Domain results in Disabling Google Chrome Prefetch
I got a call the other day that lead to a fast incident response relating to a C2 domain communication. I thought I would share the steps I took to investigate the event. Ultimately I learned that Google Chrome and its pre-fetch technology can be a bit of a trouble maker.
DNS Command and Control Detection
This morning our malware incident response system triggered an event for suspected DNS “Command and Control” activities. Our security team jumped on it and I thought what we learned in the process of following up on the event was blog worthy.
Salesforce Data.com Used as Conduit to Push Malware
Companies using Data.com which is maintained by Salesforce could be in for an infection if they aren’t careful what they click on. These days attack vectors can come from anywhere, even the trusted resources we use. Many would consider data.com a trusted resource, but I’m starting to evaluate exactly what we consider a trusted resource and just how trustworthy are they.
NIKE Customer Service
Two years ago I was getting a bit over weight. Everything else was great. I have a great career, I loving relationship with my wife and I was obviously eating well. I just didn’t like the extra pounds that I was starting to pack on. Several of us were joking about it in the office but, many of us wanted to do something about it.
