Today we are going to talk about Plixer’s new Flow Analytics algorithm, Reverse SSH Shell, which has been included in the latest Plixer Scrutinizer update. The Reverse SSH Shell algorithm identifies possible reverse SSH tunnels to external destinations.Read more
What is STIX/TAXII?
STIX stands for Structured Threat Information Expression, which is an open-source language and serialization format used in sharing threat intelligence. Think of it as the vehicle for containing the threat information. Threat intelligence is communicated as objects and is detailed or as brief as the creator would like. TAXII stands for Trusted Automated Exchange of Indicator Information and is an application protocol that uses HTTPS/HTTP to enable communication. Think of this as the highway for STIX to travel on.Read more
I can’t tell you how many calls I’ve been on where the NetOps and SecOps teams really don’t know what the other is doing. Sadly, in today’s remote-work-centric world, the relationship between the two teams has become vital in making sure the end users not only have the resources they need, but at the same time, making sure everything is safe and up to compliance requirements.Read more
Many ISPs filter bogon connections because bogon IP addresses have no legitimate use. If you find a bogon or bogus IP address in your firewall logs, it is likely due to a misconfiguration or someone intentionally creating a bogon connection for malicious purposes. This blog provides guidance on how to detect bogon connections with Plixer Scrutinizer and potentially discover other vulnerabilities that would compromise an enterprise network environment.Read more
A common tactic for bad actors to get a foothold into the network is to leverage IP spoofing to either:
- Gain access to a network using a valid IP address
- To man-in-the-middle a known service, allowing them to eavesdrop/intercept traffic
Regardless of the intention, IP spoofing can be a hard problem to track down if you don’t have proper monitoring in place. Today I will go over how this tactic can easily be detected and alarmed on using Scrutinizer and Beacon. This solution provides full endpoint device profiling as well as network traffic monitoring.Read more
How safe is your personal information? Well, several celebrity clients of a New York law firm have discovered that it’s only as safe as the weakest link. These high-profile victims became the most recent targets of the REvil ransomware attack. REvil (also known as Sodinokibi) is a network of cybercriminals who offer RaaS (Ransomware-as-a-Service). After stealing the data, the attackers began leaking the clients’ personal information to pressure the firm into paying the $42 million ransom.Read more
How do you know who’s accessing your data? Do you know if your data has been copied to other locations? Have you put enough resources into securing your confidential data? Organizations who don’t have solid answers to these questions probably don’t have a system for data governance in place. In this blog, we’ll cover the basics of data governance and how you can incorporate it in your organization’s security strategy.Read more
In our first roundup post of the decade, I’ve included interesting articles whose topics include hacking satellites, the difference in mindset between technologists and policy makers, and what happens to your private health information when a pharmacy is acquired.Read more
We’ve all had days when we think to ourselves, “Man, I wish I could just work from home in my PJs.” Recently, as companies are allowing more employees to work remotely, VPN security is a greater concern and there is a growing need to monitor VPN tunnels.Read more
Almost every organization is equipped with VPNs to support a remote workforce these days. Often, secure VPNs use a no-split secure tunnel, tunneling all remote workstation traffic through the security control the business has supplied. A less secure VPN option is a split-tunnel. With this method, non-business traffic routes normally within the remote network, but often with less security.