It’s becoming more and more evident that an effective cyber threat incident response system requires the implementation and fine tuning of a variety of tools like Host Reputation and Domain Reputation. Among the arsenal of tools at your disposal are some that take a fine grained approach to preventing or rooting out the bad, and …
This morning our malware incident response system triggered an event for suspected DNS “Command and Control” activities. Our security team jumped on it and I thought what we learned in the process of following up on the event was blog worthy.
My colleague Jake recently wrote about Disaster Recovery Monitoring, and about how our Incident Response System, using IPFIX/NetFlow is more helpful then tools that rely on SNMP. We at Plixer recently ran into an issue with our Microsoft Exchange Server that helps illustrate the benefit of using IPFIX/NetFlow as an analytic and investigative tool.
I have had a few customers ask about username reporting with Netflow within their incident response system. Collecting user activity and viewing reports filtered on specific users can give administrators insight and convenience when looking at user logged into the network when investigating an incident or providing detailed reports for management. Most authentication systems are …
Companies using Data.com which is maintained by Salesforce could be in for an infection if they aren’t careful what they click on. These days attack vectors can come from anywhere, even the trusted resources we use. Many would consider data.com a trusted resource, but I’m starting to evaluate exactly what we consider a trusted resource …
Salesforce Data.com Used as Conduit to Push Malware Read More »
When I was studying at the University, every floor of every dorm had a fire extinguisher. I sort of assumed that the school had learned from history that a fire will likely break out again some day. The red tanks on each floor were a proactive measure in preparation for the seemingly inevitable and I …
Identifying a compromised host in your environment is a common task for administrators in most network environments. What about other local hosts currently communicating with a compromised IP addresses, that you are not yet aware of? It’s not just a question of detecting the communication but of how long it has been going on before …
If you are looking to learn about how to investigate malware, chances are you’re already infected and under the gun to uncover the source and clean up the mess. Here are a few things to consider before you dig in.
Working in support, customers often ask me how to start using NetFlow and IPFIX in their network monitoring tool, to get a more proactive approach to detecting threats. This is why I have decided to go over a few incident response system guidelines that will save you time and money when your network is hit by the …
Due to potentially steep fines and loss of customer good will, retail and financial services companies are guardedly concerned about PCI (Payment Card Industry) compliance. The PCI Data Security Standard (PCI DSS) is a set of prescriptive data security specifications laid out to ensure the safe handling of cardholder information at every stage. The PCI …