All Incident Response System

Host Reputation and Domain Reputation

It’s becoming more and more evident that an effective cyber threat incident response system requires the implementation and fine tuning of a variety of...

DNS Command and Control Detection

This morning our malware incident response system triggered an event for suspected DNS “Command and Control” activities. Our security team jumped on it and...

Exchange Monitoring Tool

My colleague Jake recently wrote about Disaster Recovery Monitoring, and about how our Incident Response System, using IPFIX/NetFlow is more helpful then tools that...

Username Reporting with Netflow

I have had a few customers ask about username reporting with Netflow within their incident response system. Collecting user activity and viewing reports filtered...

Salesforce Data.com Used as Conduit to Push Malware

Companies using Data.com which is maintained by Salesforce could be in for an infection if they aren’t careful what they click on.  These days...

Malware Incident Response Plan : Detrimental 5

When I was studying at the University, every floor of every dorm had a fire extinguisher. I sort of assumed that the school had...

Identifying Compromised Hosts

Identifying a compromised host in your environment is a common task for administrators in most network environments.   What about other local hosts currently communicating...

How To Investigate Malware

If you are looking to learn about how to investigate malware, chances are you’re already infected and under the gun to uncover the source...

Incident Response System Guidelines

Working in support, customers often ask me how to start using NetFlow and IPFIX in their network monitoring tool, to get a more proactive approach to...

PCI DSS Compliance

Due to potentially steep fines and loss of customer good will, retail and financial services companies are guardedly concerned about PCI (Payment Card Industry)...