The term threat hunting spawns different ideas and has different meanings for seemingly everyone you talk to. Understanding what threat hunting is will help you better equip your security teams to respond to alerts and mitigate risk. But is it basic triage of known indicators of compromise (IOC) in a proactive manner or some magical Jedi skill that only masters can summon and execute?
Threat investigations are one of the most important tasks security analysts face today. To quantify the importance and complexity here are a couple of statistics from a recent IBM “Cost of a Data Breach Report 2020.” According to the report, the average time to detect and contain a data breach caused by a malicious actor was 315 days. That's a long time. Additionally, we’ve all heard the saying that “time is money” well how about this? “Organizations that are able to contain a data breach in less than 200 days saved an average of $1.12 million compared to organizations that took more than 200 days to contain a breach,” that is pretty compelling.
Creating an incident response program and team is the core of any strong cybersecurity program. According to one 2020 report, 7 million data records are compromised every day. With a better understanding of incident response, you can mature your security posture to reduce data breach risks.
An introduction of the supply chain attack caused in the Orion update protocol of the Solarwinds network management software suite of 2020.
You might have read several of our other network security blogs covering topics that people in the cybersecurity field need to know. Now is an excellent time to talk about Distributed Denial of Service (DDoS).
In our journey to be security practitioners, we must understand basic network-based techniques from both attackers and defender perspectives. Continuing on that track, let’s talk more about network scanning and its tools and techniques today.
Today’s most widely used security toolkit is OpenSSL, not only due to its licensing terms (including a commercial use with no restrictions whatsoever) but due to its rich plethora of facilities and building blocks we can use to build any sophisticated cryptosystem.
It is also a rich learning tool, and despite its serious nature, we can use it to understand several basic questions like how internet banking works or how cryptocurrencies function. You can also learn fingerprinting and blockchain logic using the Linux command line and OpenSSL utility.
DNS is a widely used phonebook system on the Internet. It is used simply to query the IP address associated with a humanly readable and memorizable name. But it is a lot more than that as this article explains. If you have not yet read our previous article do so here: DNS and its Security Implications. In this blog we will talk about DNS from an Email Security perspective.
*Don't have R installed yet? Read my previous article to learn how: Statistical Computing: Installing R and RStudio
Picture this - you are coming from a database background and getting into the world of IT monitoring or administration. While you are newly warming up to the Linux command line, you have to deal with Windows and Mac machines in your network. Add to that a bunch of Linux servers in your company’s data center.
As a systems administrator, how can you monitor each system’s health, disk space, and metrics? Unfortunately, learning the tools for each OS can be a drag. Many cloud companies offer their dashboard, and those can be helpful, but what about the physical machines in your network? How do you monitor them?
You will need some kind of instrumentation to monitor and take action based on the situation. With big data and high-speed networks and plenty of video-rich accesses, even the terabyte disks can fill up quickly, and you need to take stock of disk overruns, memory, CPU, and network usage. Or in the cybersecurity world, you need to monitor any suspicious activity on your company’s systems.