What is threat hunting?

Posted by Craig Jorgensen on May 7, 2021 12:01:41 AM

The term threat hunting spawns different ideas and has different meanings for seemingly everyone you talk to. Understanding what threat hunting is will help you better equip your security teams to respond to alerts and mitigate risk. But is it basic triage of known indicators of compromise (IOC) in a proactive manner or some magical Jedi skill that only masters can summon and execute?

Read More

Topics: Cyber Security, cybersecurity, threat hunting, threat hunter

Top Challenges with Data Centralizing for Threat Investigations

Posted by Andrew Maloney on Apr 22, 2021 11:35:21 PM

Threat investigations are one of the most important tasks security analysts face today. To quantify the importance and complexity here are a couple of statistics from a recent IBM “Cost of a Data Breach Report 2020.”  According to the report, the average time to detect and contain a data breach caused by a malicious actor was 315 days. That's a long time. Additionally, we’ve all heard the saying that “time is money” well how about this? “Organizations that are able to contain a data breach in less than 200 days saved an average of $1.12 million compared to organizations that took more than 200 days to contain a breach,” that is pretty compelling.  

Read More

Topics: cybersecurity, incident response, Data Centralization, Centralizing Data

What is incident response?

Posted by Eric Parker on Apr 15, 2021 5:30:00 AM

 

Creating an incident response program and team is the core of any strong cybersecurity program. According to one 2020 report, 7 million data records are compromised every day. With a better understanding of incident response, you can mature your security posture to reduce data breach risks.

Read More

Topics: cybersecurity, incident response

Understanding Solarwinds, Microsoft Windows, VMware Attack of 2020

Posted by Craig Jorgensen on Mar 31, 2021 9:18:02 AM

An introduction of the supply chain attack caused in the Orion update protocol of the Solarwinds network management software suite of 2020.

Read More

Topics: Malware, cybersecurity, solarwinds

How to Monitor Endpoints Live with Osquery

Posted by Dhiraj Sharan on Nov 4, 2020 8:00:00 AM

Picture this - you are coming from a database background and getting into the world of IT monitoring or administration. While you are newly warming up to the Linux command line, you have to deal with Windows and Mac machines in your network. Add to that a bunch of Linux servers in your company’s data center.

As a systems administrator, how can you monitor each system’s health, disk space, and metrics? Unfortunately, learning the tools for each OS can be a drag. Many cloud companies offer their dashboard, and those can be helpful, but what about the physical machines in your network? How do you monitor them?

You will need some kind of instrumentation to monitor and take action based on the situation. With big data and high-speed networks and plenty of video-rich accesses, even the terabyte disks can fill up quickly, and you need to take stock of disk overruns, memory, CPU, and network usage. Or in the cybersecurity world, you need to monitor any suspicious activity on your company’s systems.

Read More

Topics: cybersecurity, Linux, OSQuery, SQL

How to Get Started With Tcpdump

Posted by Craig Jorgensen on Oct 7, 2020 8:00:00 AM

Introduction


We have all have heard of network analyzers or packet sniffers, Wireshark with its command-line counterpart Tshark, or tcpdump.

This article explores how Linux's command-line power, combined with the tcpdump lexical parser's filter expressions, can be used for some complex networking debugging. If you are bored at home in these COVID times, how about extracting the video of a video conference capture? (On a serious note, only do this for your video with the participants' permission.)

Read More

Topics: Cyber Security, cybersecurity, Network Security, tcpdump

The Crypto Magic Behind OpenSSL

Posted by Dhiraj Sharan on Sep 30, 2020 8:00:00 AM

We talked about introductory OpenSSL in a previous blog Dipping Our Toes into OpenSSL, that covered how it supports rich cryptographic-centric operations, which are needed for all sorts of things in the security domain and even outside of it. Today, let's take the next step and understand some of the crypto arithmetic behind it, without making the topic too complicated.

Photo by Vanna Phon on Unsplash

Read More

Topics: Cyber Security, cybersecurity, cryptography, openssl

DNS Security Implications

Posted by Craig Jorgensen on Sep 23, 2020 8:00:00 AM

DNS - Do Not think it's Simple

In our recent series of articles, we talked about network security-related tools and techniques one needs to be aware of to build a cybersecurity career. Next, we will cover DNS and its related security implications!

DNS, or Domain Name System, translates domain names to IP addresses, so your browser/s can find what you searched. DNS resolvers are usually stub resolvers, which means that the full DNS records lie elsewhere.

Read More

Topics: Cyber Security, cybersecurity, DNSSEC, DNS

Network Security with Zeek (Bro)

Posted by Craig Jorgensen on Aug 12, 2020 8:00:00 AM

Zeek the new Bro

Zeek is the new name for Bro that has been in existence since 1994. In this article, we will review the useful features of Zeek that make it a powerful tool for network analysis and security monitoring. Need a little more familiarity with Zeek? Check out our previous blog:  Bro: Security's Swiss Army Knife.

Read More

Topics: Cyber Security, cybersecurity, Bro, Zeek, Security Engineer

How to Use Netcat for Cybersecurity

Posted by Dhiraj Sharan on Aug 5, 2020 8:00:00 AM

To start a career as a security analyst, one must have a good understanding of the network and knowledge of networking tools. Let's begin with netcat.

Read More

Topics: Cyber Security, cybersecurity, netcat, Linux