While open-source honeypots have been around for a while (e.g., conpot, t-pot, honeyd) commercial honeypots are now coming to realization.
Examples include Cymmetria's MazeRunner (https://www.cymmetria.com/), Illusive Networks (https://www.illusivenetworks.com/deceptions-everywhere), or Ridgeback's Deception Platform (http://www.ridgebacknet.com/).
Sunday, July 31, 2016
Wednesday, July 27, 2016
SIEM Deployments Does Not Equal Threat Intelligence
Just because an org has deployed a SIEM or uses a SIEM service from a MSSP / SOC vendor does not mean that threat intelligence (TI) has been implemented.
As articulated below, TI is at the next level compared to log aggregation and correlation.
https://securityintelligence.com/how-stix-taxii-and-cybox-can-help-with-standardizing-threat-information/
As always, budget, available resources, technical skill-sets, industry, and jurisdiction will all be factors in the feasibility of onboarding a TI program.
As articulated below, TI is at the next level compared to log aggregation and correlation.
https://securityintelligence.com/how-stix-taxii-and-cybox-can-help-with-standardizing-threat-information/
As always, budget, available resources, technical skill-sets, industry, and jurisdiction will all be factors in the feasibility of onboarding a TI program.
Tuesday, July 26, 2016
SPF, DMARC, or both?
Most orgs have email filtering in the way of sender policy framework (SPF: http://www.openspf.org/), though some seem to omit the use of domain-based message authentication reporting and conformance (DMARC: https://dmarc.org/).
While a belt and suspenders approach may not fit all budgets, in the wake of email-based malware, it may behoove orgs to use both...
While a belt and suspenders approach may not fit all budgets, in the wake of email-based malware, it may behoove orgs to use both...
Cloud, CMDB, CI, & DevSecOps
AWS is changing the game w/ real thought leadership on CMDB, CI, & DevSecOps w/ rolling out: AWS Config, CodeCommit, & CodeDeploy.
Now, the question is how great do these services sync w/ on-premise solutions? Jenkins, sure. Local CMDB, probably not...
Also, will Microsoft (Azure) play catch-up? Yes, they have Openness, though it really doesn't support organic services.
To be continued...
Now, the question is how great do these services sync w/ on-premise solutions? Jenkins, sure. Local CMDB, probably not...
Also, will Microsoft (Azure) play catch-up? Yes, they have Openness, though it really doesn't support organic services.
To be continued...
Tuesday, July 19, 2016
NextGen InfoSec Acronym Soup: IPS, ATP, SIEM, CTD, & UEBA
Gartner released some guidance about next generation InfoSec tools and the acronym UEBA caught the eye.
User and entity behavioral analytics (UEBA) look to tie some usual suspects (e.g., IPS, SIEM) with quasi-new kids (i.e., advanced threat protection: ATP). This new paradigm is also referred to as cyber threat defense (CTD) by vendors like Cisco.
Watch for newcomers like Cylance and Alert Logic to expand on UEBA for on and off premise solutions in the near future.
http://www.gartner.com/newsroom/id/3347717
http://www.cisco.com/c/dam/en/us/td/docs/security/network_security/ctd/ctd2-0/design_guides/ctd_2-0_cvd_guide_jul15.pdf
User and entity behavioral analytics (UEBA) look to tie some usual suspects (e.g., IPS, SIEM) with quasi-new kids (i.e., advanced threat protection: ATP). This new paradigm is also referred to as cyber threat defense (CTD) by vendors like Cisco.
Watch for newcomers like Cylance and Alert Logic to expand on UEBA for on and off premise solutions in the near future.
http://www.gartner.com/newsroom/id/3347717
http://www.cisco.com/c/dam/en/us/td/docs/security/network_security/ctd/ctd2-0/design_guides/ctd_2-0_cvd_guide_jul15.pdf
Monday, July 18, 2016
Pokemon GO: Privacy Tracking
Kudos for Pokémon GO's success!
However, please educate your professional and social circles on the security and / or privacy ramifications to this latest fad. Here is some thought leadership:
http://www.csoonline.com/article/3095878/security-awareness/pokemon-go-what-security-awareness-programs-should-be-doing-now.html
However, please educate your professional and social circles on the security and / or privacy ramifications to this latest fad. Here is some thought leadership:
http://www.csoonline.com/article/3095878/security-awareness/pokemon-go-what-security-awareness-programs-should-be-doing-now.html
Subscribe to:
Posts (Atom)