True Threat Intelligence Finds What’s Related to You

I know it was you, Fredo…Intelligence is a Gangsta.

Cherine Abdalla

March 26, 2015 - Posted by Cherine Abdalla to Security Insight

threat intelligence

If you haven’t seen The Godfather: Part II, and you know who you are (I’m silently shakin’ my head at you), stop now – rent the movie, sit down, sit back, watch and learn something. 

For the rest of you (spoiler alert!), how did Michael Corleone know that his brother, Fredo, betrayed him to Johnny Ola and Hyman Roth and was responsible for the attempted hit on his compound? 

Intelligence, my friends.

Now, I’m a true intel girl, right? That’s my background. So, a few months back I’m talkin’ to some IT manager types. One guy says to me, “I don’t want to hear anything about intelligence, I already know all about it. Look, I don’t see how Targeted Threat Intelligence is going to help me. I just want you to tell me who they are (the baddies) and why they are targeting me.” Yeah, you read that right - non... read more >

Lobby Security and Beyond – Week 2 of 7

Implementing a Security Desk

Brad Curtis

March 24, 2015 - Posted by Brad Curtis to Security Insight

Solutionary Front Desk

Last week’s post, Lobby Security and Beyond – Week 1 of 7: Getting Started and Assessing Risk, provided an overview on how to approach lobby security using a risk-based methodology (determining likelihood and impact of various threats). This week’s post covers implementation of a Security desk at your facility. 

Overview

A functional security desk can be a difficult endeavor for any business and not be appropriate or required for all organizations. It can be especially difficult in multi-tenant facilities where the property owner or other tenants may already operate a security desk. We will focus strictly on the single-tenant business scenario throughout this article.

The security desk should be in an enclosed area to give the appearance of a physical barrier not just between guests and those working behind the desk, but also between the lobby and the rest of the facility.... read more >

OpenSSL Update Release or: How I Learned to Stop Worrying and Love The Patch

Chad Kahl

March 19, 2015 - Posted by Chad Kahl to Security Insight

Here's the Cliff's Notes version of this week's announcement from the OpenSSL Project:

  1. Information that OpenSSL is releasing patches for high severity vulnerability
  2. The Internet "OH NO THE INTERNET IS COMING TO AN END!"
  3. Patches released
  4. It wasn't a big deal

Here's the extended version:

Early this week, information came out that the OpenSSL Project was going to release patches for a "high severity" vulnerability, along with multiple others. Of course, at the time, there were no additional details. Cue the Internet, in usual form, expounding how this was going to be the next Heartbleed.

"Well, I've been to one world fair, a picnic, and a rodeo, and that's the stupidest thing I ever heard come over a set of earphones. You sure you got today's codes?" Major T.J. "King" Kong

The logical side, on the other hand, figured out that there isn't much we could do until there was actual information available.... read more >

Lobby Security and Beyond – Week One of Seven

Getting Started and Assessing Risk

Brad Curtis

March 17, 2015 - Posted by Brad Curtis to Security Insight

Lobby Security Desk

In the past, I’ve had a tendency to write very verbose posts that end up tediously long. I can’t change that. I’m detail-oriented, and admit I’m a bit (a lot) anal retentive. For this blog, I’m going to try something new. Rather than release a 4,800-word blog, I’m going to break it out into a series of weekly posts for seven consecutive weeks. This is week one.

In an effort to expand on my previous physical security-related blogs (e.g., A Quick Physical Security Checklist, Physical Security – Is enough really too much?,  and  Why Not Improve Physical Security Controls at Schools?), this one will address lobby security and a few other related items.

Overview

I will not be addressing retail businesses, as each... read more >

Short URL Security for Mobile Devices

Derek Weakley

March 14, 2015 - Posted by Derek Weakley to Security Insight

Short URL Security Blog

Short URLs, like this one to our blog http://mcaf.ee/h2srz, are everywhere and seemingly unavoidable. You have likely crossed paths with a short URL and had the same feeling everyone should have: “I sure hope this isn’t malicious!” Many sites like LinkedIn and Twitter will automatically shorten URLs using their own service. You may already be aware of many of the sites that provide shortened URLs such as: bit.ly, tiny.cc, ow.ly, lnkd.in, goo.gl, t.co, y.ahoo.it, and fb.me. These vanity URLs are causing some very real problems in the security industry. 

For years, we have been teaching employees [and our families] to check the URL before clicking a link. Generally we have achieved this by hovering over the URL, looking at mouseover details, viewing the source of the page, and copying/pasting the link location into a text file.

But what are we to do in this... read more >

Spring Cleaning - Infosec Style

Bernie Lambrecht

March 05, 2015 - Posted by Bernie Lambrecht to Security Insight

Spring Cleaning

March is finally here. It’s time to (hopefully) say “goodbye” to all the snow and “hello” to all the birds and pretty flowers, along with all the allergies they bring.

March is also a good time to do some spring cleaning. Open up your windows and air out your house. Shake out your rugs. Sweep up all that sand and other crud that the snowplow crews throw down when clearing your streets.

While you’re cleaning up and getting rid of stuff, you can also do the same thing with your information security, both at home and work. Here are a few tips on how to do it:

  • When clearing out unnecessary papers from your file cabinets or wallets/purses, make sure you don’t just throw them out. Shred any documents that have your Personally Identifiable Information (PII), like your bank and credit card statements, insurance mailings and old tax returns. You can purchase a personal shredder at any Target, Wal-Mart or office supply...
read more >

Internet Enumeration and Discovery

Know Your Network Footprint

Will Caput

March 03, 2015 - Posted by Will Caput to Security Insight

One of a company’s most important responsibilities is to know its network footprint. Many large corporations are compartmentalized, and different groups have different responsibilities that rarely overlap. It’s not uncommon for a company to have multiple class-C IP address ranges, along with third-party hosted websites, and not really realize they exist within the organization’s assets. Each business unit manages their part of the site or brand, and there is often very little collaboration across business units. And don't even mention uniform security standards. 

When the bad guys target a company, they do so from a holistic point of view. They enumerate company subsidiaries, find all the network ranges owned and hosted by the company and tailor attacks against the weakest links.

You might have an e-commerce site running on one IP which receives regular vulnerability scanning... read more >

1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 49 | 50 | 51 | 52 | 53 | 54 | 55 | 56 | 57 | 58 | 59 | 60 | 61 | 62 | 63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 74 | 75 | 76 | 77 | 78 | 79 | 80 | 81 | 82 | 83 | Older Entries >>

Voted Best Corporate Security Blog 2014
Solutionary is a leading managed security services provider. The Solutionary Minds blog is a place to learn about and discuss IT security and compliance topics.

Click here for the entire RSS feed.
Get the Solutionary Minds blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

Tags

LATEST TWEETS