One-off Log Analysis with ELK

How to Use ELK to Solve Your One-off Log Analysis Problems

John Moran

June 23, 2016 - Posted by John Moran to Security Insight

Log Analysis

Performing log analysis with divergent data sets can be the stuff nightmares are made of. If you are lucky, your organization may have only a few dozen different log types throughout your environment. If you perform log analysis as a service, forget about it. There are many fantastic log management solutions on the market today, including our own ActiveGuard service. These solutions have robust log collection, analysis, and search capability. For a comprehensive, enterprise log analysis solution they are ideal, however they require substantial implementation and tuning for your specific environment and are intended for long term log aggregation and monitoring. 

It is not always feasible to stand up one of these solutions on short notice or for a one-off project.

So where does that leave you? Manual log normalization and analysis? Manual techniques do have their... read more >

Server Victimology

Understanding the How and Why Ransomware Targets are Identified and Pursued

Ramece Cave

June 16, 2016 - Posted by Ramece Cave to Security Insight

Server Victimology - What Makes a Server a Target?

Welcome back to our discussion about the Second Victim. You’ll recall that these are the unknown victims in a ransomware campaign. These are the servers used to deliver a message or accept payment, completely under someone else’s control and all without your knowledge. Today we are exploring some of the aspects that elevates a server from unknown, to target, and finally a victim. Whether its contents are being held for ransom, or they are a pawn in the actor’s nefarious game.

A researcher that I follow recently issued a “Heads Up” warning that new ransomware is targeting servers. At the time of the reporting there were at least 400 affected servers. After doing some digging, I confirmed that at least 40 servers are victims of ransomware and at least two dozen others may be affected, but are taking steps to remediate the problem. But how did this happen? What was it about these servers that made them vulnerable? Plagued by these questions, I... read more >

Top Ten Ways to Fight Ransomware with Backups

Your Backup Strategy Can Minimize the Risk

Bob Bybee

June 09, 2016 - Posted by Bob Bybee to Security Insight

Ransomware Note

Ransomware is grabbing a lot of security news headlines these days, not necessarily because it’s worse than other types of malware, but perhaps because it’s more annoying. Older malware might simply have erased your hard drive.  Ransomware encrypts it, saying “your data is still here, but you can’t have it.” To add insult to injury, it then tells you to pay a ransom “or else.”

Of course, paying the ransom is no guarantee that your data will be recovered. Once a system is infected with ransomware, there is no sure way to recover all of the data. But a robust backup strategy can get you most of the way back, and that’s a lot better than nothing. It’s hard to believe that large organizations or government offices have been caught without adequate backups, but it has happened to hospital groups, law firms, police departments, and even NASA (see links at the end of this... read more >

Debit Card Fraud - A Look at Personal Cyber Security Risk

#WarStoryWednesday

Chad Kahl

June 08, 2016 - Posted by Chad Kahl to Security Insight

Debit Card Fraud

The most important weapon in your arsenal will be your ability to adapt.
-Batman (Bruce Wayne): Batman and Robin V1 #24

I LOVE to research things. Unfortunately, that constant drive to learn also results in a (perhaps not so) healthy level of paranoia. To that end, I take every precaution a security advisor can with their data while still functioning normally in an advanced society, much less a technical career. Because I also advise those in my life to do the same; I am the “go to guy” whenever anything technical happens to them.

Recently, one of these situations occurred. Someone near to me (Let’s call him Alfred) was following a common piece of guidance, “Frequently check online account statuses,” a few hours before taking his family on a multi-state road trip. Much to his surprise, he discovered 59 transactions with matching international fees, all under $3.00.

... read more >

The Risk of Wearable Tech

A Cyber Security Risk on Your Wrist?

Jacob Faires

June 02, 2016 - Posted by Jacob Faires to Security Insight

Rise of Wearable Tech Technology has come a long way in the last decade.

Smartphones in the ‘90s, outside of Nokia’s N series, weren’t even a thing. Wearable devices were a leftover trend from ‘80s cyberpunk. Images resembling those depicted in Snow Crash and Neuromancer were things of the imagination, but are now becoming part of daily life. “Goggling in” referenced in Snow Crash is a reality made possible by the new rise in virtual reality products like the HTC Vive and Oculus Rift. People are already carrying around what essentially amounts... read more >

Hibernation and Page File Analysis

Not All Is Lost When You Lose Your Memory

Jeremy Scott

May 26, 2016 - Posted by Jeremy Scott to Security Insight

Computer Forensics

Some time ago I wrote a blog, Memory: It’s What’s for Dinner, about the importance of capturing volatile data and memory analysis. I also provided an intro for memory analysis in Hunting Malware with Memory Analysis and More Memory Fun. What happens if you are not able to grab memory? Obviously, a full memory capture of the suspect system will give you the best chance at recovering volatile information from the system but if you can’t, not all is lost.

Hibernation and page files contain data that can help put the pieces of the puzzle back together. The hibernation... read more >

eSymposium: Privacy and Security

Zach Holt

May 19, 2016 - Posted by Zach Holt to

Privacy and Security

These days, it’s difficult to discuss security without mentioning privacy. As the amount of data being collected on everything from social media to advertising to medical records shows no signs of stopping, commercial entities and malicious actors alike increasingly look to these information gold mines as sources of data ripe for the taking. The use of this information can be leveraged in a number of ways, from simple customer demographics to highly targeted advertising campaigns, or even something more malicious. After all, wouldn’t a mailing list of recently hacked retailers make for some potentially vulnerable users?

After pondering on that thought for a moment, it may come as no surprise that the average user is becoming increasingly concerned about their privacy. A recent study by the... read more >

<< Newer Entries | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Older Entries >>

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS