Four reasons to use NetFlow for security detection
Flow, sometimes referred to as NetFlow, but can be other formats as well, is a small summary for network traffic. While there are tons of articles around using Flow for security detection, I want to really highlight some of the key aspects I’ve seen while working with Flow. Since it has been around for some time, originally developed around 1990 by Cisco, it is a tried and true method. Flow predates Snort and other packet inspection type programs, making it one of the older security detection technologies. It is, however, still a very valid method for security detection.
Flow is often over looked in favor of newer technologies for security detection, or even used for other purposes. While several vendors and technology platforms perform Flow collection, most are focused on link utilization, usage and for discovering what data is moving around where. There are only a handful of vendors who use Flow for security detection. These vendors focus on statistical outliers and... read more >
Not too long ago, I was tasked with performing an Application Security Assessment while on-site at a client location. I had worked with this client before, and was eager to see how they had matured their applications over the past couple years. Originally, I had performed an Application Security Assessment on an older version of the application and I was curious to see the direction they went with the new version of the application.
As I began my normal testing routine, I quickly realized this particular application was built on top of the Google Web Toolkit (GWT) and most of the responses were JSON formatted. Seeing this, I knew this would be a tough nut to crack as both GWT and JSON were built with security in mind.
At the start of this assessment, I decided to start with a quick walkthrough of the application. While my intercepting proxy tool spidered each... read more >
5 Basic Rules to Build an Effective Security Awareness Program
Your company is not full of Spartan warriors.
How good is your history? The Battle of Thermopylae, also known as “The Hot Gates,” was fought in 480 B.C. as part of a war between the Greeks and the Persians. The battle is often put in the context that 300 Spartans held off a huge Persian army. In reality, the 300 Spartans were not alone during the battle. Alongside of them fought Athenians, Thebes, Thespians, and a variety of other united Greek forces. All told, until the last day or so, the Greeks had a force of between 7,000 and 10,000 soldiers at Thermopylae.
The key difference here being the kind of soldiers they were. Spartan warriors were bred as warriors. They were trained from the age of about seven years old in the ways of war. They were taught how to use weapons, how to identify the attacks of their enemy, how to identify the weaknesses of their enemy, and how to rely on their fellow soldiers. They were professional soldiers. The Athenians,... read more >
National Cyber Security Awareness Month: Week Two
The second week of National Cyber Security Awareness Month (NCSAM) focuses on the theme “Creating a Culture of Cybersecurity at Work.” The theme focuses on the need for businesses and their employees to make security a priority.
The main underlining message for this week is that security culture needs to start at the top, period. As the Solutionary Director of Compliance, Eliot Irons, states, “If the board, executives and management are not prioritizing security or not respecting the security team’s mission to protect assets, it will breed low morale, low resource allocation and low results which impacts many things within an organization’s security program and security policies. The technology threats are easy to counter, if there is a will to do it.” With the volume of large-scale breaches since 2013, boards of directors and C-level... read more >
Reminders of Important Cybersecurity Basics
During this first week of National Cyber Security Awareness Month (NCSAM), the theme is STOP. THINK. CONNECT.™ This year marks the fifth anniversary of this global cybersecurity awareness campaign to help all digital citizens stay safer and more secure online. A coalition of private companies, non-profits and government organizations, with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG), developed STOP. THINK. CONNECT. to provide a unified message for online safety. The STOP. THINK. CONNECT. website contains a large number of resources targeted toward different groups, from kids to senior citizens, businesspersons to business owners, to help everyone become more... read more >
Celebrate NCSAM with Solutionary!
October is National Cyber Security Awareness Month (NCSAM). NCSAM raises awareness about cybersecurity and reminds friends, co-workers and family to stay safe online – meaning creating complex passwords, being aware of phishing and social engineering attacks, not clicking on unknown links, and using reasonable precautions when online. It’s also a time to review your cybersecurity policies, assess your security preparedness and educate your employees about their cybersecurity responsibilities. The National Cyber Security Alliance (NCSA) makes some suggestions on how business owners can enhance their cybersecurity in a minute, hour, day and month. For others wanting to get involved, make sure to look at what NCSA suggests for... read more >
Enterprise threat intelligence certainly is popular, but are enterprises getting all the value they want from their efforts? Not nearly enough. Consider a Ponemon Institute survey from early this year that found 80 percent of those surveyed (who also suffered a breach) believed that threat intelligence could have either prevented or at least minimized the impact of the attack. Yet, only 9 percent of those who are currently doing threat intelligence believe that the accuracy of their intelligence is “very reliable.” Nonetheless, 45 percent of those surveyed reported that they plan on increasing the amount that they currently spend on their threat intelligence activities.
With the majority of enterprises saying that they understand the value threat intelligence can provide – and nearly half actually setting plans... read more >