ELMO for Incident Response

Find out how ELMO can assist with a live incident response situation

John Moran

February 02, 2017 - Posted by John Moran to Security Insight

In most incident response situations, it is necessary to collect some form of volatile data. While disk forensics continue to play a role in incident response, we know that the tactics of today’s adversaries require different methods from incident responders. One of those tactics is live forensics to capture volatile data.

Much like traditional “dead box” forensics, most investigators will agree that no single tool can meet the needs of every investigation. Instead, investigators commonly use multiple tools to gather information based on the needs of the investigation. Some examples are memory acquisition, running processes, network connections and open file handles.

Running these tools in a Windows environment is most often achieved by scripting multiple tools through the use of a batch file. This achieves several goals. First, it allows the investigator to execute a single file, which will run multiple tools. Second, it ensures that all tools are... read more >

Taking Security Back to the Basics

Working from a strong foundation is the key to a successful security program

John Moran

December 01, 2016 - Posted by John Moran to Security Insight

Cyber Attacks ahead

When a major security vulnerability is disclosed, everyone stops what they are doing and takes notice, especially when that vulnerability comes with its own logo. Now don’t get me wrong, newly disclosed vulnerabilities are important. They provide exciting opportunities for researchers and they do, if only temporarily, focus management’s attention on the often overlooked information security. 

Don’t worry, this isn’t another blog about the pros and cons of vulnerability hype. Instead, I’d like to focus on the importance of keeping one eye on the basics, while the other is scrolling through the Twitter feed for the next upcoming disclosure. Because all too often, it is not the latest security vulnerability, but a failure to properly secure and deploy systems that is the root cause of a costly network breach.

Below are several recommendations to help keep your network more secure, and your company safe from new vulnerabilities (or old... read more >

One-off Log Analysis with ELK

How to Use ELK to Solve Your One-off Log Analysis Problems

John Moran

June 23, 2016 - Posted by John Moran to Security Insight

Log Analysis

Performing log analysis with divergent data sets can be the stuff nightmares are made of. If you are lucky, your organization may have only a few dozen different log types throughout your environment. If you perform log analysis as a service, forget about it. There are many fantastic log management solutions on the market today, including our own ActiveGuard service. These solutions have robust log collection, analysis, and search capability. For a comprehensive, enterprise log analysis solution they are ideal, however they require substantial implementation and tuning for your specific environment and are intended for long term log aggregation and monitoring. 

It is not always feasible to stand up one of these solutions on short notice or for a one-off project.

So where does that leave you? Manual log normalization and analysis? Manual techniques do have their... read more >

Incident Response Checklists

Understanding the Importance of Checklists

John Moran

March 29, 2016 - Posted by John Moran to Security Insight

Checklist

Whether required by industry regulations or simply implemented as part of a solid incident response program, most organizations have at least a rudimentary incident response policy in place. A carefully crafted policy lays a foundation for the entire program. This policy, however, should be viewed as the jumping off point, not the end game. A successful incident response program needs to be supported, and not just by a few policies, but by procedures, checklists, people, training and tools.

An essential part of every incident response program is a checklist. Using procedures as a guide, checklists should provide direction for those who will be carrying out the tasks. Perhaps because they are the last step in the process, or perhaps because of their need for frequent updates, incident response checklists are often overlooked, underutilized, or at best, outdated.

Responding to a security incident can be stressful and chaotic. Well-designed checklists can supplement a... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)

LATEST TWEETS