You are viewing 'log monitoring'
Around the holidays, fellow Solutionary Minds blogger Rob Kraus and I like to have little fun with our blogs. Last year, we came up with “The Top Eight Holiday Songs of IT Security.”
This year, we’re sticking with the holiday song theme, but came up with our take on the holiday classic “12 Days of Christmas” called The MSSP 12 Days of Christmas.
On the first day of Christmas, a malicious actor gave to me Heartbleed exploit code.
On the second day of Christmas, a malicious actor gave to me 2 DOS attacks.
On the third day of Christmas, a malicious actor gave to me 3 pastebin dumps.
On the fourth day of Christmas, a malicious actor gave to me 4... read more >
Security Jobs, MSSPs and the Wisdom of Yoda
A long time ago, in a galaxy far far away… No. Wait. This is not a fairy tale or even a blog about the highly-anticipated new J.J. Abrams Star Wars: Episode VII movie. As much fun as that would be (as I’ve said before, I’m a bit of a Star Wars geek), this is still a blog about information security and an issue impacting many organizations – the information security talent crunch.
If this is not the blog you are looking for, I apologize.
Never Tell Me the Odds: Hiring and Retaining Security Talent
Hiring and retaining information security talent is a serious challenge. There are simply not enough experienced, qualified security practitioners to fill the demand. I was astonished at the number of vendors at a recent security conference with “We're Hiring” signs in their booths.... read more >
Was Heartbleed at the Heart of This Health Care Breach?
Community Health Systems (CHS), a publically-held company operating 206 hospitals in 29 states, recently announced in an 8-K filing that it has become one of the latest victims of a major data breach. The filing revealed that the attack most likely occurred in April and June of 2014, compromising approximately 4.5 million records. This number surpasses the previous health care data breach record of 1.3 million records at the Montana Department of Public Health in May 2014.
While no credit card information was revealed, the attackers did gain access to non-medical personal health information (PHI) that included “patient names, addresses, birthdates, telephone... read more >
A Top 10 List for Securing the Internet of Things
The “Internet of Things” or "IoT" is a phrase that describes all possible devices that will interact with one another via digital communications. When you think of possible devices, consider all that have become digital, and not just the obvious choices.
Automobiles are now using computerized components, allowing for better diagnostics and performance. Medical facilities have transitioned from basic pacemakers to digital pacemakers with monitoring capabilities. Technology has also revolutionized the housing market with remote access features that can regulate thermostats, turn lights on or off and lock doors from mobile devices.
Collecting, Monitoring and Retaining Critical Log Data for Compliance
Are you considering a managed security services provider (MSSP) as a part of your security management program?
If so, you probably have a good idea of how systems and application event logs can detect problems and provide valuable information about what is happening in your environment.
When log generation is configured correctly, and logs are properly used, the data can be the canary in the coal mine that alerts you to danger; the shining path you can follow, showing you where an attacker has been and the damage created. The data can serve as evidence, sometimes giving you a warm feeling of satisfaction that a problem has been solved or the realization that a villain has met justice. Beyond that, these logs can be an important part of meeting regulatory and compliance standards.
Discussion about... read more >