You are viewing 'security monitoring'
Recently, I read an article in SANS News Bytes about the Stegano malvertising campaign that was discovered by ESET Research. Instead of discussing this campaign in great detail, which ESET has already done, I am going to focus this blog on what you can do when information about a new malicious campaign becomes public.
One of the SANS News Bytes editors, Gal Shpantzer, recommended looking for the attack’s domain names in DNS logs. Most organizations do not retain their DNS traffic, but these can be a valuable source of information. In a corporate environment, having a historical record of traffic that traversed your network can aid in threat hunting, especially as new intelligence is made public. A SIEM is a... read more >
Why human analysis is so important
Lately, there has been significant discussion comparing log analytics to human observation for monitoring events and alerts created by security devices. Determining how and when to use which method (analytics or human) is critical to understanding the root cause behind any given analytical issue. Notifications from devices often need a professional human evaluation to correctly analyze the data and put it into the right context. This can be monotonous and time consuming for the engineers and/or analysts who are looking at the different alerts to determine legitimacy. This ultimately creates a significant dilemma for IT organizations on how to properly handle automation issues — should they use log analytics to save time, or continue with the more thorough but tedious human observation?
To solve this issue, let’s begin by putting the problem in context. Log analytics is used to autonomously monitor a device or devices by utilizing a set... read more >
A rise in cyber extortion causes OCC and FFIEC to issue an alert
Two weeks ago today, on November 3, the Office of the Comptroller of the Currency (OCC) passed on a warning issued by the Federal Financial Institutions Examinations Council (FFIEC). The warning was essentially issued to the financial community, but applies to pretty much any business. The notice warns of cyber attacks, which include extortion, and points out that the FFIEC has seen in increase in both the frequency and quality of those attacks.
Without context, warning about “extortion” is pretty broad. The OCC notice is related to an FFIEC press release issued on November 3 of this year.
Ultimately, this extortion refers to holding some part of the target organization for ransom. These extortion attempts have typically come in the following scenarios:
- The attacker demands payment to have the attacker stop from proceeding with a denial of service (DoS) attack on the...
Four reasons to use NetFlow for security detection
Flow, sometimes referred to as NetFlow, but can be other formats as well, is a small summary for network traffic. While there are tons of articles around using Flow for security detection, I want to really highlight some of the key aspects I’ve seen while working with Flow. Since it has been around for some time, originally developed around 1990 by Cisco, it is a tried and true method. Flow predates Snort and other packet inspection type programs, making it one of the older security detection technologies. It is, however, still a very valid method for security detection.
Flow is often over looked in favor of newer technologies for security detection, or even used for other purposes. While several vendors and technology platforms perform Flow collection, most are focused on link utilization, usage and for discovering what data is moving around where. There are only a handful of vendors who use Flow for security detection. These vendors focus on statistical outliers and... read more >
How hackers gain access to POS systems in retail and restaurants
Solutionary Security Consulting Services (SCS) performs security assessments against a wide variety of architectures. This can encompass both hardware and software. Recently, we assessed two point-of-sale (POS) systems for clients in different industries – Retail and Restaurants. POS systems are the latest and greatest hacking target taking place around the nation. In the last couple of years, we’ve read a lot about big organizations being hacked and credit card information stolen. In these instances, terminals from the POS machines were compromised and they provided confidential financial information to data thieves.
Even though these major hacking events have been publicized, credit cards are still being swiped throughout the day at grocery stores, department stores and restaurants. Without any concern, consumers hand over credit cards or debit cards to... read more >