Security Monitoring and Logging

If you really need to work on this topic, I suggest you read the book of Anton Chuvakin – Logging and Log Management: The Authoritative Guide to Understanding the Concepts Surrounding Logging and Log Management. It has helped me tremendously in several projects and I would like to pass on the fact that it is … Read more

Control the Insider Threat

There is a sea of products and services on the market offering the same with different names – essentially you would be interested to detect intrusions shortly after their occurrence (it is inevitable) – no matter if they are external or internal. Please remember the statistics – the majority of incidents happen with the help … Read more

Cyber Incident Response

If your company is like most, you consider a cyber security incident to be such only if ‘you get hacked’ – whatever this magic term means, or if a major mass infection occurs in your network. But if you really look into what is going on in your IT environment you might find one or … Read more

Smoke and Mirrors

Or the art of active defense and enemy disorientation “You can ensure the safety of your defense if you only hold positions that cannot be attacked. Hence that general is skillful in attack whose opponent does not know what to defend; and he is skillful in defense whose opponent does not know what to attack.” … Read more

Man in the browser attack mitigation

Malware such as Neverquest, Zeus or GameOver Zeus is getting more aggressive every day and the stealth way it steals money makes it even more dangerous. The methods used by Neverquest and similar MITB (man-in-the-browser) attacks are described in the following video: and at the following Wikipedia page: In short: by obtaining full control … Read more

Data Loss Incidents: preparation and response

Business operations may and usually do depend on maintaining control over critical information. You may, however, lose control over this information (whether it would be lost, deleted, stolen, published, etc) – in this case you may need to respond to a security incident. Even though you should be concerned about potentially malicious hackers breaking through … Read more

Explaining APT in a simple language

APT is the new INFOSEC marketing term – every other company / service / product is offering ‘protection from Advanced Persistent Threats” – without even explaining what the term means. Probably because if they do explain, you will lose any interest in their products? APT is not about what – code, viruses, malware, spyware or … Read more

Most commonly used passwords and their implications

How secure is your password? Do you think someone might already know it? Do you know how much time it would take to guess / bruteforce your password? Most password complexity rules and tools tell you that if your password is complex, it is secure. WRONG! If it exists anywhere online, you can consider it … Read more

ABC’s of Information Security

A – Assets – Something of value requiring protection (hardware, software, data, reputation) B – Backup – The three most important safeguards – backup, backup, backup C – Countermeasures and Controls – Prevent, detect, and recover from security incidents D – DAA and Other Officials – Manage and accept risk and authorize the system to … Read more