Community Posts

The most recent content from our members.

Recent Posts

There is No New Thing Under the Sun. What about BYOD?
Meanwhile, today’s security teams are grappling with the “any-to-any problem”: how to secure any user, on any device, located anywhere, accessing any application or resource. The BYOD trend only complicates these efforts. It’s difficult to manage all of these types of equipment, especially with a limited IT budget. In a…
DDoS Botnets - A Precursor to Skynet?
In my previous two posts, DDoS and The Broken Internet and The Internet of Hacked Things, we discussed how there are some critical flaws in key services and internet infrastructure that easily allow attackers to cripple large portions of the internet, as well as highlighting how IoT is really the Internet of Vulnerable…
The Two Faces of NetFlow
Enabling NetFlow will give you some insight on what your network actually carries -- Nicolas Fischbach in Black Hat conference Even though we discuss NetFlow in this article, the content also applies to other flow technologies: J-Flow, sFlow, NetStream, etc. In the discussion of my first June Ambassador blog post The Cost…
Using AWK and SED for viewing logs
When saving logs I like to have as verbose data as possible to be stored. However when viewing a log I may only be looking at specific parts of that log. Another concern is if I need to give my logs to a third party and I don't want to reveal certain information to that 3rd party. I'll go over a couple of things that I use…
Blinding the All-Seeing Eye
When implementing a SIEM infrastructure, we’re very careful to inventory all of the possible vectors of attack for our critical systems, but how carefully do we consider the SIEM itself and its logging mechanisms in that list? For routine intrusions, this isn’t really a consideration. The average individual doesn’t…
Looking for SIEM Love in Some of the Wrong Places?
Good morning, Thwack! I'm Jody Lemoine. I'm a network architect specializing in the small and mid-market space... and for December 2014, I'm also a Thwack Ambassador. While researching the ideal sweet spot for SIEM log sources, I found myself wondering where and how far one should go for an effective analysis. I've seen…
Log time lengths
How long do you keep your logs for? The answer can vary wildly depending on the industry you work for. As an example, most VPN providers specifically note that they do not hold logs, so even if a government requested certain logs, they would not have them. The logs they don’t keep are likely to be only user access logs.…
The Cost of InfoSec Stewardship
"Five billion years and it still comes down to money." -- The Doctor Hello Thwack, this is Gideon Tam again! I was one of the Thwack Ambassadors for the month of January, 2014. Back in January we had great discussions and comments on the topics of the Log & Event Management in the General Security & Compliance area. If you…
Winning The Loser's Game of Information Security, Personal Edition
"If you know both yourself and your enemy, you can win a hundred battles without jeopardy." -- Sun Tzu, The Art of War Hi there! The past few weeks, as the Thwack Ambassador, I have enjoyed sharing the information security topics that interest me and getting great interactions with you. I have learned a lot from your…
Security Strategy Without Tears
Security management and response systems are often high-profile investments that occur only when the impact of IT threats to the business are fully appreciated by management. At least in the small and midmarket space, this understanding only rarely happens before the pain of a security breach, and even then enlightenment…

Welcome!

It looks like you're new here. Sign in or register to get started.