SomeClown

Guess what accounts were compromised in the Anthem hacks? IT administrators with access to the database in question.

True, and I can see that, but I assume you have strong internal processes to protect your own network. What a customer may or may not do is on them, of course. I'm guessing you see some interesting things out there...

Traditional security models always shift, and we always have to try to stay a step ahead of the threat vectors. The problem is, besides budget as others have pointed out, that a lot of people slap up firewalls and IDS/IPS appliances--maybe with some monitoring--and call it good. Doing the same thing we've always done, and…

Yeah, the last stats I saw were that 76% of all hacks were due to weak or stolen passwords. The inside/outside metrics are a little misleading because most hacks are initiated from outside actors, but originate from inside the system in the sense that inside users were tricked or compromised somehow. Fastest way to "own" a…

Ha!

It's a double-edged sword for sure. On the one hand awareness is great, but on the other we become numb to it. I mean, how many times has Sony been hacked now? Does anybody care any more?

Hence a twist on the saying in my original article: "There are two kinds of companies: those who have been hacked, and those who don't know they've been hacked."

For what it's worth, that range appears to be owned by an ISP out of Denver named Broadstripe.

To be honest I don't worry a whole lot about credit card fraud as a personal matter. I worry about it on a macro level, but because of insurance, the ability to easily fix minor fraud issues, etc., I'm not as freaked out as some people. What I worry about is what I've got teed up for my next post which is true, full blown…

I think it's because in a lot of cases the network/security teams are viewed more as plumbing. The app teams have products that are more top of mind to the user community, so they get the maintenance windows they need more readily. That also comes down to leadership, though.

That is not uncommon at all, especially in the SMB space. Most people I've talked to don't even know who they'd call if they suspected a hack.

I think that as more people wake up, micro-segmentation is going to see broader adoption than it has hereto. That's only another defense mechanism, of course... as someone else mentioned, you have to keep adapting to new threats.

Glad to hear it was topical.

In all honesty, past a moment or two of sheer puckering panic, they probably did report the hack immediately after it was discovered. The problem is, the attackers were probably in the system for months before they were discovered. An entire database of 80 million users' personal information can't be sucked out unnoticed…

Good tips for sure. We've thought about moving the web front-end for a while now... just haven't gotten to it yet. 

Yeah, disk I/O on the database servers is always a big performance bottleneck/opportunity. My Oracle DBA and I work together on a lot of these same issues (moving certain mounts to certain disk arrays, etc.) to squeeze as much performance as possible out of the databases. I haven't spent as much time as I'd like on the SQL…