Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
All-in-one networking solution that combines network connectivity, agility, security, and compliance in an affordable managed solution.
Accelerate business growth through our award-winning partner program.
November 02, 2015Many small businesses believe only the "big guys" will suffer a data breach. But did you know that 90% of data breaches impact small merchants?
October 26, 2015As data breaches occur more and more, it is no secret that the market needs more cybersecurity professionals. Here are a few statistics on the need to educate the next generation on pursuing cyber professional careers.
November 07, 2014So when you are a hacker and you write the most successful financial transaction hacking software in history, what do you do next? Well, if you are the makers of Backoff, you upgrade it.
December 07, 2015It’s the holiday season and for many that means shopping season! But it also means that theft increases, whether it is physical theft or cyber theft.
November 16, 20152015 has been a year of healthcare data breaches. But why are hackers going after healthcare records now?
October 19, 2015Technology keeps improving, as do hackers. Hackers have been around for years and years; from exploiting the vulnerabilities of telephone lines to penetrating big retail stores' networks. As hackers get smarter, so do we.
October 12, 2015Nearly 60% of businesses have experienced a breach in the last two years. Have you ever considered what would happen if your business was breached? Do you have a plan of action?
September 28, 2015Merchants know by now that after October 1st the liability for card-present fraud will shift to whichever party is the least EMV-compliant in a fraudulent transaction. This means that merchants will be more accountable if EMV is not implemented.
September 21, 2015Passwords keep your accounts and network safe but may also be a gateway for hackers. Here are some quick tips we recommend when creating your passwords.
September 14, 2015The number of data breaches continues to increase. Cybercrime affects your brand, your customers and your employees in ways that are unrecoverable at times. Don't let your business be affected next.
September 10, 2015The CDC estimates that close to 80% of office-based physicians use some form of electronic medical records. This increase, coupled with recent breaches of patients’ PHI and PII, has highlighted the need for security of medical office networks.
August 31, 2015What is the true cost of a data breach? A data breach affects your business, brand, and reputation. But it can be prevented.
August 24, 2015Four Common Data Threats
January 01, 2014Why should you, as a merchant, comply with the PCI Security Standards? At first glance, especially if you are a smaller organization, it may seem like a lot of effort, and confusing to boot. But not only is compliance becoming increasingly important, it may not be the headache you expected.
January 13, 2014When Target announced that it had suffered a major breach of approximately 40 million credit cards and 70 million customer records, the nation as a whole took a collective gasp in shock. In the aftermath of the initial disclosure, the public then heard from Neiman Marcus that it too had suffered an electronic breach of data that may include credit cards.
January 20, 2014The PCI Security Standards Council is an open global forum, launched in 2006, that is responsible for the development, management, education, and awareness of the PCI Security Standards, including the Data Security Standard (PCI DSS), Payment Application Data Security Standard (PA-DSS), and PIN Transaction Security (PTS) requirements.
February 17, 2014For the past several months, there have been numerous stories about major retailers that have been breached by hackers. The result is that millions of credit cards have been stolen. In the case of Target, so far it is reported that 40 Million customer credit cards have been exposed, and 70 Million total records with personal information have been stolen.
March 12, 2014In the wake of their breach, Target announced on March 5, 2014 that their CIO, Beth Jacob was announcing her resignation. This begs the question, Will CIO's be the final victim after a breach?
April 11, 2014Many of our customers and resellers have asked how Heartbleed affected Netsurion services. In a nutshell, the managed services that make up our product offerings were not directly affected by Heartbleed.
August 25, 2014Every now and then hackers develop a piece of malware that is so insidious that it changes the landscape of computer security and acceptable practices. While there are many contenders for this dubious list, CodeRed, Zeus, and now Backoff are certainly worthy of inclusion.
September 29, 2014Most merchants who have been validating their PCI compliance for a few years now probably know which SAQ type applies to them. In PCI 2.0, it has been fairly simple. And now we are facing PCI 3.0.
October 29, 2014In the wake of Heartbleed, comes a new form of exposure that could potentially do much more damage than any other vulnerability of its kind. It is known as Shellshock. Shellshock affects Linux and UNIX implementations that use the BASHcommand interpreter.
January 07, 2015The Georgia based fast food company, Chick-fil-A, has confirmed that it is investigating a potential credit card breach. The investigation is focused on the company’s point-of-sale (POS) network at some of its restaurants and the breach is thought to have occurred between December of 2013 and September of 2014.
January 14, 2015We live in a brave new world where the spies of yesteryear, like James Bond and Jason Bourne, are truly falling away into the realm of fantasy, replaced instead with hackers, doing battle on the digital front.
February 19, 2015How many days go by between news stories involving computer breaches? The truth of the matter is that as long as sensitive data is gathered by merchants, thieves will attempt to steal it.
March 12, 2015Whether we are talking about shoppers being students, families, or business execs, having the ability to interact with your guests via wireless and mobile is becoming the standard. Why miss the opportunity to further engage with customers while they are still in your store?
May 05, 2015It is becoming more and more frequent to read about electronic data breaches in the news these days. Unfortunately, what is not touched on as frequently are the physical security issues present in restaurant and retail establishments.
June 08, 2015In today’s business world, a major draw for many customers is the ability to stay connected while outside the office. In order to provide this connectivity, typically means having a wireless network set up for your customers. However, it also means placing your business at a potential risk.
July 14, 2015In the wake of BackOff, and numerous other data breaches, consumers are demanding answers into the how and why surrounding companies who have inadvertently allowed data to be compromised given security measures accessible today.
January 14, 2016
2015 was a tough year for the healthcare industry. Some are even calling 2015 “the year of the healthcare hack”. Last year, over 65% of the data breaches occurred in the healthcare industry...
January 26, 2016It’s understandable that the primary goal of any healthcare practice is to keep their patients healthy and safe. But what about keeping their patients’ data safe too?
February 19, 2016While you focus on providing the best health service for your patients, it is easy to under-estimate the risks that you may be putting your practice should you implement mobile technology without basic security measures.
February 26, 2016I have fond memories of playing a board game called Hungry Hungry Hippos in my younger days. Today’s medical practices mirror the chaos of the game. Each day seems more hectic than the previous...
December 06, 2013When people think of Christmas, most of them imagine family gatherings and good times. We often forget that from the end of Thanksgiving to the beginning of the year, the U.S. spends billions of additional dollars on merchandise that otherwise would have stayed on the shelves. We sometimes forget that hackers love this season as well.
October 18, 2013The department store giant garnered unwanted attention earlier this month when they announced that a Florida store fell victim to a team of thieves who attached extremely small devices called key loggers in line with their keyboards where they plug into the registers.
October 04, 2013Every 3 years the Payment Card Industry Data Security Standard (PCI) is updated to a new version. The time for the next release is right around the corner. Are you Ready?
September 13, 2013From a PCI compliance standpoint, merchants using Windows XP will have problems maintaining compliance because they cannot keep their operating systems patched to protect themselves from the latest vulnerabilities. On the flip side, there are many Point of Sale (POS) software packages that have only been validated using Windows XP, and if another operating system is used instead, it will violate the official implementation guide (and thus fall out of compliance). Our customers have been asking us for guidance, so we did a little research.
July 19, 2013There is a new trend facing people who rely on help desks. Hackers are targeting help desks because they know that the people who provide you support have the access into your systems that they want to exploit.
May 31, 2013In the wake of the most recent terrorist bombing in Boston, it is easy to understand why some people would be willing to sacrifice a few liberties to the government in favor of more security. A common train of thought is that an honest person does not have anything to hide, so the intrusion into our private lives is really a minor thing. In a Utopian society, I would tend to agree with that sentiment, but we live somewhere else.
May 24, 2013Square strives to make financial transactions simple enough so that the average person on the street can participate. Before Square, a regular person without a bank supplied merchant account could not take credit cards. Today, Square allows everyone with a smart phone to accept credit cards, and now the company is focusing on another market – person to person cash payments.
April 26, 2013This type of issue with a browser is so damaging because computer hackers who take advantage of it, can execute malicious code on the affected machines without the user needing to download anything or without any indication that the machine has been compromised. All a user has to do to be infected is to go to a website that has a malicious script embedded on it, and viola you have been hacked!
March 29, 2013When you think about electronic security, what comes to mind? Do you consider how vulnerable your customer credit cards are, or how easily someone can break into your on-line bank account? These are the most profitable avenues of attack that thieves usually focus on, but occasionally, cybercriminals are motivated by something besides greed.
February 22, 2013In the dark ages of personal computers (1980′s and 90′s), you either needed to be a computer geek or have access to one if you wanted any device to work with your computer. You had to go through a complicated driver installation process, and possibly replace system files. My how the world has changed.
January 18, 2013In what should only be considered a victory for the U.S. DOJ, 2 of the 4 alleged Subway hackers responsible for potentially $10 Million dollars in computer fraud have been sentenced, and 1 of the remaining criminal’s trial is set to begin shortly.
April 06, 2016Ransomware is a business’ worst nightmare. This malware infects computers and restricts the users from accessing any of their data until paying the ransom. What would you do to get that data back?
April 20, 2016While your business’ data security program should consist of many components, perhaps the most effective defense to ransomware is building a culture of data security amongst your employees.
April 26, 2016PCI DSS 3.2 is scheduled for release at the end of April. Have you thought about how this update can affect your business? Will you still be PCI compliant?
May 02, 2016It's National Small Business Week! Let's celebrate the hard work you do and make sure your business continues to grow. Have you ever thought about what would happen if your business is affected by a data breach?
May 06, 20162016 Verizon Breach Investigations Report (Part 1 of 3)
The 80 page report is packed with valuable data breach insights. We know time is valuable so we decided to save you some by sharing the 3 main topics you should understand from this report.
May 13, 20162016 Verizon Breach Investigations Report (Part 2 of 3)
In our previous post we showed you that regardless of the business’ size, location or industry, many are targets to hackers. So how are hackers getting into these businesses’ networks and stealing data?
May 20, 20162016 Verizon Breach Investigations Report (Part 3 of 3)
We've covered the 4 patterns of attack used by hackers, expanded on how dangerous these attacks are and how hackers are hurting your business. But did you know, many of these attacks can be prevented with a little help and knowledge?
May 31, 2016If you are not keeping up with regular patching of your computer and the programs that run on it – then you are simply asking for trouble. Many of the breaches that make the news are caused by holes in software for which a patch existed by the vendor.
June 09, 2016In this entry we discuss the topic of anti-virus protection. There are many questions that come up when we talk about this topic. So here are a few answers to your questions.
June 02, 2016While software that can be installed on your PC and used to remotely connect when you are away from your home office can be very handy, it also comes with risks that may not be apparent at first.
June 17, 2016In this fourth article in the series, we continue to explore some of the basic ways that business of all sizes can keep their computer systems safer. We will discuss the topic of programs, ports and services.
June 27, 2016We have gathered what have been common comments that we hear from business owners. And today, we would like to bust these myths!
July 05, 2016In this fifth article of the series, we continue to explore the basic ways businesses can keep their networks safer. These include tools you can implement on your own and understand why taking action is vital to the safety of your business.
July 11, 2016We know how tempting those summer sales are! But are you being careful on where you are swiping your card?
July 18, 2016So you have a big brand name that millions of consumers trust. You have hundreds to thousands of locations across the U.S…. and perhaps even globally. A big name means big money, so that huge chunk of change dedicated to security is definitely paying off in spades, right? All too often, the answer is a resounding “WRONG.”
July 26, 2016When business owners start looking at Point-of-Sale (POS) systems, they may feel overwhelmed at the infinite amount of options they can find online. How does a business owner make a decision? How do they know it’s the right decision?
August 10, 2016The event, aimed at connecting the point-of-sale (POS) technology ecosystem, was extremely successful because it gave us the perfect platform to further connect with our existing partners—and to meet and interact with industry leaders.
August 30, 2016PCI compliance: that daunting phrase you always hear in the world of payments…but never truly understand. Well we’re here to sum it up for you—what it is, why it’s important and what you need to meet this standard.
September 06, 2016News about a company being breached seems to be a regular occurrence nowadays. And it’s no wonder, with hackers getting more sophisticated and hungry for more.
September 19, 2016Persistent threats affecting businesses of all sizes and in all verticals are becoming more consistent and hitting more frequently. The 2016 Verizon Data Breach report analyzed 100,000 incidents, of which 3,141 were confirmed data breaches.
September 28, 2016The presidential debate, as entertaining as it was for many, was a great place to hear about the focus needed on cybersecurity issues in this country. Both candidates were asked the following question on the topic of cybersecurity in the U.S...
October 21, 2016Years ago, in a data security nightmare not so far away…I found out how quickly a brand could change from being a favorite of mine to becoming an entity I would never trust again.
November 23, 2016Are you feverishly working to patch your systems today with the latest available patches? Or are you spending your time unfriending people who voted for someone you don’t approve of?
December 14, 2016Sure, the headlines have been wrought with healthcare ransomware stories, election-centric email breaches, and massive retail hacks—but restaurants are becoming more vulnerable to data breaches as well and cannot remain complacent.
December 21, 2016Though there are many companies out there responsible for securing merchant locations from the risks of data breaches, people’s own risky behavior often leads to their ID theft problems, no matter how well merchants protect them. And with more and more merchants accepting chip cards this year, hackers are likely to go back to tried and true methods for preying on individual cardholders.
January 13, 2017We believe that every business should have the means to protect themselves and their customers from cyberattacks, and the PCI Security Standards Council (PCI SCC) shares this belief. We’re working together to make compliance management more efficient, and therefore, strengthen the security of all merchants.
February 27, 2017Securing medical records is a complex undertaking. Healthcare organizations need an array of security technologies that can be used to prevent malicious attacks and keep personal healthcare information safe, while retaining the day-to-day ease-of-use.
March 29, 2017Restaurants with multiple locations are taxed with increased pressure to succeed in different geographic locations, with potentially different demographics. This means implementing popular technology to serve that area—sometimes quickly—to keep the business afloat. The faster their success, customer enjoyment, and diner loyalty accelerate the more likely these locations are to become and remain go-to dining spots. However, in the rapid shuffle of getting these technologies set up, security is often forgotten.
April 12, 2017Tax season is a busy time of year for hackers, given the ample opportunities to steal personal and financial information through phishing, hacking into computer networks, or other underhanded methods. Here are five tips that go beyond the basics you probably already know, like watching out for phishing and malware, keeping your anti-virus software up-to-date and using different hard-to-guess passwords for different services.
May 02, 2017As a new business owner, there is so much to be proud of and so much to do. Your idea turned into a plan that has been put to action, so now what? At the forefront, there is one question you need to answer from the start.
May 15, 2017As the second iteration of the WannaCry ransomware impacting IT infrastructure around the globe is expected, we want to arm our customers with information to be best prepared.
May 16, 2017As the summer travel season quickly approaches, most people envision exchanging work clothes and school books for shorts, flip flops, and beach umbrellas as they look forward to that well-deserved vacation. Unfortunately, hackers have their own plans this summer...
June 19, 2017While automation facilitates hotel operations and often makes a better stay for guests, it also opens hotels to digital threats perpetrated by malicious actors. Consequently, hotel operators should be aware of the types of cyber attacks, which can significantly hurt their brand reputation and bottom line, not to mention the safety and welfare of employees and guests.
July 11, 2017Ransomware attack frequency is at its height as there have been more than 4,000 ransomware attacks happening each day for over a year now. Follow these tips to help avoid a ransomware breach at your business.
August 08, 2017Security experts believe that cybercriminals will be shifting tactics due to declining revenues from stolen credit card sales. We discuss rationale for the rise of ransomware – and what you need to do to get ready for a potential and ongoing surge of attacks. We believe there’s not a minute to lose with back-to-school season underway, so let’s get started.
September 21, 2017Imagine the lost revenue for a major retailer if they needed to shut down all of their stores for a few days, or even a few hours, especially over the busy holiday season. The impact would be devastating.
October 09, 2017The old Haunted Hotel with squeaky wood floors, welcomed all guests who dared enter the front doors. Guests arrived from every nation – every corner of world – ready to spend money and explore.
November 01, 2017When Point-to-point encryption (P2PE) was standardized by the PCI Security Standards Council, many thought it would become the be-all end-all security solution they needed. It would protect customer data and relieve some of the burden of PCI compliance on the merchant. As with anything that sounds too good to be true, proceed with caution.
November 06, 2017As the holidays swiftly approach, many of us are making lists and plans as part of the crescendo of year-end activity. We don’t want to forget anything important, but is ensuring safety from cybercrime at the top of your list?
December 14, 2017It has been a turbulent year for industry as a whole, and retail has been in the center of the turbulence. Amazon bought Whole Foods, grocery chains moved into new markets, and myriad players invested heavily in building digital capabilities. The catchphrase on everyone’s lips has been, “Transform the customer experience.”
January 26, 2018The cybersecurity market is loaded with ambiguous buzzwords and competing acronyms that make it very difficult to clearly distinguish one infosecurity capability from another. If your efforts to understand what cybersecurity components you need to focus on have left you frustrated, you're not alone. Let’s cut to the chase and separate fact from fiction regarding cybersecurity’s biggest buzzwords.
February 20, 2018Are you compliant with PCI DSS Version 3.2? Restaurants, retailers, hotels, doctors' and lawyers' offices, and many more, all need to watch for PCI DSS updates to remain compliant.
March 13, 2018SD-WAN is transforming enterprise networks with affordable network infrastructure by offering low-cost, reliable network connectivity, while dramatically reducing operational expenses. Smaller retail stores are adopting omni-channel strategies to offer better shopping experiences through mobile connectivity to shoppers at the stores.
April 04, 2018More and more businesses are adopting 4G LTE either to set up a backup network connection or to gain internet access when other means, such as Cable and DSL, are not available. The trend is seen easily when searching for "4G LTE router" online. You will...
April 25, 2018One of the key benefits for most businesses deploying SD-WAN is the reduction in WAN costs by up to 80 percent. Continuity and resilience are also critical to businesses in today's growing cyber-threatened world. SD-WAN solutions offer multi-link support, so 4G LTE is an obvious choice for failover connectivity.
June 06, 2018To streamline operations, improve service and remain competitive, hotels use computers to handle numerous tasks. While automation facilitates hotel operations and often makes a better stay for guests, it also opens hotels to digital threats perpetrated by malicious actors.
June 28, 2018There’s an old saying: Their bark is worse than their bite. However, this is not the case with the penalties of non-compliance when it comes to the General Data Protection Regulation (GDPR). With the enforcement date of the GDPR having passed on May 25, 2018, any company not in compliance could be in for a very nasty shock.
July 26, 2018The cost of network downtime or failing internet connectivity has never been higher due to incidents resulting in million-dollar losses of business revenue and employee productivity. Both small and large enterprises are increasingly relying on business-critical applications deployed in the cloud. Here are some of the key factors to consider when selecting a failover solution.
October 04, 2018Many IT leaders are excited about the benefits of SD-WAN such as cost reduction, agility/flexibility, ease of deployment, and the options to improve security. But as usual, SD-WAN as a MPLS killer is not cut-and-dry. If you’re wondering if SD-WAN is right for your IT environment, hopefully we can help you out.
October 17, 2018For cyber criminals, everyone’s a target. We must assume that, at some point, every organization’s IT infrastructure will be breached. That’s why we need to continuously monitor, investigate, and respond to cyber threats 24/365 if we are to avoid costly breaches.
April 26, 2018Can you simply buy a “SIEM solution”? Turns out you really cannot, no matter how hard you try nor how passionately the vendor promises. What you can buy at the store is a SIEM tool, which is a completely different thing. SIEM tools are products, while implementing a security or compliance solution involves people, process, and technology. SIEM tools are a critical part of SIEM, but they’re not the whole solution.
November 14, 2018A refresh has come for distributed enterprises. In 2018, branch office WAN technology has been increasingly moving towards software defined networking for many reasons: agility, scalability, resiliency and, above all, cost-effectiveness.
December 04, 2018It’s that time of the year again! Family and office holiday parties are gearing up, business projects are racing toward year-end deadlines, and seemingly everyone is sharing their 2019 predictions for IT and cybersecurity. But what about the branch network?
December 18, 2018Protecting a business’ IT infrastructure and data can be difficult with the abundance of threats out there, the array of new data privacy regulations, and many cybersecurity solutions to choose from. Even today, far too many businesses still claim protection with just anti-virus and firewall, when these measures aren’t enough to keep up with advanced threats.
January 21, 2019The complexities and costs of IT network management and security in retail stores has reached a breaking point. Today’s retail IT professional, point-of-sale reseller, or managed IT service provider is struggling to effectively deploy, manage, and secure the network in these branch locations in an efficient and affordable way.
January 24, 2019If you think your organization is too small to be targeted by threat actors, think again. Over 60% of organizations have experienced an exploit or breach, so the stealthy and ever-evolving hacker may already be in your organization performing reconnaissance or awaiting strategic command and control (C&C) instructions.
January 31, 2019We recently released the findings of the Security Information and Event Management (SIEM) study conducted by Cybersecurity Insights. The study surveyed over 345 IT and Security executives and practitioners, with 45% of them small and mid-sized firms with 999 or fewer employees and the balance comprised of enterprise organizations with 1,000 or more employees.
February 11, 2019The networking market is loaded with ambiguous buzzwords and competing acronyms that make it difficult to clearly distinguish one capability from another. So, let’s break down those buzzwords and competing acronyms that are the most commonly compared as if they were apples to apples.
December 10, 2018The year 2018 saw ransomware families such as CryptoLocker and variants like Locky continue to plague organizations as cybersecurity adversaries morph their techniques to avoid detection. Several massive data breaches this year include Quora, Ticketmaster, and Facebook that exposed over 200 million records worldwide. As the year winds down, here’s what small and mid-sized organizations may experience in 2019 with an eye towards enhancing security.
February 25, 2019Over 7 billion global devices in an always on and continuously connected world create a soft target for today’s attacker. Whether working to monetize data or make a political statement, adversaries are well funded and staffed in the battle for endpoint access and control.
March 20, 2019Did you know that Microsoft is a security vendor? No, it’s true. For years, the company was hammered by negative public perception and the butt of jokes around the 2002 "trustworthy computing" memo. The company has steadily invested in developing a security mindset and the product results are now more visible to the public.
April 01, 2019For MSPs serving clients in the healthcare industry, protecting data can be complex. With compliance enforcement like HIPAA , for instance, distinguishing the owner of your clients’ data is critical —especially due to the lack of security awareness training amidst healthcare end users. Here are the five key data security tips to better protect SMB clients in healthcare.
April 03, 2019Increasing complexity and frequency of attacks have escalated the need for detection of attacks and incident response. Endpoints are the new battleground as they are a) more pervasive across the network, b) more commonly used by non-IT personnel, and c) less well-defended by IT teams who first move to secure the data center. Endpoint detection and response (EDR) solutions meet the need to rapidly investigate large numbers of systems for evidence of malicious activity, quickly uncover, and then remediate attacks and incidents.
April 15, 2019As a Managed Service Provider (MSP) offering IT infrastructure and end-user systems, your clients rely on you with their valuable assets, sensitive data, and intellectual property. What security best practices can MSPs utilize to avoid becoming a headline?
April 25, 2019Banks have always been a prime target for cybercriminals. With enormous stores of cash and consumer data, and the massive threat of financial losses, regulatory consequences, and reputational damage, there’s really no choice for financial institutions but to innovate and accelerate their cybersecurity strategies.
April 30, 2019Building a better branch network for retailers is not necessarily rocket science. At least, it doesn’t have to be. The formula for building a better branch for these highly distributed businesses is rather simple. When you think about it, it is more like alchemy than chemistry. Like air, earth, fire, and water, it does not take more than four elements to define the ideal branch network.
May 22, 2019The legal world is centered on offering clients protection—and in the current technology environment, that extends to cybersecurity. With the proper security procedures, policies, training, and IT security in law firms, advanced cybersecurity is yet another way that lawyers can protect their clients today.
June 03, 2019Overwhelmed by the hype from security vendors in overdrive? Notice the innovation and trends and feel like jumping on the bandwagon? It’s a urge that many buyers in mid-size companies feel and it can be overpowering. That flashy vendor demo, that rousing speech at a tradeshow, that pressure of keeping up with the Joneses. So what have you done for your security lately is a nagging thought.
July 10, 2019Is your organization still using Windows 7? Microsoft support is coming to a close in a few short months. If you think end-of-support for legacy systems doesn't impact your organization, think again.
July 23, 2019Just how much should you be spending on IT Security? It’s a vexing question to answer for many reasons as each situation has their unique circumstances and factors. But here are some insights garnered over the last decade in cybersecurity.
August 05, 2019It has grown more challenging to protect patient privacy and secure sensitive data under HIPAA (Health Insurance Portability and Accountability Act) as the volume and persistence of cyber attacks have increased in recent years. Healthcare institutions often have vast databases of sensitive information such as credentials and credit card data that cyber criminals seek to monetize and sell on the dark web.
August 08, 2019At Black Hat 2019, Eric Doerr, GM of the Microsoft Security Response Center, reminded attendees of the interconnectedness of enterprise software supply chains and of their vulnerability to attack. Eric highlighted how supply chain compromises come in many guises
August 16, 2019Black Hat 2019 was a learning experience and success for all. All of the hackers, presenters, vendors, and attendees have gone home, but what you learned in Vegas doesn’t have to stay in Vegas. Hopefully you are bringing new information and insights back to your daily operations. Here are some of Netsurion’s key takeaways from Black Hat 2019.
August 20, 2019A financially motivated ransomware gang hit 23 local governments in Texas in a coordinated attack. Ransomware is a type of malicious software, often delivered via email or drive-by web downloads, that locks up an organization’s systems until a ransom is paid or files are recovered by other means such as backup restoration.
August 27, 2019The retail industry has come a long way during the last decade. Online ordering, in-store beacon technology, cloud POS, omnichannel retail platforms, and digital menus and signage, are evidence of innovation taking place. The impact of complacency can seriously damage short-term revenue but also brand reputation and therefore, long-term revenue.
September 13, 2019While nation-state threat actors and external hackers often garner the headlines, insider threats are an often-overlooked threat vector. Rockwell-Boeing, Anthem Healthcare, and Capital One are just a few organizations with damaging data breaches caused by insiders.
September 25, 2019The ELK (Elasticsearch, Logstash, Kibana) stack is a popular open source log analysis and management platform. The collection, processing, normalization, enhancement, and storage of log data from various sources are grouped under the term “log management.”
October 01, 2019Threats and threat actors continue to evolve and morph, creating advanced and even more dangerous tactics to mitigate. October is National Cybersecurity Awareness Month (NCSAM). NSCAM 2019 centers on the theme of Own IT. Secure IT. Protect IT., advocating a proactive approach to enhanced cybersecurity in the workplace and at home.
October 01, 2019If a multi-location business is looking for cellular failover connectivity to ensure business continuity in the event of a blackout or brownout of the broadband internet connection, there are quite a few cellular modems out there that would do the basic job. But when looking for a cost-effective solution that is designed specifically for Point-of-Sale (POS) environments, then some important considerations come into play.
November 19, 2019The holidays are a busy time for most business owners as they ramp up to serve consumers excited to find holiday specials, or even as they prepare for time away from their businesses to spend time with friends and family. Hackers know that you are distracted from your core duties and normal routine and will look for vulnerabilities in your systems.
December 12, 2019Just like locking your front door is crucial to protect your house, monitoring account logins to organizational servers and workstations is crucial to detect password cracking attempts. Enhance your security operations to continuously improve visibility and defenses.
January 27, 2020Following many high-profile data breaches, consumers have elevated data privacy to front-page news and included it as criteria for brand selection and engagement. Consumers around the globe now realize that they aren’t always aware or informed about how their private information is used or shared. Fifty-four percent of consumers are more concerned with protecting their personal information than they were a year ago, according to a survey reported by Security Magazine.
February 18, 2020A data breach today takes 127 days to detect, according to the Ponemon Institute. Comprehensive visibility and real-time analysis of device and application log data provide an early warning of cybersecurity threats before damage occurs. Log monitoring and Security Information and Event Management (SIEM) decision makers sometimes make short-sighted financial decisions to reduce log sources, only to find that it impacts security decision making and incident response.
March 06, 2020RSA Conference 2020 has come and gone. It still maintains its status as the largest security event in the world, although attendance dipped from last year due to virus jitters and travel restrictions. While the mood at RSA Conference (RSAC) overall was a bit more subdued than in the past, attendee engagement with the Netsurion team to discuss co-managed SIEM in the expo hall was at an all-time high.
March 12, 2020Maintaining strong cybersecurity is crucial as organizations make impromptu decisions to send more and more employees to work from home to help minimize the spread and impact of COVID-19. Before you expand and extend your remote workforce, it’s critical that you take appropriate steps to ensure that by decreasing a health risk to your business, those same actions don’t conversely increase a cybersecurity risk.
March 19, 2020More Work-from-Home (WFH) scenarios due to COVID-19 present challenges as employees move from a trusted and secured office network to home networks with a variety of technology and cybersecurity rigor. Here are some tips to stay safe as you and your employees work remote.
March 27, 2020With most employees working from home amid COVID-19 (coronavirus) outbreak, VPN servers have now become paramount to a company's backbone, and their security and availability must be the focus going forward for IT teams. It is now more important than ever that companies and IT staff set up systems to capture metrics about the performance and availability of VPN services.
April 08, 2020Despite current challenges, the restaurant industry is adapting to the new reality of social distancing with creativity while doubling down on online ordering and curbside pickup. For many multi-unit restaurant brands, it’s critical to simply stay afloat at this time, which involves the sudden need to transform the business.
April 15, 2020The public and global businesses alike view ransomware as one of the top cyber threats today. Adversaries are adapting and morphing their harmful techniques to better evade detection and infect a wider set of targets. As a result, ransomware has increased 97% in the past two years, according to Cofense.
May 05, 2020Business uncertainty has led to widespread adoption of working from home. Since most meaningful tasks in any organization require teamwork, this remote work approach has naturally led to a dramatic rise in the use of collaboration tools such as Zoom Conferencing.
May 12, 2020Amid the COVID-19 crisis, restaurants have been forced to quickly adapt to a takeout- and delivery-only model, leaving brands scrambling to put the appropriate infrastructure in place while also looking ahead toward the unknown future of the industry. Relying on websites, apps, and digital communications more than ever, many brands are learning just how vital their network’s capabilities are.
January 20, 2016Given today’s threat landscape, let’s acknowledge that a breach has either already occurred within our network or that it’s only a matter of time until it will. Security prevention strategies and technologies cannot guarantee safety from every attack. It is more likely that an organization has already been compromised, but just hasn’t discovered it yet. Operating with this assumption reshapes detection and response strategies in a way that pushes the limits of any organization’s infrastructure, people, processes and technologies.
February 17, 2016Windows supports the digitally signing of EXEs and other application files so that you can verify the provenance of software before it executes on your system. This is an important element in the defense against malware. When a software publisher like Adobe signs their application they use the private key associated with a certificate they’ve obtained from one of the major certification authorities like Verisign.
May 25, 2016Ransomware burst onto the scene with high profile attacks against hospitals, law firms and other organizations. What is it and how can you detect it?
July 26, 2016Windows gives you several ways to control which computers can be logged onto with a given account. Leveraging these features is a critical way to defend against persistent attackers.
August 17, 2016Cyber criminals are constantly developing increasingly sophisticated and dangerous malware programs. Statistics for the first quarter of 2016 compared to 2015 shows that malware attacks have quadrupled.
September 29, 2016How do you figure out when someone was actually logged onto their PC? The data is there in the security log, but it’s so much harder than you’d think.
January 26, 2017Defense strategies that focus exclusively on the perimeter and on prevention do not take into account the kill chain life cycle approach; this is a reason why attackers are continuing to be so successful.
June 29, 2017As I write this, yet another ransomware attack is underway. This time it’s called Petya, and it again uses SMB to spread. But here’s the thing — it uses an EXE to get its work done.
February 28, 2017Ransomware is about denying you access to your data via encryption. But that denial has to be of a great enough magnitude create sufficient motivation for the victim to pay.
April 27, 2017I’m a big believer in security analytics and detective controls in general. At least sometimes, bad guys are going to evade your preventive controls, and you need the critical defense-in-depth layers that detective controls provide through monitoring logs and all the other information a modern SIEM consumes.
May 31, 2017No industry is immune to these attacks, which if successful are a blot on financial statements of the targeted companies. Despite their success, ransomware attacks are not sophisticated, exploit traditional infection vectors and are not stealthy.
June 05, 2017With distressing regularity, new breaches continue to make headlines. The biggest companies, the largest institutions both private and government are affected. Every sector is in the news.
June 28, 2017A new ransomware variant is sweeping across the globe known as Petya. It is currently having an impact on a wide range of industries and organizations, including critical infrastructure such as energy, banking, and transportation systems.
July 27, 2017While IT security teams identify, hunt, and remove specific variants of the ransomware, there may already be unknown mutated varieties lurking dormant and ready to execute.
August 29, 2017Why has ransomware exploded on to the scene in 2017? Because it works.
August 31, 20172017 has been a banner year for IT Security. The massive publicity of attacks like WannaCry have focused public attention like never before on a hitherto obscure field. Non-technical people, including board members, nod gravely when listening as the CISO.
September 28, 2017Computers do what they are told, whether good or bad. One of the best ways to detect intrusions is to recognize when computers are following bad instructions – whether in binary form or in some higher level scripting language.
October 05, 2017A common dysfunction in many companies is the disconnect between the CISO, who views cybersecurity as an everyday priority, versus top management who may see it as a priority only when an intrusion is detected. Does your organization suffer from any of these?
November 29, 2017Interest continues to build around pass-the-hash and related credential artifact attacks, like those made easy by Mimikatz. The main focus surrounding this subject has been hardening Windows against credential attacks, cleaning up artifacts left behind, or at least detecting PtH and related attacks when they occur.
November 16, 2017The evolution of Security Information and Event Management (SIEM) solutions has made a few key shifts over time. It started as simply collecting and storing logs, then morphed into correlating information with rules and alerting a team when something suspicious was happening.
December 14, 2017When we are attacked, we feel a sense of outrage and the natural tendency is to want to somehow punish the attacker. To do this, you must first identify the attacker, preferably accurately, or else. This is easier said than done, especially online.
January 18, 2018Imagine dealing with a silent, but mentally grating barrage of security alerts every day. The security analyst’s dilemma?
February 15, 2018Does this sound familiar? You have no control of your environment and most of your efforts are diverted into understanding what happened, containing the damage, and remediating the issue.
March 29, 2018It doesn't rhyme and it's not what Whittier said but it's true. If you don't log it when it happens, the evidence is gone forever.
April 25, 2018Security is an ever-escalating arms race. The good guys have gotten better about monitoring the file system for artifacts of advanced threat actors.
April 12, 2018The argument is an old one; are you better off with a network-based detector, assuming all hosts will eventually communicate, or should you look at each host to determine what they are up to?
May 14, 2018The cybersecurity threat landscape is in constant motion – ever evolving. According to Kaspersky Labs, 323,000 new malware strains are discovered daily! Clearly, this rate of increased risk to a company’s assets and business continuity warrants a smart investment in cybersecurity.
May 10, 2018The FBI estimates that more than 4,000 ransomware attacks have occurred daily since the beginning of 2016. That’s a 300% increase from the previous year. This is due in part to the thriving sector of “ransomware-as-a-service.”
May 29, 2018The technological revolution has introduced a plethora of advanced solutions to help identify and stop intrusions. There is no shortage of hype, innovation, and emerging trends in today's security markets. However, data leaks and breaches persist.
June 12, 2018What's the cost of securing your network from a cyber attack? According to Precision Analytics and The CAP Group, many companies are now spending less than 0.2 percent of their revenue on cybersecurity, at least one-third less than financial institutions. If that's you then you may have a cyber blind spot.
June 26, 2018It continues to be challenging being a Chief Information Security Officer (CISO) today – and this year promises no rest. As high-profile data breaches escalate, CISOs, CIOs, and other information security professionals believe their organizations are more likely than ever to fall victim to a data breach or cyber attack.
August 22, 2018DNS is an attractive mechanism for performing malicious activities like network reconnaissance, malware downloads, or communication with their command and control servers, or data transfers out of a network. Consequently, it is critical that DNS traffic be monitored for threat protection.
August 06, 2018Now that advanced cybersecurity protections are a must-have in today’s landscape, organizations of all sizes are increasingly seeking out and leaning on a trusted security partner to manage their security services. A recent study released by Forrester revealed that 57 percent of companies are seeking outside help for IT systems monitoring and 45 percent are outsourcing threat detection and intelligence.
September 17, 2018Advances in data analytics and increased connectivity have merged to create a powerful platform for change. Today, people, objects, and connections are producing data at unprecedented rates. According to DOMO, 90% of all data today was created in the last two years with a whopping 2.5 quintillion bytes of data being produced per day.
March 15, 2018The Cisco Annual Cybersecurity Report provides insights based on threat intelligence gathered by Cisco's security experts, combined with input from nearly 3,000 Chief Security Officers (CSOs), and other security operations leaders from businesses in 13 countries.
July 26, 2018Office 365 (O365) is immensely popular across all industry verticals in the small and medium enterprise space. It is often the killer app for a business and contains valuable, critical information about the business. Accordingly, O365 defense is a top concern on IT leader’s minds.
September 11, 2018When it comes to selling security, one of the major challenges faced by managed services providers (MSPs) is changing the mind set of small- and medium-sized business (SMB) owners. With massive breaches hogging news headlines today, security is hard to ignore.
September 04, 2018Breaches continue to be reported at a dizzying pace. In 2018 alone, a diverse range of companies — including Best Buy, Delta, Orbitz, Panera, Saks Fifth Avenue, and Sears — have been victimized. These are not small companies, nor did they have small IT budgets. So, what’s the problem?
October 03, 2018A hot trend in the Managed Service Provider (MSP) space is emerging, transforming from an MSP to a Managed Security Service Provider (MSSP). Typically, MSPs act as an IT administrator, however, the rapid rise of cloud-based Software-as-a-Service (SaaS) is reducing margins for MSPs.
March 30, 2017The insider threat is typically much more infrequent than external attacks, but they usually pose a much higher severity of risk for organizations when they do happen. While they can be perpetrated by malicious actors, it is more common the result of negligence.
March 30, 2017So you got hit by a data breach, an all too common occurrence in today’s security environment. Who gets hit? Odds are you will say the customer. After all it’s their Personally Identifiable Information (PII) that was lost.
April 12, 2017IT workers in general, but more so IT Security professionals, pride themselves on their technical skills. Keeping abreast of the latest threats and the newest tactics to demonstrate to management and peers that one is “worthy.”
May 09, 2017Shared threat intelligence is an attractive concept. The good guys share experiences about what the bad guys are doing thereby blunting attacks. This includes public-private partnerships like InfraGard, a partnership between the FBI and the private sector dedicated to sharing information and intelligence to prevent hostile acts against the U.S.
August 14, 2017How much security is enough? That’s a hard question to answer. You could spend $1 or $1M on security and still ask the same question. It’s a trick question; there is no correct answer.
September 27, 2017This post got me thinking about a recent conversation I had with the CISO of a financial company. He commented on how quickly his team was able to instantiate a big data project with open source tools.
September 11, 2017Equifax, one of the big-three US credit bureaus, disclosed a major data breach. It affects 143 million individuals — mostly Americans, although data belonging to citizens of other countries, for the most part Canada and the United Kingdom, were also hit.
September 07, 2017By now it’s accepted that SIEM is a foundational technology for both securing a network from threats as well as demonstrating regulatory compliance. However, SIEM is not fit-and-forget technology, nor is it technically simple to implement and operate.
October 13, 2017While the threats have changed over the past decade, the way systems and networks are managed have not. We continue with the same operations and support paradigm, despite the fact that internal systems are compromised regularly.
October 26, 2017The IT security industry’s skill shortage is a well-worn topic. Survey after survey indicates that a lack of skilled personnel is a critical factor in weak security posture. If the skills are not available in your organization then you could: a) ignore the problem and hope for the best, or b) get help from the outside.
November 30, 2017A lot of data, an overwhelming amount actually, is available from hundreds of sources, but rarely is it observed. Having something and getting value from it are entirely different.
November 07, 2017“You’re in the fight, whether you thought you were or not”, Gen. Mike Hayden, former Director of the CIA and NSA. It may appear at first to be a scare tactic or an attempt to sow fear, uncertainty, and doubt, but truly, what this means is that it’s time to adopt the Assume Breach paradigm.
December 28, 2017We all hear it over and over again: complying with data protection requirements is expensive. But did you know that the financial consequences of non-compliance can be far more expensive?
December 01, 2017While you’ve been busy defending against ransomware, the bad guys have been scheming about new ways to steal from you. Let’s review a tactic seen in the news called bitcoin mining.
January 28, 2016Winning a marathon requires dedication and preparation. Over long periods of time. A sprint requires intense energy but for a short period of time. While some tasks in IT Security are closer to a sprint (e.g., configuring a firewall), many, like deploying and using a Security Information and Event Management (SIEM) solution, are closer to a marathon.
February 04, 2016Think about the burglar alarm systems that are common in residential neighborhoods. In the eye of the passive observer, an alarm system makes a lot of sense. They watch your home while you’re asleep or away, and call the police or fire department if anything happens. So for a small monthly fee you feel secure. Unfortunately, there are a few things that the alarm companies don’t tell you.
March 04, 2016The range of threats included trojans, worms, trojan downloaders and droppers, exploits and bots (backdoor trojans), among others. When untargeted (more common), the goal was profit via theft. When targeted, they were often driven by ideology.
March 23, 2016Cloud security is getting attention and that’s as it should be. But before you get hung up on techie security details, like whether SAML is more secure than OpenID Connect and the like, it’s good to take a step back. One of the tenets of information security is to follow the risk.
March 30, 2016Do you embrace the matrix? The fact is, once networks get to a certain size, IT organizations begin to specialize and small kingdoms emerge.
October 05, 2018In simpler times, security technology approaches were clearly defined and primarily based on prevention with things like firewalls, anti-virus, web, and email gateways. There were relatively few available technology segments and a relatively clear distinction between buying security technology purchases and outsourcing engagements.
April 14, 2016Traditional areas of risk — financial risk, operational risk, geopolitical risk, risk of natural disasters — have been part of organizations’ risk management for a long time. Recently, information security has bubbled to the top, and now companies are starting to put weight behind IT security and Security Operations Centers (SOC).
April 20, 2016Yet another recent report confirms the obvious, that SMBs in general do not take security seriously enough. The truth is a bit more nuanced than that, of course—SMB execs generally take security very seriously, but they don’t have the dollars to do enough about it—although it amounts to the same thing.
May 11, 2016SC Magazine released the results of a research survey focused on the rising acceptance of SIEM-as-a-Service for the small and medium sized enterprise. The survey found that SMEs and companies with $1 billion or more in revenue or 5,000-plus employees faced similar challenges.
June 30, 2016Analytics is an essential component of a modern SIEM solution. The ability to crunch large volumes of log and security data in order to extract meaningful insight can lead to improvements in security posture. Vendors love to tell you all about features and how their particular product is so much better than the competition.
June 22, 2016Detecting virus signatures is so last year. Creating a virus with a unique signature or hash is quite literally child’s play, and most anti-virus products catch just a few percent of the malware that is active these days. You need better tools, called endpoint detection and response (EDR).
June 01, 2016Far too many SIEM implementations are considered to be catastrophes. Having implemented hundreds of such projects, here are the three parts of a SIEM implementation which if followed will in fact minimize the drama but maximize the ROI.
June 13, 2016In a recent webinar, we demonstrated techniques by which EventTracker monitors DNS logs to uncover attempts by malware to communicate with Command and Control (C&C) servers. Modern malware uses DNS to resolve algorithm generated domain names to find and communicate with C&C servers.
July 07, 2016There’s a wealth of intelligence available in your DNS logs that can help you detect persistent threats. So how can you use them to see if your network has been hacked, or check for unauthorized access to sensitive intellectual property after business hours?
July 08, 2016Ideas to Retire is a TechTank series of blog posts that identify outdated practices in public sector IT management and suggest new ideas for improved outcomes. Dr. John Leslie King is W.W. Bishop Professor in the School of Information at the University of Michigan.
August 24, 2016A common hacking method is to steal information by first gaining lower-level access to your network. This can happen in a variety of ways: through a print server, via a phished email, or taking advantage of a remote control program with poor security.
November 30, 2016Log collection, SIEM and security monitoring are the journey not the destination. Unfortunately, the destination is often a false positive. This is because we’ve gotten very good at collecting logs and other information from production systems, then filtering that data and presenting it on a dashboard.
November 16, 2016We have been implementing Security Information and Event Management (SIEM) solutions for more than 10 years. We serve hundreds of active SIEM users and implementations. We have had many awesome, celebratory, cork-popping successes. Unfortunately, we’ve also had our share of sad, tearful, profanity-filled failures.
December 21, 2016Regulatory compliance is a necessary step for IT leaders, but it’s not sufficient enough to reduce residual IT security risk to tolerable levels. This is not news. But why is this the case? Here are three reasons:
December 21, 2016‘Twas the night before Christmas and all through HQ Not a creature was stirring, except greedy Lou – An insider thief who had planned with great care A breach to occur while no one was there. Lou began his attack without trepidation, For all his co-workers were on their vacations.
August 31, 2018Implement a Central Collection System Microsoft has made some considerable changes to event management in Windows Vista. But are these changes enough to help you control your entire infrastructure?
January 01, 2013The 5 W’s of security management I’ve seen it happen about a thousand times if I’ve seen it once. A high profile project ends up in a ditch because there wasn’t a proper plan defined AHEAD of time.
January 01, 2013Often when I engage with a prospect their first question is “How many events per second (EPS) can EventTracker handle?” People tend to confuse EPS with scalability so by simply giving back an enormous-enough number (usually larger than the previous vendor they spoke with) it convinces them your product is, indeed, scalable.
January 01, 2013The number 1 vulnerability on the OWASP list is cross site scripting or XSS. XSS seems to have replaced SQL injection as the new favorite for web attacker. We look at using web server logs to detect signs of these XSS attacks.
January 01, 2013Time won't give me time: The importance of time synchronization for Log Management
January 01, 2013Preparing the Infrastructure From all the uses for log data across the spectrum of security, compliance, and operations, using logs for incident response presents a truly universal scenario – you can be forced to use logs for incident response at any moment, whether you’re prepared or not.
January 01, 2013In most previous newsletters, we have discussed the use of logging for various regulatory mandates (such as PCI DSS, HIPAA and FISMA) as well as the use of logs for incident response and malicious software tracking. This log data can also be incredibly useful for detecting and investigating insider abuse and internal attacks.
January 01, 2013Randy Franklin Smith compares methods for detecting malicious activity from logs including monitoring for high impact changes, setting up tripwires and anomalous changes in activity levels. Security standards and auditors make much of reviewing logs for malicious activity.
January 01, 2013An area of audit logging that is often confusing is the difference between two categories in the Windows security log: Account Logon events and Logon/Logoff events. These two categories are related but distinct, and the similarity in the naming convention contributes to the confusion.
January 01, 2013No one needs to be convinced that monitoring Domain Controller security logs is important; member servers are equally as important: most people understand that member servers are where “our data” is located.
January 01, 2013Unfortunately, IT is not perfect; nothing in our world can be. Compounding the inevitable failures and weaknesses in any system designed by fallible beings, are those with malicious or larcenous intent that search for exploitable system weaknesses.
March 03, 2013I think one of the most underutilized features of Windows Auditing and the Security Log are Process Tracking events. In Windows 2003/XP you get these events by simply enabling the Process Tracking audit policy.
July 17, 2013What security events get logged when a user logs on to their workstation with a domain account and proceeds to run local applications and access resources on servers in the domain?
July 03, 2013In the aftermath of the disclosure of the NSA program called PRISM by Edward Snowden to a reporter at The Guardian, commentators have gone into overdrive and the most iconic quote is one attributed to Benjamin Franklin “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety”.
August 31, 2018There are five different ways you can log on in Windows called “logon types.” The Windows Security Log lists the logon type in event ID 4624 whenever you log on.
November 20, 2013Over the years, security admins have repeatedly asked me how to audit file shares in Windows. Until Windows Server 2008, there were no specific events for file shares.
January 16, 2014It was the fall of 2008. A variant of a three year old relatively benign worm began infecting U.S. military networks via thumb drives.
February 19, 2014Unstructured data access governance is a big compliance concern. Unstructured data is difficult to secure because there’s so much of it, it’s growing so fast and it is user created so it doesn’t automatically get categorized and controlled like structured data in databases.
April 16, 2014Analyzing all the login and pre-authentication failures within your organization can be tedious. There are thousands of login failures generated for several reasons. Here we will discuss the different event IDs and error codes and how you can simplify the login failure review process.
April 28, 2014
Security Information and Event Management (SIEM) is a term coined by Gartner in 2005 to describe technology used to monitor and help manage user and service privileges, directory services and other system configuration changes; as well as providing log auditing and review and incident response
August 31, 2018With data breaches and Snowden-like information grabs, I’m getting increased requests for how to track data moving to and from removable storage, such as flash drives. The good news is that the Windows Security Log does offer a way to audit removable storage access.
July 24, 2014Return on investment (ROI) - it is the Achilles heel of IT management. Nobody minds spending money to avoid costs, prevent disasters, and ultimately yield more than the initial investment outlay. But is the investment justified?
August 22, 2014I often get asked how to audit the deletion of objects in Active Directory. It’s pretty easy to do this with the Windows Security Log – especially for tracking deletion of users and groups which I’ll show you first. All you have to do is enable “Audit user accounts” and “Audit security group management” in the Default Domain Controllers Policy GPO.
October 29, 2014If you manage any Linux machines, it is essential that you know where the log files are located, and what is contained in them. From a security perspective, here are 5 groups of files which are essential. Many other files are generated and will be important for system administration and troubleshooting.
December 17, 2014In computer terminology, a honeypot is a computer system set to detect, deflect, or, in some manner, counteract attempts at unauthorized use of IT systems. Generally, a honeypot appears to be part of a network, but is actually isolated and monitored, and which seems to contain information or a resource of value to attackers.
January 22, 2015Log monitoring is difficult for many reasons. For one thing there are not many events that unquestionably indicate an intrusion or malicious activity. If it were that easy the system would just prevent the attack in the first place.
January 21, 2015
Traditional threat models posit that it is necessary to protect against all attacks. While this may be true for a critical national defense network, it is unlikely to be true for the typical commercial enterprise. In fact many technically possible attacks are economically infeasible and thus not attempted by typical attackers.
February 25, 2015
There is great excitement amongst security technology and service providers about the intersection of global threat intelligence with local observations in the network. While there is certainly cause for excitement, it’s worth pausing to ask the question “Is Threat Intelligence being used effectively?"
June 03, 2015Six ways to shoot yourself with SIEM technology: 1) Dont plan; just jump in 2) Have no defined scope or use cases; whatever 3) Confuse SIEM with Log Management 4) Monitor noise; apply no filters 5) Don’t correlate with any other technologies eg IDS, Vulnerability scanner, Active Directory 6) Staff poorly or not at all
August 19, 2015
For many years now, the security industry has become somewhat reliant on ‘indicators of compromise’ (IoC) to act as clues that an organization has been breached. Every year, companies invest heavily in digital forensic tools to identify the perpetrators and which parts of the network were compromised in the aftermath of an attack.
December 02, 2015Here we are going to look for Event ID 4740. This is the security event that is logged whenever an account gets locked. “User X” is getting locked out and Security Event ID 4740 are logged on respective servers with detailed information.
September 03, 2020Trying to figure out what is really the difference between SASE, SD-WAN, and SD-Branch? Rest assured you are not alone. Before we untangle the difference between these concepts, it’s important to first clarify what they have in common. All three of these technology concepts are related to secure edge networking and addressing the challenge of managing a secure, agile, and resilient network of geographically distributed locations while reducing the related IT cost, time, and complexity involved.
September 03, 2020The cybersecurity industry is notorious for coining terms and acronyms that rise and fall out of favor before they even have a chance to be fully understood. We get it – rapid innovation can be messy and lead to confusion and clutter. While it’s exciting and encouraging to see so many solution providers invent new solutions and improve upon others, resulting in new concepts, sometimes all of this terminology is honestly just an effort to stand out from the crowd.
January 01, 2013There is a lot of discussion around Security MSSPs, SaaS (Security as a Service) and Cloud Computing these days. I always felt I had a pretty good handle on MSSPs and SaaS. The way I look at it, you tend to outsource the entire task to Security MSSPs.
January 01, 2013Despite the fact that security industry has been fighting malicious software – viruses, worms, spyware, bots and other malware since the late 1980s, malware still represents one of the key threat factors for organizations today. While silly viruses of the 1990s and noisy worms (Blaster, Slammer, etc.) of the early 2000’s have been replaced by commercial bots and so-called “advanced persistent threats,” the malware fight rages on.
January 01, 2013
I am often asked that if Log Management is so important to the modern IT department, then how come more than 80% of the market that “should” have adopted it has not done so?
January 01, 2013HIPAA Logging HOWTO, Part 2 The Health Insurance Portability and Accountability Act of 1996 (HIPAA) outlines relevant security and privacy standards for health information – both electronic and physical. The main mission of the law is “to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery” (HIPAA Act of 1996 http://www.hhs.gov/ocr/privacy/). A recent enhancement to HIPAA is called Health Information Technology for Economic and Clinical Health Act or HITECH Act.
January 01, 2013Intrusion detection and compliance are the focus of log management, SIEM and security logging. But security logs, when managed correctly are also the only control over rogue admins. Once root or admin authority has been given to, or acquired by, a user, there is little they cannot do.
January 01, 2013There’s been a lot of recent hype about security risks with the rise of virtualization, but much of it is vague and short on specifics. There is also an assumption that all the security available on a physical server simply disappears when it migrates to being a virtual machine. This is not true.
When we originally conceived the idea of SIEM and log management solution for IT managers many years ago, it was because of the problems they faced dealing with high volumes of cryptic audit logs from multiple sources. Searching, categorizing/analyzing, performing forensics and remediation for system security and operational challenges evidenced in disparate audit logs were time consuming, tedious, inconsistent and unrewarding tasks. We wanted to provide technology that would make problem detection, understanding and therefore remediation, faster and easier
January 01, 2013The past year has been a hair-raising series of IT security breakdowns and headlining events reaching as high as RSA itself falling victim to a phishing attack. But as the year set on 2011, the hacker group Anonymous remained busy, providing a sobering reminder that IT Security can never rest.
January 09, 2013
I often encounter a dangerous misconception about the Windows Security Log: the idea that you only need to monitor domain controller logs. Domain controller security logs are absolutely critical to security but they are only a portion of your overall audit trail. Member server and workstation logs are really just as important and I’m going to focus this article on the top 4 questions you can only answer with workstation logon/logoff events.
May 22, 2013One thing I always wished you could do in Windows auditing was mandate that access to an object be audited if the user was NOT a member of a specified group. Why? Well sometimes you have data that you know a given group of people will be accessing and for that activity you have no need of an audit trail. Let’s just say you know that members of the Engineering group will be accessing your Transmogrifier project folder and you do NOT need an audit trail for when they do. But this is very sensitive data and you DO need to know if anyone else looks at Transmogrifier.
June 18, 2014Are you familiar with the Kübler-Ross 5 Stages of Grief model? SIEM implementation (and indeed most enterprise software installations) bear a striking resemblance.
November 05, 2014Security Information and Event Management (SIEM) technology is an essential component in a modern defense-in-depth strategy for IT Security. SIEM is described as such in every Best Practice recommendation from industry groups and security pundits. The absence of SIEM is repeatedly noted in Verizon Enterprise Data Breach Investigations Report as a factor in late discovery of breaches.
January 14, 2015You must have a heard light bulb jokes, for example: How many optimists does it take to screw in a light bulb? None, they’re convinced that the power will come back on soon.
February 18, 2015Bad actors/actions are more and more prevalent on the Internet. Who are they? What are they up to? Are they prowling in your network? The first two questions are answered by Threat Intelligence (TI), the last one can be provided by a SIEM that integrates TI into its functionality.
March 16, 2015Sometimes we get hung up on event monitoring and forget about the “I” in SIEM which stands for information. Not forgetting Information is important because there are many sources of non-event security information that your SIEM should be ingesting and correlating with security events more than ever before. There’s at least 4 categories of security information that you can leverage in your SIEM to provide better analysis of security events
April 02, 2015You may recall that back in 2012, then Secretary of Defense Leon Panetta warned of “a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life.” This hasn’t quite come to pass has it? Is it dumb luck? Or are we just waiting for it to happen?
April 16, 2015Is it possible to avoid security breaches? Judging from recent headlines, probably not. Victims range from startups like Kreditech, to major retailers like Target,to the US State Department and even the White House. Regardless of the security measures you have in place, it is prudent to assume you will suffer a breach at some point. Be sure to have a response plan in place — just in case.
May 13, 2015
A data breach has serious consequences both directly and indirectly. Lost revenue and a tarnished brand reputation both inflict harm long after incident resolution and post breach clean-up. Still, many organizations don’t take necessary steps to protect themselves from a potentially detrimental breach.
May 06, 2015
This fundamental tradeoff between security, usability, and cost is critical. Yes, it is possible to have both security and usability, but at a cost, in terms of money, time and personnel. While making something both cost efficient and usable, or even making something secure and cost-efficient may not be very hard, it is however more difficult and time consuming to make something both secure and usable. This takes a lot of effort and thinking because security takes planning and resources.
August 31, 2018Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing millions of plain-text passwords. But don’t panic. Though the recent vulnerability has a more terrific name than HeartBleed, it is not going to cause as much danger as HeartBleed did.
July 30, 2015The gap between the ‘time to compromise’ and the ‘time to discover’ is the detection deficit. According to Verizon DBIR, the trend lines of these have been diverging significantly in the past few years. Worse yet, the data shows that attackers are able to compromise the victim in days but thereafter are able to spend an average of 243 days undetected within the enterprise network before they are exposed.
July 06, 2015It’s clear that we are now working under the assumption of a breach. The challenge is to find the attacker before they cause damage. Once attackers gain a beach head within the organization, they pivot to other systems. The Verizon DBIR shows that compromised credentials make up a whopping 76% of all network incursions.
August 17, 2015There’s plenty of interest in all kinds of advanced security technologies like threat intelligence, strong/dynamic authentication, data loss prevention and information rights management. However, so many organizations still don’t know that the basic indicators of compromise on their network are new processes and modified executables.
December 30, 2015
The traditional method for calculating standard Return on Investment (RoI) is that it equals the gain minus the cost, divided by the cost. The higher the resulting value, the greater the RoI. The difficulty in calculating a return on security investment (RoSI), however, is that security tends not to increase profits (gain), but to decrease loss – meaning that the amount of loss avoided rather than the amount of gain achieved is the important element.
September 16, 2015We hear a lot about tracking privileged access today because privileged users like Domain Admins can do a lot of damage. But more importantly, if their accounts are compromised the attacker gets full control of your environment. In line with this concern, many security standards and compliance documents recommend tracking changes to privileged groups like Administrators, Domain Admins and Enterprise Admins in Windows, and related groups and roles in other applications and platforms.
September 30, 2015EventTracker users know that one of its primary functions is to apply built-in knowledge to reduce the flood of all security/log data to a much smaller stream of alerts. However, in most cases, without applying local context, this is still too noisy, so a risk score is computed which factors in the asset value and CVSS score of the source.
October 14, 2015If attackers can deploy a remote administration tool (RAT) on your network, it makes it so much easier for them. RATs make it luxurious for bad guys; it’s like being right there on your network. RATs can log keystrokes, capture screens, provide RDP-like remote control, steal password hashes, scan networks, scan for files and upload them back to home. So if you can deny attackers the use of RATs, you’ve just made life a lot harder for them.
October 21, 2015
Security Subsistence Syndrome (SSS) is defined as a mindset in an organization that believes it has no security choices and is underfunded, so it minimally spends to meet perceived statutory and regulatory requirements.
February 10, 2016Here’s our list of the Top 5 SIEM complaints:1) We bought a security information and event management (SIEM) system, but it’s too complicated and time-consuming, so we’re:
October 26, 2016We are delighted that EventTracker is now part of the Netsurion family. On October 13, 2016 we announced our merger with managed security services Netsurion. As part of the agreement, Netsurion’s majority shareholder, Providence Strategic Growth, the equity affiliate of Providence Equity Partners, made an investment in EventTracker to accelerate growth for our combined company.
March 29, 2018As I reflect on this year, a Shakespearean quote plays out in my mind – when King Henry the Fifth is rallying his troops to attack a breach, or gap, in the wall of a city, “Once more unto the breach, dear friends”...
March 01, 2018In 2005, the Department of Homeland Security commissioned Livermore National Labs to produce a kind of pre-emptive post-mortem report.
September 21, 2020The rise in ransomware attack volume and sophistication is a wake-up call for executives and IT departments alike. Traditional perimeter-focused defenses, such as firewalls, are no longer sufficient against stealthy and financially-motivated attackers.
October 19, 2020The threat landscape continues to accelerate, with sophisticated attacks becoming more commonplace as ransomware-as-a-service accelerates and legacy security tools fail to keep up. Financially motivated cyber criminals are explicitly targeting small and medium-sized businesses to steal sensitive data.