The latest information from NitroSecurity's office of the CTO.
Michael Leland, CTO of Security Management Solutions for NitroSecurity, blogs at SIEMblog, while Mel Shakir, CTO of Database Monitoring Solutions, blogs at LogDAM.
Hosts file Hijacking
Hosts file hijacking is commonly utilized by Spyware, Viruses, Malware, Fake or Rogue Antivirus applications, password stealers, banking Trojans, search engine poisoning, and well this list can go on and on so I think you get the idea of how often it is utilized against us. Hosts file hijacking is a simple technique [...] [read more]
~ from CTO Tech Blog siemblog.com
This week I had the pleasure of giving my presentation titled: “Identifying and Understanding Advanced Persistent Threats” via a SANS Tool Talk webcast and also in person to the Atlanta Metro Information Systems Security Association (ISSA), and judging from the initial feedback I have received it appears to have been well received. Within this presentation [...] [read more]
~ from CTO Tech Blog siemblog.com
Getting the most out of a DAM
You may already know that the premise of a database activity monitoring (DAM) solution is to provide an audit log of database activity and detect or block database exploits & threats. This in itself covers several compliance, data privacy assurance & security use cases.
Corporations are realizing that the rich [...] [read more]
~ from CTO Tech Blog siemblog.com
In terms of overall security, devices such as database monitors (DBM) and intrusion prevention systems (IPS) are valuable and necessary tools, albeit tactical ones: they exist to provide fast detection, the blocking of more critical attacks, and alerting on others. As a part of an overall information management strategy, therefore, they’re a boon: they provide initial protection as well [...] [read more]
~ from CTO Tech Blog siemblog.com
Threats of DNS cache poisoning scare Internet security community into action.
It’s been just weeks since the announcement (http://www.doxpara.com/?p=1215) by Dan Kaminsky, Director of Penetration Testing at IOActive.com that sent the entire Internet community abuzz. Kaminsky, along with IOActive’s Jason Larsen, identified and documented the potential exploit of the Domain Name System (DNS) facility whereby [...] [read more]
~ from CTO Tech Blog siemblog.com
If you are an IT application security professional it is quite likely that you have been recently asked to track user activity or find a tool that does exactly that.
Let’s hypothesize now that your organization has a bunch of custom applications that are fairly non-standard and utilize a myriad of development platforms – J2EE, .Net, [...] [read more]
~ from CTO Tech Blog siemblog.com
Security Information & Event Management – It seems to be all the rage these days. Implementations across every vertical market segment make promises ranging from enhanced analytics and forensic discovery to automated risk assessment and threat mitigation; Products offering little more than log and event monitoring capabilities compete with those which promise full integration with [...] [read more]
~ from CTO Tech Blog siemblog.com
Can I get by without deploying a DAM solution?
I get this question often and as much as I’d like to say “Absolutely Not,” I’ll still say “Maybe”.
Every DBMS vendor out there (Oracle, Microsoft, Sybase, IBM …) offers some DAM features, at least in a more recent release. If the native DBMS solution meets your needs [...] [read more]
~ from CTO Tech Blog siemblog.com
Determining which data sources to collect for use in SIEM platform can sometimes be the most difficult deployment decisions to make both during the initial deployment and throughout the lifecycle of the platform. There are virtually limitless sources of relevant data throughout each and every enterprise; event and log sources ranging in scope from [...] [read more]
~ from CTO Tech Blog siemblog.com
Log in
