Blog Posts Tagged with "Log Management"

8a958994958cdf24f0dc051edfe29462

Anomaly Detection: Front-Door Infrastructure Security

September 23, 2012 Added by:Larry Karisny

So what if we could create an anomaly algorithm that could audit, detect and approve positive input events in business processes. And if we could do this then wouldn’t risk management and security actually just be a byproduct of allowing these positive business events to occur?

Comments  (1)

Fd7e078e5bfb68a4be33cbfac76f4f70

Recovering Login Sessions, Loaded Drivers, and Command History with Volatility

September 18, 2012 Added by:Michael Ligh

Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...

Comments  (0)

99edc1997453f90eb5ac1430fd9a7c61

How to Fake Network Security Monitoring

September 13, 2012 Added by:Javvad Malik

You’re the new guy in the security ops team, they’re giving you a very crucial and important job… Monitoring. You’ll be told how it is essential to be done correctly. But you notice that nobody really shows any interest in doing it. There’s are two reasons for this...

Comments  (4)

E313765e3bec84b2852c1c758f7244b6

Thirteen Tips to Secure Your Virtual Machine Environment

June 14, 2012 Added by:Brent Huston

Virtual environments are becoming more popular, enabling multiple OS environments and providing disaster recovery solutions. Safeguarding your virtual environment is vital, though it doesn’t have the same issues as a physical environment. Here are a few tips to keep things running smoothly...

Comments  (0)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Detection and Mitigation Recommendations

June 06, 2012 Added by:Infosec Island Admin

While it might seem reasonable to find and eliminate the intruder on a machine-by-machine basis as compromised hosts are identified, unless the response execution prevents lateral movement of the adversary across the network, the cleanup process will likely not succeed...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Logging: Opening Pandora's Box - Part 4 - Awareness

May 20, 2012 Added by:Rafal Los

Awareness is the ability to know, understand and react to various types of events in near-real-time in order to defend your enterprise. Whether you're defending it from performance failures, functionality failures, or security failures is dependent on the group you work in...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Logging: Opening Pandora's Box - Part 3 - Paralysis

May 17, 2012 Added by:Rafal Los

Paralysis can come from over-dependence on analysis. You've heard the term "analysis paralysis" where someone spends so much time trying to make the perfect decision while factors change that ultimately no decision is made before the deadline passes or some event happens...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Logging: Opening Pandora's Box - Part 2 - Elation

May 10, 2012 Added by:Rafal Los

Once you get over the anxiety of logging, a wave of elation generally hits. Whether you're getting excited about being able to catch evil-doers in the act, or the capability to notice system failures before they happen logging can save your skin more than you'd think...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Logging: Opening Pandora's Box - Part 1 - Anxiety

May 09, 2012 Added by:Rafal Los

You're probably worried that log analysis is going to consume all of your time, or you'll find out that your organization has been pwn3d for years and all your data has been exfiltrated in real-time and your latest database is being copied off to China... aren't you?

Comments  (0)

94c7ac665bbf77879483b04272744424

Network Anomaly Detection Takes a NAP

May 07, 2012 Added by:Marc Quibell

ADS are still used for investigative purposes - after the data has passed - taking correlated log data and running an analysis against historical data to see if anything abnormal happened. Well that's cool, except it already happened - the damage is already done in most cases...

Comments  (1)

7fef78c47060974e0b8392e305f0daf0

ICS-CERT: Event Auditing and Log Management

April 30, 2012 Added by:Infosec Island Admin

Without properly configured auditing and logging practices, incident response teams often find it difficult to determine the significance of a cybersecurity event. ICS-CERT has provided a collection of resources to assist vendor and asset-owner security teams...

Comments  (0)

B8db824b8b275afb1f4160f03cd3f733

Wait, What? Someone Has to Look at Those Logs?

April 26, 2012 Added by:Jack Daniel

Monitoring the performance of your MSSP is cheap insurance- the last thing you want to face is a failure of your service and the need to rebuild an in-house program. You thought getting all that data pushed out to the MSSP was a pain- just imagine trying to get it back...

Comments  (1)

54b393d8c5ad38d03c46d060fa365773

Nine Tips for CSOs to Get a Fresh Start this Spring

April 13, 2012 Added by:Jason Clark

With everything in the threat landscape changing so frequently, it’s important to reassess your current status and plan for the coming year, whenever we can come up for air. So, I came up with the following nine tips to help you get a fresh start this spring...

Comments  (1)

3e35900ae6facc6c146a85c435c71d82

To the Cloud: Cloud Powering an Enterprise

March 10, 2012 Added by:Ben Rothke

Moving services to a public cloud means increasing your exposure to malicious attacks. This is not a potential increase, rather a definite increase. It is important to determine how well a cloud provider handles both technical and security requirements...

Comments  (0)

0a8cae998f9c51e3b3c0ccbaddf521aa

Redefining Security Intelligence with NOC and SOC

March 09, 2012 Added by:Rafal Los

Security dashboards are archaic, and often security teams have a half-dozen or more for visual confirmation on happenings. In well-run SOC organizations, a SEIM or new-school SIRM can provide context and close the real-time analysis gap, but this still isn't enough...

Comments  (0)

Ebe141392ea3ebf96ba918c780ea1ebe

In Fifty Gigabytes, Turn Left: Data-Driven Security

March 08, 2012 Added by:Wendy Nather

If you break security events down, you're generally looking for two things: normal activities that are being done by the wrong people, or abnormal activities being done by the right people. And by people I also mean systems, but it's sometimes hard to tell the difference...

Comments  (0)

Page « < 1 - 2 - 3 - 4 - 5 > »