Blog Posts Tagged with "Log Management"
September 23, 2012 Added by:Larry Karisny
So what if we could create an anomaly algorithm that could audit, detect and approve positive input events in business processes. And if we could do this then wouldn’t risk management and security actually just be a byproduct of allowing these positive business events to occur?
September 18, 2012 Added by:Michael Ligh
Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...
September 13, 2012 Added by:Javvad Malik
You’re the new guy in the security ops team, they’re giving you a very crucial and important job… Monitoring. You’ll be told how it is essential to be done correctly. But you notice that nobody really shows any interest in doing it. There’s are two reasons for this...
June 14, 2012 Added by:Brent Huston
Virtual environments are becoming more popular, enabling multiple OS environments and providing disaster recovery solutions. Safeguarding your virtual environment is vital, though it doesn’t have the same issues as a physical environment. Here are a few tips to keep things running smoothly...
June 06, 2012 Added by:Infosec Island Admin
While it might seem reasonable to find and eliminate the intruder on a machine-by-machine basis as compromised hosts are identified, unless the response execution prevents lateral movement of the adversary across the network, the cleanup process will likely not succeed...
May 20, 2012 Added by:Rafal Los
Awareness is the ability to know, understand and react to various types of events in near-real-time in order to defend your enterprise. Whether you're defending it from performance failures, functionality failures, or security failures is dependent on the group you work in...
May 17, 2012 Added by:Rafal Los
Paralysis can come from over-dependence on analysis. You've heard the term "analysis paralysis" where someone spends so much time trying to make the perfect decision while factors change that ultimately no decision is made before the deadline passes or some event happens...
May 10, 2012 Added by:Rafal Los
Once you get over the anxiety of logging, a wave of elation generally hits. Whether you're getting excited about being able to catch evil-doers in the act, or the capability to notice system failures before they happen logging can save your skin more than you'd think...
May 09, 2012 Added by:Rafal Los
You're probably worried that log analysis is going to consume all of your time, or you'll find out that your organization has been pwn3d for years and all your data has been exfiltrated in real-time and your latest database is being copied off to China... aren't you?
May 07, 2012 Added by:Marc Quibell
ADS are still used for investigative purposes - after the data has passed - taking correlated log data and running an analysis against historical data to see if anything abnormal happened. Well that's cool, except it already happened - the damage is already done in most cases...
April 30, 2012 Added by:Infosec Island Admin
Without properly configured auditing and logging practices, incident response teams often find it difficult to determine the significance of a cybersecurity event. ICS-CERT has provided a collection of resources to assist vendor and asset-owner security teams...
April 26, 2012 Added by:Jack Daniel
Monitoring the performance of your MSSP is cheap insurance- the last thing you want to face is a failure of your service and the need to rebuild an in-house program. You thought getting all that data pushed out to the MSSP was a pain- just imagine trying to get it back...
April 13, 2012 Added by:Jason Clark
With everything in the threat landscape changing so frequently, it’s important to reassess your current status and plan for the coming year, whenever we can come up for air. So, I came up with the following nine tips to help you get a fresh start this spring...
March 10, 2012 Added by:Ben Rothke
Moving services to a public cloud means increasing your exposure to malicious attacks. This is not a potential increase, rather a definite increase. It is important to determine how well a cloud provider handles both technical and security requirements...
March 09, 2012 Added by:Rafal Los
Security dashboards are archaic, and often security teams have a half-dozen or more for visual confirmation on happenings. In well-run SOC organizations, a SEIM or new-school SIRM can provide context and close the real-time analysis gap, but this still isn't enough...
March 08, 2012 Added by:Wendy Nather
If you break security events down, you're generally looking for two things: normal activities that are being done by the wrong people, or abnormal activities being done by the right people. And by people I also mean systems, but it's sometimes hard to tell the difference...
Paying Lip Service (Mostly) to User Educatio... Electra Melina on 01-29-2015
Digital Reputation: Can’t Buy it, Gotta Ea... Eden Connie on 01-29-2015
Writing Mandatory Procedures for ISO 27001 /... sarakfeely B on 01-29-2015