Blog

Nov 06, 2015 By Andrey Zhuk In Blog

Endpoint Threat Detection & Response: The New Next of Cyber Security

How do you detect and respond to cyber incidents affecting your endpoint systems? (By endpoints, we are talking user laptops, application servers, tablets, handhelds, etc.) Your gut response is probably to think of your organization’s antivirus solution (e.g., Host Based Security System [HBSS]) and the protection it provides. But is that...

Read More

Oct 27, 2015 By Jean-Paul Bergeaux In Blog

Insights from Black Hat and DEFCON 2015: Rethinking Honeypots: Early warning can deliver real business value

For years, research and academic deployments of honeypots have drawn large crowds with excited onlookers interested to hear what was discovered about bad actors with a vast honeypot deployment.  The problem is that these academic learning exercises are difficult to translate into business and operational value.  It is just too expensive and...

Read More

Oct 21, 2015 By Jean-Paul Bergeaux In Blog

Solving the Data Retention Problems of Security Analytics and Forensics

Anyone who was able to attend or even observe from afar this year’s  attendance-smashing RSA Conference can tell you that some great new technologies are being introduced to take advantage of data collected by security products. In particular, these technologies can leverage log data to greatly improve the ability of security personnel to find...

Read More

Oct 20, 2015 By Jean-Paul Bergeaux In

Insights from Black Hat and DEFCON 2015: Agencies beware of hypervisor exploitation in public clouds

(See update on 10/20/2015 below, no longer a theory!) Multiple presentations at both Black Hat 2015 and DEFCON23 examined hypervisor vulnerabilities, as well as the firmware and hardware vulnerabilities that can give attackers access to either the layer-2 ring (hypervisor ring) or other VMs’ memory and CPU stream.  All together, the lesson...

Read More

Oct 14, 2015 By Sean Applegate In Blog

Are you a Dinosaur or a Disruptor?

Reducing Risk for Remote Workers As organizations digitally transform, they greatly increase their operational momentum.  However, they also open themselves up to increased risk. NIST Special Publication 800-39 describes three tiers of cyber risks that start with an agency’s information systems and then reach into its mission and business...

Read More

Oct 07, 2015 By Jean-Paul Bergeaux In Blog

Storage for Cybersecurity Collection Requires Back-to-Basics Focus

Do you remember when your phone was just able to make a call and maybe, just maybe, text someone?  You had to hit the number keys multiple times to make letters for texting?   Did you know that you can still buy a phone like that on Amazon for around $20 with no contract?  They are simple and do what a phone used to do, before iPhones and...

Read More

Oct 01, 2015 By Andrey Zhuk In Blog

Insights from Black Hat and DEFCON 2015: Where are SCADA Systems in Federal Government? (Hint: Just about everywhere)

In my previous blog entry, I described the different types of attacks that can be launched against Supervisory Control and Data Acquisition (SCADA) systems, including the ways attackers can monetize a SCADA system breach. Today’s blog provides examples of SCADA systems in the U. S. federal government. When we think of SCADA, images of smoking...

Read More

Sep 24, 2015 By Andrey Zhuk In Blog

Insights from Black Hat and DEFCON 2015. Apple OS X: False Sense of Security for the Desktop.

SEE UPDATE (Sept 24) BELOW Original August 26th blog: Have you ever wondered why Microsoft releases updates to its Windows operating system every week, while Apple releases updates for the OS X only a couple times a year? Many people, particularly Apple users, will say it’s because OS X is a superior and more secure operating system. Although...

Read More

Sep 23, 2015 By Andrey Zhuk In Blog

SCADA Industrial Controls – The Next Cyber Defense Frontier

A rolling blackout of the entire U.S. East Coast, a multi-mile gas pipeline explosion, the next Three Mile Island nuclear reactor meltdown—all of these disasters can be created by a hacker exploiting vulnerabilities in industrial SCADA systems. What is SCADA? SCADA is an acronym for Supervisory Control and Data Acquisition. It generally...

Read More

Sep 15, 2015 By Brian Reynolds In Blog

Cyber Security is also Physical Security

The IP-enablement of physical devices is increasing in both the private and public sectors. Physical devices such as those that control access to buildings, air conditioning, and even soda dispensing machines are now controlled via an organization’s IT network. The IP-enablement of physical devices, which is intended to increase operational...

Read More