What do Mirai & IoT botnets mean to the public sector?
5 First Steps to Defending against IoT Driven DDoS Attacks In honor of October’s National Cybersecurity Awareness Month, users of Twitter, Netflix, Reddit and the New York Times were treated to a special treat – and just in time for Halloween. Unfortunately it was more of a trick as users of these and other major […]
Is Your Race to SOC Headed for an Epic Crash?
Before You Take Off, Get Up To Speed on These Six Precursors to Incident Response It seems most advice on setting up a Security Operations Center (SOC), or creating a Computer Security Incident Response Team (CSIRT), focuses on people, technology or processes. Unfortunately, such advice may also include doing so at full speed, from the […]
On or Off the Clock, Staying Cyber Secure is a New Fact of Life
On or Off the Clock, Staying Cyber Secure is a New Fact of Life Cybersecurity has always been a major concern for workplace networks. But, increasingly, it is top of...
Cognitive Bias in Incident Response
This blog is a co-authored by Jeff Bollinger & Gavin Reid Are You Too Confident in Your Incident Response? When Charles Darwin stated “Ignorance more frequently begets confidence than does knowledge,” civilization’s evolution from Industrial Age to Information Age was nearly a century away. Yet, when it comes to many aspects of IT, he nailed […]
NetFlow AND PCAP (not or)
As digital transformation sweeps across the world, there is a driving need for more effective logging and data recording for incident response. In today’s IT world, your agency’s Computer Incident Response Team (CIRT) must have the capability to quickly determine the source and scope of an attack on its network in order to effectively mitigate […]
Detection in Depth
Defense in depth is a well understood and widely implemented approach that can better secure your organization’s network. It works by placing multiple layers of defense throughout the network to create a series of overlapping and redundant defenses. If one layer fails, there will still be other defenses that remain intact. However, a lesser known […]
Cisco Hosting Amsterdam 2014 FIRST Technical Colloquium
The registration is now open and there is still time left to respond to the call for papers for the upcoming FIRST Technical Colloquium April 7-8, 2014. Please contact us at firstname.lastname@example.org for speaker engagements. The event already has an exciting preliminary program covering: Savvy Attribution in the DNS – Using DNS to Geo-locate Malicious […]
Cisco 2014 Annual Security Report: Cybercriminals Applying “Old” Techniques in New Ways
We know that as time goes on, the cybercrime network’s operations will only more closely resemble those of any legitimate, sophisticated business network. And like all enterprising businesspeople, those who are part of the “cybercriminal hierarchy”—which is discussed in the Cisco 2014 Annual Security Report and illustrated below—look to increase their profits by continually innovating […]
Security Logging in an Enterprise, Part 2 of 2
We first logged IDS, some syslog from some UNIX hosts, and firewall logs (circa 1999). We went from there to dropping firewall logging as it introduced some overhead and we didn’t have any really good uses for it. (We still don’t.) Where did we go next?