Five Myths about NetFlow

Alicia Butler from Lancope wrote a interesting post about the 5th Myths about NetFlow. You can find the original post HERE

myth busted Five Myths about NetFlow

NetFlow is an important tool for incident responders, providing valuable insight into the activities that take place on organizations networks. NetFlow is capable of summarizing information about network traffic into brief records that may be maintained indefinitely, providing a running history of network connections that may be referenced during incident response.

With all the good NetFlow brings, there are still some misconceptions about NetFlow that need to be dispelled. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

The Darknet

shhh The Darknet

I’ve had people ask about the Darknet and decided to provide a brief overview. To summarize, the Darknet is not some evil network designed to cause chaos. I find it funny when articles refer to the Darknet as some form of attack or thing to watch out for. To put it simply, the Darknet is a closed or hidden network meaning you can’t access webpages using standard Internet browsers. In order to find dark resources, you need specific software and sometimes special permission to access parts of the network. The next screenshot is one method using a TOR browser. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cool Penetration Testing Application: Cobalt Strike

CBStrike Cool Penetration Testing Application: Cobalt Strike

If you are familiar with penetration tools, then you should know Metasploit. For those that love GUIs, there is a fantastic open source GUI management for Metasploit known as Armitage (found HERE). The same developers of Armitage created a more advanced penetration testing package for a $2,500 annual cost. The tool is called cobalt Strike (CS) and can be downloaded at www.advancedpentest.com for a 21day trail. They also have a 4-hour lab that lets you try out the core cobalt Strike features. It is worth spending the time to  test the tool and get some lab time even though the lab itself is is pretty easy. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

VMware Buys AirWatch for $1.54 Billion

This was bound to happen. We saw Zenprise get picked up by Citrix. Many of expected Mobile Iron, Airwatch or Good to be next. William Alden from Dealbook gives us the skinny on the VMware purchased of mobile device security company AirWatch. The original post can be found HERE

bits vmware articleInline VMware Buys AirWatch for $1.54 Billion

Looking to shift its software offerings, VMware has struck a $1.54 billion deal to bolster its mobile technology.

VMware said on Wednesday that it had agreed to buy AirWatch, a start-up based in Atlanta that makes mobile management and security software for businesses. VMware is paying about $1.18 billion in cash and $365 million in installment payments and assumed unvested equity. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Preserving your privacy and anonymity with Tails

Screen Shot 2014 01 10 at 8.28.22 PM Preserving your privacy and anonymity with Tails

Want to protect your privacy when using the Internet? Well unfortunately that is tough to do these days. Many agencies and governments are investing in network surveillance programs to monitor Internet traffic. Firewalls can offer application visibility packages capable of identifying device and browser type, where people are surfing the Internet and what applications are being accessed. Most websites include tracking cookies that gather data about users accessing their resources. Data obtained about you is used for various things you probably are not aware of and may not approve. This includes selling that data to large marking firms that eventually turns into SPAM and other unwanted contact. A more extreme example of unauthorized surveillance is covered by Jacob Appelbaum’s talk on the US governments Internet spy tools (found HERE). Its eye opening!

Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Comparing Cisco ASA with dedicated IDS / IPS to ASA CX with IDS / IPS

question mark Comparing Cisco ASA with dedicated IDS / IPS to ASA CX with IDS / IPSI have had many people ask about Intrusion Detection / Prevention (IPS / IDS) options you can add to the next generation Cisco Adaptive Security Appliance (ASA) also known as the ASA X Series. The confusion comes from the option to go with a dedicated IDS / IPS vs Application Visibility, Reputation Security and IPS all in the Next Generation Security package part of the ASA CX solution. Here is a overview of how both solutions work.

The core of both offerings is the 2nd generation ASA appliance or ASA X series (more info found HERE). The current latest ASA code release is 9.13. The ASA appliance can be configured using Command line, ASDM or Cisco Security Manager. The appliance should have a IP address so for example sake, lets say its 192.168.1.10. You can access that IP using a standard web browser and the ASA will prompt you for options to manage the ASA using ASDM.  Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

Palo Alto Networks Acquires Start-Up Morta Security

cashMoney Palo Alto Networks Acquires Start Up Morta SecurityNew York Times writer NICOLE PERLROTH wrote a article about the recent announcement by Palo Alto acquiring Morta Security. The original post can be found HERE. It is interesting to see both Palo Alto and FireEye invest in security forensic technology. Here is Perlroth’s write up on the event.  

Palo Alto Networks has acquired Morta Security, a two-year-old Silicon Valley security start-up run by former employees of the National Security Agency and the United States Air Force. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Visual Investigations of Botnet Command and Control Behavior Infographic

Here is a really cool infographic developed by the director of researcher at Lancope. The original post can be found HERE.

In October, Tom Cross, Lancope’s Director of Research, presented a poster at Visualization for Cyber Security (VizSec) 2013 in Atlanta, GA . The poster included visualizations of the command-and-control channels of nearly two million botnet samples in an effort to help foster a better understanding of how botnets operate, and more effectively differentiate them from legitimate network traffic. The poster was created as a result of data analysis conducted by Lancope’s StealthWatch Labs research team. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

FireEye acquires Mandiant for $1 billion

Larry Dignan posted on zdnet about the recent FireEye purchase of Mandiant. The original post can be found HERE

Why is this interesting? FireEye is known for identifying cyber threats using behavior based / virtual sandbox techniques at the perimeter of a network. Mandiant is known for endpoint security. The combination provides a perimeter and endpoint / host security story. Here is the article covering the acquisition highlights.  Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)