Visual Investigations of Botnet Command and Control Behavior Infographic

Here is a really cool infographic developed by the director of researcher at Lancope. The original post can be found HERE.

In October, Tom Cross, Lancope’s Director of Research, presented a poster at Visualization for Cyber Security (VizSec) 2013 in Atlanta, GA . The poster included visualizations of the command-and-control channels of nearly two million botnet samples in an effort to help foster a better understanding of how botnets operate, and more effectively differentiate them from legitimate network traffic. The poster was created as a result of data analysis conducted by Lancope’s StealthWatch Labs research team. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Post NAC: Cisco Identity Services Engine (ISE) and Lancope StealthWatch for Total Access Control

Controlling who and what access your network is a critical element to keep your resources safe from malicious threats. Network Admission Control (NAC) solutions like the Cisco Identity Services Engine (ISE) can police who and what is permitted network access as well as enforce policy for those devices. Examples would be permitting an administrator with a government furnished Windows 7 laptop access to VLAN 10, which holds internal servers, while provisioning a marketing professional’s iPad with VLAN 20 access, which is limited to Internet and email through the use of ACLs. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco’s Cyber Solutions – What Is Happening In Your Network

Watching Cisco’s Cyber Solutions – What Is Happening In Your NetworkToday’s threat landscape is loaded with malicious websites, malware and other risks that attack users every nanosecond of the day.  There isn’t a single product available that can guarantee protection from cyber threats. Older solutions leveraging static technologies such as signatures are not good enough. The best approach for dealing with advanced threats is continuously monitoring the entire network through layering security technologies. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (1 vote cast)

Web Security Offerings From Cisco: Comparing Cisco NEW CX to IronPort Web Security Appliance WSA

 Web Security Offerings From Cisco: Comparing Cisco NEW CX to IronPort Web Security Appliance WSAToday’s Internet is a dangerous place. Imagine a small village with law and order surrounded by a wall keeping out miles of ungoverned ruthless territory. Most known websites surfed daily by your users make up a small percentage of the total Internet. The remaining 80% or more of uncategorized websites are contaminated with Botnets, malware and short-lived websites targeting your users. Many of these malicious websites are embedded in trusted sites such as social networks by hiding in advertisements or silly links posted by your friends. The best protection for this threat vector is limiting Internet usage to trusted websites and monitoring those websites for malicious applications. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (11 votes cast)

RSA NetWitness: An Anatomy Of An Attack

Here is a post from my friend Aamir Lakhani’s blog about RSA NetWitness. The original can be found at Cloud Centrics (http://www.cloudcentrics.com/). Really good post on NetWitness.

RSA NetWitness

rsa netwitness2 RSA NetWitness: An Anatomy Of An Attack

RSA NetWitness is a unique solution that captures, store and analyze network data traffic. This gives you the able to see exactly what comes in and goes out of the network in real time . In simple terms, RSA offers to you a Network CCTV. Not only that, NetWitness also allows you to see the traffic in action as it reconstructs the data that flows through the network into its original format according to its own type or application. This helps you strengthen your security measures by taking appropriate action. On top of that, since all traffic is captured and stored, you will be able to go back to a particular period of time and conduct historical data analysis. Nothing escapes undetected. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (2 votes cast)

What Malicious Traffic Is On Your Network? Use Free Tools To Find Out : Wireshark and NetWitness

magnifying glass and computer 300x195 What Malicious Traffic Is On Your Network? Use Free Tools To Find Out : Wireshark and NetWitnessHow secure is your home or corporate network? Many administrators believe they are protected behind layers of security solutions such as firewalls, IPS/IDS appliances, endpoint security products, content filters, SIEMs, etc. Regardless of your investment in security technology there will always be risk, which dramatically increases as soon as people are included in the equation. One way to verify your risk level is to become the hunter rather than hunted by scanning all traffic on your network for malicious behavior. You may be surprised to find an unpatched server leaking sensitive information through hidden ports or bots hidden on your personal computer phoning home in the middle of the night! Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (3 votes cast)

Cyber Crime Is A Well Funded Enterprise. A Look At Who Is Hacking You

14Hacker 1 popup1 245x300 Cyber Crime Is A Well Funded Enterprise. A Look At Who Is Hacking You
Some people believe people behind Cyber Crime are disgruntled teenage hackers looking to cause chaos for fun. In some cases that may be however the majority of Cyber Crime is performed by well-funded organized criminals. Yes, I’m talking about the godfather like people who robbed banks and distributed narcotics on the street corner prior to the computer age. Organized crime realized it’s faster to automate an attack against millions of virtual targets rather than physically deal with criminal activity. Who is really behind Cyber Crime and how do they operate? Lets take at look at a case study of popups to understand the Cyber Crime organization. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)