Splunk + Other YouTube Channels

splunkIntro1 Splunk + Other YouTube ChannelsCentralizing alerting from multiple devices and speeding up incident response are just some of the critical issues solved by investing in SIEM technology (more on choosing the best SIEM for your environment HERE).

There are many SIEM vendors however I continue to be impressed by what Splunk is doing in regards to their open source APPs developed by customers and Splunk engineering. I wrote a blog post HERE that showcases a Cisco management APP that can correlate events from various security products such as Cisco ISE, WSA, Firewalls, Sourcefire and so on. There isn’t a Cisco manager of managers so doing things like running a report on high level events against any security product for a particular IP address can only be accomplish by a SIEM solution.  Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

ASA CX 9.3.1.1 Out Now – New Features And Upgrade Overview

GUI 2 ASA CX 9.3.1.1 Out Now   New Features And Upgrade OverviewCisco has been in the firewall business since the mid 90s. They have built upon that platform by adding VPN and now various “next generation” security features such as IPS/IDS, Reputation blocking and Application Visibility and Controls all from a single solution. This is know as ASA CX (more on ASA CX found HERE and how to build a lab found HERE). The latest release just came out June 30th and available for download. The ASA 9.3 release notes can be found HERE.

Here is an overview of whats new with 9.3 Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Using Lancope to identify Putter Panda, Heartbleed and other attacks

what is forensic locksmithing Using Lancope to identify Putter Panda, Heartbleed and other attacks Lancope is a NetFlow based tool that can turn your network into a gigantic sensor grid. This includes routers, switches, wireless access points, virtual systems aka servers in your data center and so on. So rather than having a handful of security tools looking for threats, your entire network takes part in your security defense against cyber attacks. I’ve wrote about Lancope HERE as well as how to build your own Lancope lab HERE. Lancope Infographic option2 Using Lancope to identify Putter Panda, Heartbleed and other attacks The Lancope team runs a blog found HERE that has provided posts about using their solution to identify the latest cyber attacks. Some interesting articles recently posted focus on threats like Heartbleed, Putter Panda and Saffron Rose. Continue reading

VN:F [1.9.22_1171]
Rating: 4.4/5 (5 votes cast)

Duo Security Researchers Uncover Bypass of PayPal’s Two-Factor Authentication

PayPal Hacking Software Free Download 300x221 Duo Security Researchers Uncover Bypass of PayPal’s Two Factor Authentication

Researchers at Duo Labs, the advanced research team at Duo Security, discovered that it is possible to bypass PayPal’s two-factor authentication (the Security Key mechanism, in PayPal nomenclature). The vulnerability lies primarily in the authentication flow for the PayPal API web service (api.paypal.com) — an API used by PayPal’s official mobile applications, as well as numerous third-party merchants and apps — but also partially in the official mobile apps themselves. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

2014 Cisco Live Talk: Splunk Analytics and Cisco for Security and BYOD

Ciscolive1 2014 Cisco Live Talk: Splunk Analytics and Cisco for Security and BYOD

The Splunk and Cisco team delivered a great talk at this past Cisco Live event in San Francisco. The talk covered the value of integrating Splunk with Cisco Cloud and Managed Security services.  Continue reading

VN:F [1.9.22_1171]
Rating: 4.7/5 (3 votes cast)

Interview with Joseph Muniz Co-Author : SecurityOrb Podcast

SOInterview Interview with Joseph Muniz Co Author : SecurityOrb Podcast

Kellep Charles from SecurityOrb interviewed me a few weeks back about my book as well as other general security topics. You can find the recording HERE or on the SecurityORB website. I was fighting a cold so my apologies for the raspy voice.

For those interested in the book, below is a discount code you can use provided by SecurityORB. The link to the book is on the right side of this blog. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Sourcefire Defense / FireSIGHT Center Overview

Cisco acquired Sourcefire in 2013 as part of a strategic move to enhance Cisco’s security portfolio. Sourcefire’s catalog covers IPS/IDS, Application Security and Control, Firewalling, Malware Detection and a slew of open source tools such as SNORT, ClamAV, and Razorback.

One key piece to the Sourcefire puzzle is the management of the various solutions. This is done through Defense Center or FireSIGHT, which is the centralized management tool used for visibility of security and network events across the entire network. This post will provide a overview of using Defense Center / FireSIGHT from a administrative viewpoint.

SourceFireLogin1 Sourcefire Defense / FireSIGHT Center Overview

Sourcefire login screen Continue reading

VN:F [1.9.22_1171]
Rating: 3.8/5 (4 votes cast)

How Internet Forensics Changed Criminal Investigations

The people from Cyber Crimebusters developed a Infographic about how Internet forensics has changed criminal investigations. The original can be found HERE.

The interesting points to me are how social media and mobile devices are becoming a common source for investigations. I find it humorous when people post pictures of themselves doing crazy things on social media sources and shocked when that comes back to haunt them later such as in job interviews. I’ve provided examples of how I used people’s data on Facebook (previous job roles, friend’s current location, etc) to pretend I’m a friend from years ago using a fake Facebook ID to obtain data during an authorized penetration testing (more on that HERE). Its critical to know what you have public about yourself and question anybody that seems fishy. Trust me, its better to ask for proof of identity when you don’t know who you are speaking with rather than assume the wrong person is a trusted friend.  Continue reading

VN:F [1.9.22_1171]
Rating: 3.0/5 (2 votes cast)

Days After a Federal Seizure, Another Type of Ransomware Gains Ground

cryptolocker Days After a Federal Seizure, Another Type of Ransomware Gains Ground

Nicole Perlroth wrote a interesting post on the NewYorkTimes blog about a new type of Ransomware and Cisco’s view as it spreads in the wild. The original post can be found HERE

It has been mere days since federal agents seized control of computer networks used by hackers to infect victims with CryptoLocker, a piece of malware known as “ransomware,” which encrypts the contents of computing devices so hackers can demand a ransom to decrypt it. More on Ransomware such as CryptoLocker can be found HERE

Now security researchers are seeing an influx of another form of ransomware, called Cryptowall. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)