Payment Card Industry PCI Security Best Practices

PCI 1 Payment Card Industry PCI Security Best PracticesMany industries rely on revenue generated by sales and if credit is used, Payment Card Industry (PCI) compliance is mandated. This includes all industries that process, store or transmit credit card information. Like any compliancy standard, this is the minimal level of real security and should not be considered the goal to protect sensitive data. All compliance mandates that matter must go through various review and audit processes that take time and cause the results to be dated compared to the speed of new attacks you should expect against your network. This means meeting mandates such as PCI should just be part of your overall security strategy. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Using Lancope to identify Putter Panda, Heartbleed and other attacks

what is forensic locksmithing Using Lancope to identify Putter Panda, Heartbleed and other attacks Lancope is a NetFlow based tool that can turn your network into a gigantic sensor grid. This includes routers, switches, wireless access points, virtual systems aka servers in your data center and so on. So rather than having a handful of security tools looking for threats, your entire network takes part in your security defense against cyber attacks. I’ve wrote about Lancope HERE as well as how to build your own Lancope lab HERE. Lancope Infographic option2 Using Lancope to identify Putter Panda, Heartbleed and other attacks The Lancope team runs a blog found HERE that has provided posts about using their solution to identify the latest cyber attacks. Some interesting articles recently posted focus on threats like Heartbleed, Putter Panda and Saffron Rose. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Using Metasploit To Bypass Anti-Virus Software – Generating and Obfuscating Payloads

msintro Using Metasploit To Bypass Anti Virus Software   Generating and Obfuscating Payloads

I’m often asked “why did my system get infected when I had the latest system updates and anti-virus enabled?” Well, a fundamental concept behind security products is they can only look for so many things or use so many detection techniques before they must permit traffic. This means your defenses will fail if an attack uses a method that your detection system can’t see or scanner does not have an existing signature to scan against. This is why attackers hide exploits using techniques such as obfuscation to bypass security detection. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (3 votes cast)

Launching and Preventing Denial of Service Attacks – DDoS / DoS

Dos Launching and Preventing Denial of Service Attacks – DDoS / DoS

I have recently seen a uptick in DDoS / DoS attacks against my customers and asked questions such as “how easy is it to perform these attacks?”, “who launches these attacks?” and “how can I defend against such attacks?”. I have spoke about this topic in the past however will provide both the executing and defending side of DoS in this post. Continue reading

VN:F [1.9.22_1171]
Rating: 3.5/5 (2 votes cast)

Five Myths about NetFlow

Alicia Butler from Lancope wrote a interesting post about the 5th Myths about NetFlow. You can find the original post HERE

myth busted Five Myths about NetFlow

NetFlow is an important tool for incident responders, providing valuable insight into the activities that take place on organizations networks. NetFlow is capable of summarizing information about network traffic into brief records that may be maintained indefinitely, providing a running history of network connections that may be referenced during incident response.

With all the good NetFlow brings, there are still some misconceptions about NetFlow that need to be dispelled. Continue reading

VN:F [1.9.22_1171]
Rating: 5.0/5 (1 vote cast)

Visual Investigations of Botnet Command and Control Behavior Infographic

Here is a really cool infographic developed by the director of researcher at Lancope. The original post can be found HERE.

In October, Tom Cross, Lancope’s Director of Research, presented a poster at Visualization for Cyber Security (VizSec) 2013 in Atlanta, GA . The poster included visualizations of the command-and-control channels of nearly two million botnet samples in an effort to help foster a better understanding of how botnets operate, and more effectively differentiate them from legitimate network traffic. The poster was created as a result of data analysis conducted by Lancope’s StealthWatch Labs research team. Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Speaker at (ISC)2 Security Congress 2013 Chicago Sept 24th-27th on Social Engineering / Remote Hacking

Conference2 Speaker at (ISC)2 Security Congress 2013 Chicago Sept 24th 27th on Social Engineering / Remote Hacking

I’ll be speaking at this years (ISC)2 ASIS International Conference in Chicago. More info on the event can be found HERE. The conference program can be found HERE.

Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

Cisco ISE helps achieve at least half of SANS 20 Critical Security Controls

Aman Diwakar did a great post on how Cisco ISE aligns with the SANS 20 Critical Security Controls. The original post can be found here

Also, Lancope offers more ways to meet the SANS 20 Critical Security Controls. More on that can be found HERE

digital globe Cisco ISE helps achieve at least half of SANS 20 Critical Security Controls Continue reading

VN:F [1.9.22_1171]
Rating: 0.0/5 (0 votes cast)

You Dont Have To Lose A Credit Card To Become A Victim Of Fraud

creditcard1 You Dont Have To Lose A Credit Card To Become A Victim Of FraudA coworker of mine, Tom Cross, was featured on CBS Atlanta regarding a case where a newscast member had her credit card information stolen. An interesting aspect of this situation is the criminals obtained the card number while the victim was in another city holding the authentic card. It is undetermined how the criminals stole the card number to create the duplicate but the motive clear … purchase giftcards until the credit card account becomes locked. Continue reading

VN:F [1.9.22_1171]
Rating: 4.0/5 (2 votes cast)