Let’s continue stepping through my eight predictions for 2021! So far, we’ve been talking mainly about attacks like ransomware and digital reputation attacks. Today, we’re going to switch it up by discussing not an attack to defend against…
Let’s continue stepping through my eight predictions for 2021! So far, we’ve been talking mainly about attacks like ransomware and digital reputation attacks. Today, we’re going to switch it up by discussing not an attack to defend against…
Welcome back to my in-depth discussions of my eight predictions for 2021! I hope you found the dive into my first prediction on ransomware helpful. Today, we’re going to tackle prediction #2: Forget headline-making data breaches and DoS attacks;…
The first of my eight predictions for 2021 was that ransomware victim organizations will face government lawsuits. Indeed, as I noted in my previous post, authorities like the U.S. Department of the Treasury (USDT) have already announced they will file…
Elastic stack demonstrated itself as a leader for open source big data analysis, data collection, and visualization products. The stack which is usually abbreviated with ELK contains the following components
Quest InTrust is a very powerful log management framework which also contains a lot of possible ways to notify about triggered alerts:
It is well known for anyone who tried to run a VM in the cloud that RDP port if left opened will be attacked with massive waves of brute-force attempts from IPs all around the world.
I run a detection lab in Azure and at some point, it just started to…
As mentioned in an earlier post, COVID-19 phishing and malware campaigns are on the rise. Cyber criminals are exploiting the opportunity of today’s chaos:
VPN. VPN. VPN. This pushed-aside and closely guarded technology has suddenly seen a resurgence during the COVID-19 work-from-home directives; but instead of just your executives receiving access, IT organizations are opening up access to all remote employees…
In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protection…
Something really cool about honeypots and deception technology, in general, is that you can see a hacker or a penetration tester in action with very little false positive notifications. Deception also can help with detecting yet unknown threats that cannot…
The meteoric rise of Microsoft Teams, and the apps users freely downloading into it, will create more access vulnerabilities for your network. In part 3 of a 7 part series diving in-depth in to my 2020 predictions (see all 7 predictions here ), we’ll…
It’s time we turn our attention to monitoring and alerting on changes and suspicious behavior in your Active Directory environment. This is part 4 of my National Cyber Security Awareness Month series focusing on Active Directory security guiding…
Even with the best defenses, an attack or egregious accident can happen to your Active Directory; therefore you need to be prepared to quickly investigate, remediate and recover. Sadly, attacks today have taken a decidedly ugly turn, seeking the total…
If you get Group Policy management WRONG – even for just one Windows system with a seemingly innocuous setting, then you can inflict massive detrimental effects to the security posture of thousands of systems in your network within minutes.
With…
“Ask not what your country can do for you, ask what you can do for your country.”
We are all born with a desire to accomplish something bigger than ourselves; but none of us are imbued with the powers of the Tesseract, nor…
DC in the cloud
There could be many different reasons that require Domain Controller running in the cloud:
Security information and event management (SIEM) solutions have been around for many years now. Early adoption of the technology was driven by mandates like HIPAA, SOX and PCI DDS, since SIEM solutions provided the monitoring and reporting that enterprises…
The cyber-security community is buzzing about this recently unveiled vulnerability in Windows Textservices Framework.
"Project Zero: Down the rabbit hole" https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html by a security researcher…
Extra... extra… read all about it!
Data Breaches are the New Reality! Are you Prepared?
It's no surprise (yet frightening) that there is a drastic increase in news headlines that emphasize the security risks and challenges IT professionals face…
Active Directory (AD) is the beating heart of any Microsoft environment — authenticating users, authorizing access to resources and much more. A critical part of AD is Group Policy, which provides centralized management and configuration of operating…
In my previous blog post, I explored the first step in mitigating the insider threat — understanding and controlling privilege across the environment — and reviewed how Quest Enterprise Reporter Suite, Security Explorer and Change Auditor
…You’ve undoubtedly put a variety of defenses in place to limit the ability of attackers to enter your network — but attackers are notoriously clever and persistent little devils. On the one hand, they barrage your network with brute-force attacks…
IT security predictions are a dime a dozen nowadays, but, for Windows and Office 365 professionals, what you really want is a glimpse into the future for ALL aspects of your role: security, scripting, reporting, provisioning, auditing, migrating and…
Late last week, the Centers for Medicare and Medicaid Services (CMS) disclosed that compromised insider credentials with access to HealthCare.gov's back-end insurance system exposed 75,000 individuals’ data.
What is 75,000 records in the face …