The Best Malware Defense: Strategy First, Technology Second
I’m one of those fortunate information security professionals who plays both sides of the technology defense game: I’m your incident response guy and your preventive technologies guy. When I’m working with a company after they’ve been breached I can see pretty quickly what defenses they were missing that allowed the breach in the first place, but then I can help (more…)
An Open Letter to Antivirus Vendors: It is Time for Antivirus Software to Flag Memory Dumping
Dear Antivirus Vendors,
On more and more incident response investigations, my clients (victims) have been asking the question “Why didn’t our Antivirus software detect the malware when we always keep it up to date?” I respond by telling them that they had targeted malware on their system. Their follow up question usually is whether antivirus software is relevant in this era (more…)
Why should every organization embrace secure development?
Secure development is not just for software companies and custom application development shops. Embracing secure development practices in IT and procurement functions within an organization ensures that reasonable and appropriate actions are exercised to achieve compliance to regulations and other cyber security requirements. (more…)
PHEATS OF PHISHING – Will you be prepared when it happens to you?
Phishing is by no means a new topic in today’s news. But the increasing complexity and targeted nature of attacks have evolved to a level of sophistication that is even phooling knowledgeable members of the IT community. The end result could just be embarrassing, but it could also cost millions of dollars, or your professional reputation. (more…)
NEXT-GEN MALWARE DEFENSE
‘Malware’ has come a long way – next-gen malware. From merely annoyance applications coded by bored engineering students for notoriety all the way to professionally developed stealth applications for financial gains and stealing state secrets. According to Verizon’s 2012 Data Breach Investigations Report, 69% of the breaches were attributed to (more…)
HALOCK INVESTIGATES: Network Chatter from China
Network Chatter from China
Imagine one hundred container ships full of the most valuable U.S. assets heading to China every day. Diamonds, gold, oil, John Deere Tractors, priceless artwork, Chevy Corvettes, life-saving artificial hearts, books from our historic libraries, soybeans, the latest Intel® processors, Redwood trees, the genuine (more…)
Distributed Denial of Service (DDoS) Protection For High Schools? Who’d a Thunk it?
Just this month, HALOCK saw its first incident of a high school that fell victim to a Distributed Denial of Service (DDoS) attack. Existing internet users inside the school could continue to work, but the outbound internet pipe became so clogged that no new browser sessions could be opened, impacting productivity of students and staff alike. DDoS attacks have become (more…)
Current State of Cloud Based Security
At HALOCK®, we recognize there’s a tremendous amount of concern surrounding cloud-based security. Most of the concern is focused around the risk of moving assets to the cloud and that worry has slowed down the adoption of virtualized infrastructure. It has been a challenge to find solid data surrounding cloud security risks.
So when one of our (more…)
Nice Infrastructure…. Mind If I Borrow it??
We talk a lot with our clients about the importance of due care and due diligence and how it impacts your infrastructure, especially when it comes to compliance and risk management. In order to perform proper due diligence, it’s important to understand the nature of the attacks being directed against your infrastructure, the motivation behind them, and what steps are reasonable (more…)
privacyrights.org
If you’ve never checked out http://www.privacyrights.org, I would encourage you to do so. It’s a listing of all breaches made public from 2005 up to present, presented in reverse chronological order. They collect the information from a variety of sources.
You can filter your search by checking/un-checking various boxes on (more…)
