Origin of WitFoo

In 1995, I started my Navy training as an Aviation Electronics Technician. I spent more than a year learning electrical theory, how to use sophisticated tools (like time domain reflectors)  and the logic associated with troubleshooting avionics. I was ready to go to mano a mano against any aircraft that was daft enough to challenge my acumen.

Sony Breach Thoughts

While I don't like "vendor dogpiles" every time there is a mainstream cybersecurity breach, they do serve as good opportunities to change InfoSec paradigms. In this article discusses the value of monitoring with enforcement as well as repairing or creating response processes.
Protecting the Crown Jewels Charles Herring

Summary of the features in StealthWatch 6.5 that protect sensitive data from theft by insider threat or advanced attack.

Coaxing Heads from the Security Sand Charles Herring

Some organizations have chosen to adopt a "plausible deniability" strategy to InfoSec. This article outlines some methods of helping these organizations move to a safer security practice.

School of NBAD Series: NBAD Signature Detection Charles Herring

In the second part of the NBAD series, signature detection methodologies are examined.

When An Alarm Isn’t

Vendors like to create an ocean of alarms in their products so they can dogpile after an event and claim that "they caught it." This article goes through the dangers of false positives in incident response and how to address them.

Dealing with Insider Threats Charles Herring

The most dangerous and difficult risk to detect to an organization is insider threat. When a trusted asset decides to betray the trust of his benefactor for the sake of ideology, greed or extortion the organization can suffer long lasting damage. This article outlines the nature and strategies of handling insider threat.

Processing IOCs in the StealthWatch System Charles Herring

Threat data contained in Indicators of Compromise (IOC) can be applied against the data stored in StealthWatch to look for markers of historical breach. This entry outlines the steps in performing this analysis.

Protecting Windows XP from Exploit Charles Herring

With Microsoft discontinuing support of Windows XP, organizations need guidance on how to protect the legacy machines they can't replace.

Parsing Vendor Claims of APT Detection Charles Herring

How to parse the claims vendors make in APT detection.

Reigning in External Services with NetFlow Charles Herring

NetFlow analysis can be an effective way of determining what cloud services are in use and monitoring them for violations.

Spear Phish Detection and Response Charles Herring

The difficulty in controlling user behavior makes spear phishing a "no-brainer" for attackers. Network surviellance can detect the attack at different parts of the kill chain.

Subscribe to Newest Content