In 1995, I started my Navy training as an Aviation Electronics Technician. I spent more than a year learning electrical theory, how to use sophisticated tools (like time domain reflectors) and the logic associated with troubleshooting avionics. I was ready to go to mano a mano against any aircraft that was daft enough to challenge my acumen.
My presentation deck from Converge Conference can be downloaded here.
Summary of the features in StealthWatch 6.5 that protect sensitive data from theft by insider threat or advanced attack.
Some organizations have chosen to adopt a "plausible deniability" strategy to InfoSec. This article outlines some methods of helping these organizations move to a safer security practice.
In the second part of the NBAD series, signature detection methodologies are examined.
The most dangerous and difficult risk to detect to an organization is insider threat. When a trusted asset decides to betray the trust of his benefactor for the sake of ideology, greed or extortion the organization can suffer long lasting damage. This article outlines the nature and strategies of handling insider threat.
Threat data contained in Indicators of Compromise (IOC) can be applied against the data stored in StealthWatch to look for markers of historical breach. This entry outlines the steps in performing this analysis.
With Microsoft discontinuing support of Windows XP, organizations need guidance on how to protect the legacy machines they can't replace.
How to parse the claims vendors make in APT detection.
NetFlow analysis can be an effective way of determining what cloud services are in use and monitoring them for violations.
Thanks to the Grand Rapids chapter of the ISSA for hosting me today. My deck can be downloaded here.
The difficulty in controlling user behavior makes spear phishing a "no-brainer" for attackers. Network surviellance can detect the attack at different parts of the kill chain.