School of NBAD Series: NBAD Signature Detection Charles Herring

In the second part of the NBAD series, signature detection methodologies are examined.

When An Alarm Isn’t

Vendors like to create an ocean of alarms in their products so they can dogpile after an event and claim that "they caught it." This article goes through the dangers of false positives in incident response and how to address them.

Dealing with Insider Threats Charles Herring

The most dangerous and difficult risk to detect to an organization is insider threat. When a trusted asset decides to betray the trust of his benefactor for the sake of ideology, greed or extortion the organization can suffer long lasting damage. This article outlines the nature and strategies of handling insider threat.

Processing IOCs in the StealthWatch System Charles Herring

Threat data contained in Indicators of Compromise (IOC) can be applied against the data stored in StealthWatch to look for markers of historical breach. This entry outlines the steps in performing this analysis.

Protecting Windows XP from Exploit Charles Herring

With Microsoft discontinuing support of Windows XP, organizations need guidance on how to protect the legacy machines they can't replace.

Parsing Vendor Claims of APT Detection Charles Herring

How to parse the claims vendors make in APT detection.

Reigning in External Services with NetFlow Charles Herring

NetFlow analysis can be an effective way of determining what cloud services are in use and monitoring them for violations.

Spear Phish Detection and Response Charles Herring

The difficulty in controlling user behavior makes spear phishing a "no-brainer" for attackers. Network surviellance can detect the attack at different parts of the kill chain.

Gartner Video on Network Behavioral Analysis Charles Herring

Video presentation from Lawrence Orans of Gartner, describing how Network Behavioral Analysis (NBA/NBAD) can detect advanced, targeted threats.

Shoe Bombers on the Network Part One : Detection Mechanisms Charles Herring

Comparing how physical security caught the shoe bomber to how we go about catching network threats.

Evaluating NetFlow Tools for InfoSec Charles Herring

Using NetFlow for Information Security has some unique challenges that NETOPS tools don't have to deal with. I put Splunk head to head against StealthWatch and lay out methodolgies for testing other tools.

Application-Layer DDoS Detection Charles Herring

How NetFlow can quickly reveal application-layer denial of service.

When Enforcement Doesn’t… Charles Herring

Don't trust your firewalls and NAC without validation. NetFlow is a great way to determine if they are doing what they are supposed to be doing (and alerting you when they are not.)

Subscribe to Newest Content