What is the most important aspect of a security implementation? Many it will say implementing devices such as firewalls and software such as malware/virus protection to protect your network. Although this is critical to protecting your network infrastructure it's not the only thing needed to keep your network secure.
One of the most critical aspects of any security implementation is intelligence. You have to fully understand your environment as well as the threats to your environment in order to protect it from the bad guys. There are multiple ways to do this including following specific twitter feeds where attackers brag about exploits or viewing websites where exploits are posted. One of the most important ways to obtain intelligence is to implement a Security Information and Event Management (SIEM) solution. Implementing a SIEM solution allows your organization to correlate attacks against your network and obtain valuable intelligence such as malicious IP addresses and also gives you the ability to analyze potential threats. This allows you to gain intelligence about your network and the threats against it with the use of one solution.
Sunday, March 31, 2013
Thursday, March 21, 2013
Sites for Vulnerabilities
This week's topic is to discuss websites which have information for threats, vulnerabilities, updates, and security news in general. There are multiple web sites out there that security professionals must be aware of and should monitor on a regular basis either manually or via an automated method. Two of the most popular websites that provides essential information on security threats are pastebin.com and leakedin.com. Both of these sites provide information on leaks of data as well as exploits. Another valuable aspect of these sites is the ability to script retrieval of the information on these sites to facilitate extracting information more efficiently. This websites are so valuable because they are the sites that attackers post their exploits and the information they've stolen regarding customers.
When it comes to finding information on vulnerabilities there are numerous reputable sites for getting information. The US-Cert site http://www.us-cert.gov/ncas/current-activity is an excellent source for information on current vulnerabilities in common applications. Since this site is a government organization it is extremely reliable. http://www.eeye.com/resources/security-center/research/zero-day-tracker is another useful site for security vulnerabilities. This web site keeps track of zero day vulnerabilities and provides information on the effects of the vulnerabilities. This information comes from a reputable organization so it should be trusted.
Virustotal.com is one of my favorite web sites for keeping an eye on websites that have vulnerabilities. This site allows users to submit files and URLs for security scanning. One of the best aspects of this site is the api. Their api allows you to submit automated scan requests and to then retrieve the scan report.
Each of these websites listed above should be a part of the security professional's arsenal in protecting their network from intruders.
When it comes to finding information on vulnerabilities there are numerous reputable sites for getting information. The US-Cert site http://www.us-cert.gov/ncas/current-activity is an excellent source for information on current vulnerabilities in common applications. Since this site is a government organization it is extremely reliable. http://www.eeye.com/resources/security-center/research/zero-day-tracker is another useful site for security vulnerabilities. This web site keeps track of zero day vulnerabilities and provides information on the effects of the vulnerabilities. This information comes from a reputable organization so it should be trusted.
Virustotal.com is one of my favorite web sites for keeping an eye on websites that have vulnerabilities. This site allows users to submit files and URLs for security scanning. One of the best aspects of this site is the api. Their api allows you to submit automated scan requests and to then retrieve the scan report.
Each of these websites listed above should be a part of the security professional's arsenal in protecting their network from intruders.
Thursday, March 14, 2013
This is the first blog I've created so I'm pretty excited about this process.
A little about me:
I live in Omaha NE with my wife and stepson who's 8. We have two dogs (a boxer and a border collie). I currently work as a security engineer at TD Ameritrade doing ArcSight administration. I'm new to the security profession but have many years in the software development world as a software engineer, tester, and configuration manager. I'm passionate about security and in the short time I've been working as a security engineer I've grown very fond of ArcSight and look forward to many years of working with this tool to protect our clients.
A little about me:
I live in Omaha NE with my wife and stepson who's 8. We have two dogs (a boxer and a border collie). I currently work as a security engineer at TD Ameritrade doing ArcSight administration. I'm new to the security profession but have many years in the software development world as a software engineer, tester, and configuration manager. I'm passionate about security and in the short time I've been working as a security engineer I've grown very fond of ArcSight and look forward to many years of working with this tool to protect our clients.
Subscribe to:
Posts (Atom)