Hot Topics
Advanced Malware Protection AMP for Endpoints Overview -

Josey Muniz, aka The Security Blogger describes Sourcefire anti-malware protection (AMP) services. Detecting threats. 

14 hours ago | 0
Big Data Cyber Security Analytics in Action -

In my recent post Understanding and Preventing Cyber Fraud and Cyber Attacks with Advanced Big Data Cyber Security. 

3 days ago | 0
New attack vectors targeting the enterprise generated by third-party connectivity -

By Peter Zavlaris Based on the success of several high profile attacks (ex. Target & AT&T) over. 

5 days ago | 0

Advanced Malware Protection AMP for Endpoints Overview

By Joey Muniz | On Tue, Aug 26th, 2014 - No Comments »
sourcefire-logo

Josey Muniz, aka The Security Blogger describes Sourcefire anti-malware protection (AMP) services. Detecting threats on endpoints like laptops and mobile devices is important but not enough to defend against the threats we see against our users. Reason why is Anti-Virus and host IPS/IDS can only scan for so many signatures and leverage so many behavior checks before they must let the traffic. 

Big Data Cyber Security Analytics in Action

By Aamir Lakhani | On Mon, Aug 25th, 2014 - No Comments »
data book of secrets

In my recent post Understanding and Preventing Cyber Fraud and Cyber Attacks with Advanced Big Data Cyber Security Analytics I spoke specifically about increasing security intelligence and awareness. You can no longer rely on a single tool or solution to solve security needs. Johannes B. Ullrich makes an excellent point in his article Network security: Threat intelligence feeds parse a sea. 

New attack vectors targeting the enterprise generated by third-party connectivity

By Aamir Lakhani | On Fri, Aug 22nd, 2014 - No Comments »

By Peter Zavlaris Based on the success of several high profile attacks (ex. Target & AT&T) over the last year exploiting access points created by enterprises connecting into their third-party associates—there’s a growing concern that third-parties present potentially intolerable levels of risk to the enterprise.  While the purpose of exploiting third-parties in recent. 

Open Source and Risk: Protect Customers With An Outside Looking In-Approach

By Aamir Lakhani | On Mon, Aug 18th, 2014 - No Comments »
risk_measurement_400_clr_5483-300x300

My friend Peter Nicolas Zavlaris at RiskIQ posted an write on Wired Magazine open source risk. Check out the RiskIQ Blog. It is a great source around information and cyber security. Open source application vulnerabilities are a hot topic in the modern information security discourse—mainly because of incidents like Heartbleed. Heartbleed was an interesting case not because it was an OpenSSL. 

Understanding and Preventing Cyber Fraud and Cyber Attacks with Advanced Big Data Cyber Security Analytics

By Aamir Lakhani | On Mon, Aug 18th, 2014 - 2 Comments
Big Data Cyber Security Analytics

Cyber Fraud Affects 5 Percent of the Planet’s GDP The Association of Certified Fraud Examiners (ACFE) estimates typical organizations loses 5 percent of their revenues to fraud each year (ACFE Report). When fraud occurs, the integrity of the data is impacted; intellectual property is lost, stolen, or at risk; and customer confidence is affected. Fraud is growing in scope and complexity,. 

SimpleRisk – Powerful risk management and GRC

By Aamir Lakhani | On Sun, Aug 17th, 2014 - No Comments »
SimpleRisk

According to the SimpleRisk website, “Risk management is a relatively simple concept to grasp, but the place where many practitioners fall down is in the tool set. The lucky security professionals work for companies who can afford expensive GRC tools to aide in managing risk. The unlucky majority out there usually end up spending countless hours managing risk via spreadsheets. It’s. 

recon-ng – advanced reconnaissance framework

By Aamir Lakhani | On Sat, Aug 16th, 2014 - No Comments »
sr-71 recon-ng

Reconnaissance techniques are the one of the first steps penetration testers learn when learning how to exploit systems for vulnerabilities. Traditional reconnaissance techniques are used to gather intelligence, define scope, and identifying weaknesses. The issue with reconnaissance is that is takes it time. In most cases, penetration testers do not have the luxury of time that at motivated. 

Installing VMware Tools on Kali Linux

By Aamir Lakhani | On Thu, Aug 14th, 2014 - 3 Comments
Walk-In-The-Shadows

If you are using Kali Linux and trying to use it in a VM environment as a guest operating system on VMware you may run into some issues. It is recommended that you install VM Tools for VMware on Kali Linux. This guide will help you install VM Tools on any installation of Kali Linux (including 64-bit ISOs). It will also allow you to use Kali Linux in VMware ESXi environments. The first thing. 

Clark-Wilson Security Model

By Aamir Lakhani | On Tue, Jul 29th, 2014 - Comments Off
FutureModelsOfSocial-Learning

The Clark-Wilson security model is based on preserving information integrity against the malicious attempt of tampering data. The security model maintains that only authorized users should make and be allowed to change the data, unauthorized users should not be able to make any changes, and the system should maintain internal and external data consistency. The Clark-Wilson model requires. 

Cisco Security Manager CSM Overview – 4.6 SP1 Update Available

By Aamir Lakhani | On Mon, Jul 28th, 2014 - Comments Off
firewall connection

Cisco appears to be serious about security providing a major update to its security management suite. Hopefully we will start to see (if rumors are to be believed) the merging of the excellent management tools from Sourcefire along with Cisco’s management software. Cisco Security Manager is used to manage multiple Cisco security products. Management includes centralizing configuration,.