Hacking America’s Pastime

Hacking America’s Pastime

All it took was one recycled password. If you haven’t heard the news yet, former executive for the St. Louis Cardinals baseball team Christopher Correa has officially been sentenced to 46 months in prison for hacking. This victim in this case? (Former) Rival team the Houston Astros and their internal database/communications hub aptly named “Ground Control.” So how does something like this happen? Baseball is supposed to be a game of integrity and sportsmanship! Well, it’s important to remember that America’s…

Read More Read More

Comprehensive Auditing and Protection For Group Policy Objects

Comprehensive Auditing and Protection For Group Policy Objects

Group Policy is a native Microsoft technology. It allows organizations running Active Directory to centrally control and configure both user and computer settings to domain-joined machines. Group Policy allows administrators to make sweeping changes to all aspects of connected operating systems, including the Registry, for example. When implemented properly, this technology simplifies overall operating system configuration, patching, software deployment, and security.  When implemented improperly, Group Policy is a nightmare for administrators and the security practitioners charged with measuring its effectiveness. What…

Read More Read More

Microsoft Exchange, Non-Owner Mailbox Logon: Auditing the Insider Threat

Microsoft Exchange, Non-Owner Mailbox Logon: Auditing the Insider Threat

Email, one the greatest innovations in communication since the telephone.  One could even argue that it is the most important.  The ability to have a conversation (albeit in electronic format), send vast quantities of data, and involve an unlimited number of recipients is the backbone of modern business. With each iteration, Exchange gets more and more security features. Litigation hold and classification are good examples of this.  However, as useful as they are, they don’t address the most basic security…

Read More Read More

STEALTHbits ProTip: Investigate with StealthINTERCEPT

STEALTHbits ProTip: Investigate with StealthINTERCEPT

Many of the threats discussed in the Verizon DBIR can be addressed with StealthINTERCEPT, and a little known feature called Investigate makes it easy for users to quickly retrieve the policies they care most about. StealthINTERCEPT’s Investigate feature allows users to easily view specified events across all available Policies. Defining Policies (the Who, When, Where, What, and more) can really help users access the full picture for activity. While this is especially useful for any kind of security review, it…

Read More Read More

Market Trends: Key Findings From The Verizon DBIR

Market Trends: Key Findings From The Verizon DBIR

The 2016 Verizon DBIR is an all-encompassing look at a years’ worth of cyber related attacks. The most compelling statistic from the 2016 report states that in 93% of cases it only took an attacker minutes to compromise systems and networks, but weeks or months for the affected company to even realize that an incident had occurred. What does this say about our detection and mitigation strategies as an industry? What we do know is that attackers typically exploit the…

Read More Read More

Windows Logon/Logoff – It’s so Last Century

Windows Logon/Logoff – It’s so Last Century

Guys and Gals: it’s 2016. We live in a cyber age.  Our lives are a heterogeneous smorgasbord of devices, operating systems, cloud storage and social media. We are virtually always online in one way or another.  Even our watches are constantly connected to something.  We monitor our steps, our pulse, or stocks, our friend’s social lives (although I do wonder why sometimes). It’s not just our private lives that are always online.  Hands up if you don’t check your email…

Read More Read More

The Mossack Fonseca “Panama Papers” – Our Take

The Mossack Fonseca “Panama Papers” – Our Take

Several lessons can be learned from the spotlight that has been turned on Mossack Fonseca. For those of you just coming up to speed on “The Panama Papers”, Mossack Fonseca became a victim of a massive data breach. I use the term victim with a grain of salt as what the papers actually revealed about the global rich, privileged, and powerful is up for discussion. The lessons learned span two key areas of how the breach occurred and what could…

Read More Read More

Monitoring File Activity: Want the needle? Take a flamethrower to the haystack.

Monitoring File Activity: Want the needle? Take a flamethrower to the haystack.

I know it’s so cliché, but it’s a great analogy.  Trying to find the events that matter in your native file activity logs on Windows and NAS devices is like finding a needle in a haystack.  These logs are so verbose, so performance-intensive, and so difficult to manage that most organizations don’t even bother with them. But, anything can be in any file.  Any file can be the one that sinks you.  As a result, every file equals risk.  And…

Read More Read More

What do Monty Python and File Activity Auditing Have in Common?

What do Monty Python and File Activity Auditing Have in Common?

A Holy Grail…. The Holy Grail of File Activity Auditing is very easily summarized with the well known 5 ‘Y’s and the ‘H’…or is it? We can discount two of these straight away: Why: The reason or sentiment behind why is virtually impossible to identify and certainly isn’t a binary, 1 or 0 thing.  So let’s park this for another day. How: This is certainly something that is important to data governance, but not specifically to activity auditing.  Determining open…

Read More Read More

There’s no Such Thing as a Secure System

There’s no Such Thing as a Secure System

A few days ago I had the opportunity to attend the Evanta 2016 New York CISO Executive Summit. It was a great event, attended by leaders in information security on both the customer and vendor sides of the equation. Throughout the day, CISO’s from some of the world’s largest organizations and other thought leaders in the world of cybersecurity presented in keynote and breakout sessions, offering up their thoughts on the state of security and advice on where to focus…

Read More Read More