Another hack attack hits the headlines http://tinyurl.com/yebvj8p
Big deal. This stuff happens every day now right? Wrong. Not on this scale
it doesn’t. The Kneber Bot has penetrated 75,000 systems, 2,500 companies
across in 196 countries. This is not a straightforward Trojan - a simple
smash and grab. This one’s a game changer.
Systems compromised by this botnet provide the attackers with not only user
credentials and confidential information, but remote access inside the
compromised network. Just some of the data stolen includes:
68,000 corporate log-in credentials Access to e-mail systems, online banking
sites, Facebook, Yahoo, Hotmail and other social networking credentials 2,000
SSL certificate files Dossier-level data sets on individuals, including
complete dumps of entire identities from victims' machines.
Penetration of this scale and amongst such an esteeme... (more)
Not all Log Management solutions are created equal... Trusting your logs.
Log Integrity is at the core of using logs for such purpose as building
Trust, providing non-repudiation and indisputable proof in business
relationships between Customers and Providers, but also to provide for
evidence admissible in a court of law. We saw that not all Log Management
solutions are created equal, and we saw some high-level requirements in terms
of log collection and log reporting. We need a solution that is simple to
deploy - we want an enabler, not a disabler - and a solution that allows a ... (more)
Over the next few weeks, we'll investigate how the expression "An ounce of
prevention is worth a pound of cure" could also be applied to the IT world,
and what are the tools to foster preventive security through behavior
When looking at IT security, it seems that most of the security solutions
today are based on Defensive Security. Technologies such as AntiVirus,
Firewalls, Intrusion Detection Systems and Intrusion Prevention Systems,
Anti-Trojan, Anti-Worms, and Anti-Spyware belong in this category. The
primary focus of these technologies is defending against secu... (more)
Performance Tolls - Why you cannot correlate 100% of your logs...?
Compounding the combinatory explosion in the number of static-based
correlation rules, it is impossible to correlate 100% of all your logs, it is
just too expensive and not practical. Read on...
A correlation engine works really hard, even when dealing with a limited set
Each scenario requires lots of rules and exceptions, and most of these rules
need to be interpreted further as dozen, if not hundred of simple checks and
tests. For example, you may want to flag loops with a simple rule such as "IP
During these past few weeks, we have looked at several reasons why a static
rule based correlation is not the "SOC in a Box", end-all be all that many
thought it was.
Indeed what to think about a "solution" that:
Can only address a very limited set of attack scenarios Requires meticulous
consideration on how to map out the few selected attack scenarios Doesn't
guarantee you to catch attacks in progress even when one of the few selected
scenario is taking place Obliges you to think of minute details to slightly
reduce false positives Yields hundreds and thousands of basic correlat... (more)