3 dangerous "lessons" that have come from Target Breach discussions that we need to quickly unlearn.

Part 4 of the NBAD series on  host anomaly detection.

Hospitals are under attack from cyber criminals and state sponsored attackers. This article reviews the cause and some remedies to the poor state of InfoSec in healthcare.

Third part of the network behavioral anomaly detection (NBAD) series on the role of behavioral detection.

In the second part of the NBAD series, signature detection methodologies are examined.

The first part in this series covers the history of Network Behavioral Anomaly Detection (NBAD.)

Vendors like to create an ocean of alarms in their products so they can dogpile after an event and claim that "they caught it." This article goes through the dangers of false positives in incident response and how to address them.

The most dangerous and difficult risk to detect to an organization is insider threat. When a trusted asset decides to betray the trust of his benefactor for the sake of ideology, greed or extortion the organization can suffer long lasting damage. This article outlines the nature and strategies of handling insider threat.

Threat data contained in Indicators of Compromise (IOC) can be applied against the data stored in StealthWatch to look for markers of historical breach. This entry outlines the steps in performing this analysis.

With Microsoft discontinuing support of Windows XP, organizations need guidance on how to protect the legacy machines they can't replace.

How to parse the claims vendors make in APT detection.

NetFlow analysis can be an effective way of determining what cloud services are in use and monitoring them for violations.

Thanks to the Grand Rapids chapter of the ISSA for hosting me today. My deck can be downloaded here.

The difficulty in controlling user behavior makes spear phishing a "no-brainer" for attackers. Network surviellance can detect the attack at different parts of the kill chain.

Video presentation from Lawrence Orans of Gartner, describing how Network Behavioral Analysis (NBA/NBAD) can detect advanced, targeted threats.

The last installment of drawing lessons from the Shoe Bombing attack in Network Security is focusing on the actions and response following threat detection.

One thing we learned from the Shoe Bomber, Richard Reid is that not all attackers are the same. In this installment we examine the differences in cyber attackers.

Applying the lessons on surveillance we learned from physical security in stopping the Shoe Bomber to network and informaiton security.

In the second installment of this Network Security 101 series, the differences between attack payloads are examined.

Comparing how physical security caught the shoe bomber to how we go about catching network threats.

Behavioral analysis of NetFlow can alert to policy violations as well as suspicious and anomalous activity concerning protected data such as card holder (PCI), patient records (HIPAA) as well as PII and trade secrets.

Download the deck from SANS DFIR Summit 2013 on "Hunting Attackers with Network Audit Trails." Tom Cross & I delivered this in Austin, TX.

The quest for the (non-existent) Holy Grail of InfoSec: the "single pane of glass." Discussion on why we want it, what it will take to get it and what to do in the interim.

How intelligent NetFlow analysis can ease the pain associated with adding networks gained from mergers and acquistions.