Home › Blog

Blog

Recent Blog Entries

  • Attack Surface Expanded by Extended Enterprise
    Aug 05 2010
    host

    Securing the Extended Enterprise

    As corporations expand their reliance on the Internet and technology to conduct business, most work diligently to reduce their exposure to attack. Their efforts are focused primarily on protecting their enterprise assets, but could they be missing a very important aspect of their attack surface…. the extended enterprise?

    Read more >>
  • Delivery of Cyber Situational Awareness Information
    Jun 16 2010
    dgabbard

    Cyber situational awareness requires an all-encompassing approach to threat understanding, analysis, and risk assessment. Internet intelligence, enterprise intelligence, and threat intelligence all play a significant role.

    Read more >>
  • The Case for Internet Situational Awareness
    Jan 20 2010
    dgabbard
    I spend a lot of time talking to people from all walks of life about situational awareness, and what it means for 'cyberspace.' While there are a growing number of people who seem to understand the concept, its importance, and the future trajectory it is on, I find a disproportionately high number of people - even those I would consider expert in this field - either don't understand or have not yet embraced situational awareness and the means by which it can improve security, operational capabilities, and hence the bottom line.
     
    Read more >>
  • The Cyber Intelligence Mecca: Ten Rules for Achieving Cyber Situational Awareness
    Nov 03 2009
    jlewis

    One thing is for certain, network analysts are overwhelmed with the amount of data available, and current analysis tools are not designed for the rapidly increasing data sets or demands created by modern networks. Identifying an emerging threat, identifying the nature and extent of the threat, and gaining perspective on its possible impact requires complete visibility into vast Internet pathways and real-time data integration.

    Read more >>
  • Network Analysis 2.0: Staying Ahead of the Threat Curve with AIRE
    Oct 28 2009
    jlewis

    Automation, innovation, reaction and expansion (AIRE) are the foundation of the next generation of analysis techniques and tools - Network Analysis 2.0. The importance of data network analysis is often overlooked, but it impacts many areas including cyber defense, cyber intelligence, law enforcement / investigative analysis, and financial and critical infrastructure. Cyber attacks are conducted daily by organized groups around the world, and network analysis is important for maintaining total cyber situational awareness.

    Read more >>
  • Network Topology Discovery and Exploitation
    Oct 26 2009
    jlewis

    Threats tend to be ignored if the impact of those threats is not fully understood. SNMP is a good example of a frequently ignored threat. Enabling public Read Only SNMP on a network device may open a door for attackers to map a network topology without generating a lot of suspicious network traffic. It's possible that port 161 queries from the Internet are suspicious, but might be overlooked if they originate from a compromised host on the local network.

    Read more >>
  • Cyber Response Assumptions Part V - Importance of Data Sharing
    Sep 28 2009
    dgabbard

    If the H1N1 outbreaks and the recently foiled airport bombing plans tell us anything, it's that information and information sharing are at the center of response for any significant security event. A significant cyber security event is certainly not going to be any different. Naturally, this type of data sharing should be bi-directional.

    Remember the fourth assumption - Data about the event(s) needs to be able to flow both up to decision makers and down to responding organizations.

    Read more >>