Friday, November 16, 2018

Threat Hunting Tools

Here are some collections from Internet about Threat Hunting tools, information and resources.

1. Kansa

Thursday, November 15, 2018

ArcSight SIEM Logger Web Gui and Search Tips and Tricks

ArcSight Logger is one of products from Micro Focus SIEM platform. It  streams real-time data and categorizes them into specific logs and easily integrates with Security Operations. As a result, organizations of any size can use this high performance log data repository to aid in faster forensic analysis of IT operations, application development, and cyber security issues, and to simultaneously address multiple regulations.

Summary




Tuesday, November 13, 2018

IBM Data Security Product Guardium Resources

IBM Security Guardium is designed to help safeguard critical data. Guardium is a comprehensive data protection platform that enables security teams to automatically analyze what is happening in sensitive-data environments (databases, data warehouses, big data platforms, cloud environments, files systems, and so on) to help minimize risk, protect sensitive data from internal and external threats, and seamlessly adapt to IT changes that may impact data security. Guardium helps ensure the integrity of information in data centers and automate compliance controls.
The IBM Security Guardium solution is offered in two versions:
  • IBM Security Guardium Database Activity Monitoring (DAM)
  • IBM Security Guardium File Activity Monitoring (FAM) - Use Guardium file activity monitoring to extend monitoring capabilities to file servers.


https://www.securitylearningacademy.com/local/navigator/index.php?search=Guardium&level=top


IBM Security Learning :
Guardium Administrator

Saturday, November 10, 2018

Configure Cisco Enterprise Access Point 1142N As Home AP

Early of 2018, I got a chance to buy a Cisco Wireless Access Point with only $30, which is a great deal for AIR-LAP1142N-x-K9 - Dual-band Controller-based 802.11a/g/n. It is not 802.11ac ready AP, but as a replacement for my home wireless router, it is already enough.

Since this device is enterprise product, the configuration is not that straightforward, even after read some Cisco documents, it is still quite cumbersome to understand.

After a couple of hours working on it, I managed to bring both 2.4G and 5G radio up and set up two SSID for both radios. Here are my steps (Simplest steps to follow) with screenshots and video:

Monday, October 29, 2018

Security Events and Data Breaches in 2018, 2017, 2016, 2015, 2014

World's Biggest Data Breaches
Thanks to Lewis Morgan, social media manager at IT Governance. He has compiled this list by month and year since 2014, might be earlier. What I did is to put his month or year list into my this post and count the numbers for leaked records which some of them were missing from original post.

Here are leaked records numbers since 2014:



2018
List of data breaches and cyber attacks in September 2018 – 925,633,824 records leaked
List of data breaches and cyber attacks August 2018 – 215,000,000 records leaked
List of data breaches and cyber attacks in July 2018 – 139,731,894 million records leaked
List of data breaches and cyber attacks in June 2018 – 145,942,680 records leaked
List of data breaches and cyber attacks in May 2018 – 17,273,571 records leaked
List of data breaches and cyber attacks in April 2018 – 72,611,721 records leaked
List of data breaches and cyber attacks in March 2018 - 20,836,531 records leaked
List of data breaches and cyber attacks in February 2018 - 2,234,633 records leaked
List of data breaches and cyber attacks in January 2018 - 7,073,069 records leaked


Thursday, October 25, 2018

Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure (2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010)

Gartner’s Magic Quadrant for Wireless LAN Infrastructure has been released for a couple of years. This post listed all reports found from Internet since 2010. If you are not familiar with this research publication or Gartner, please see graphic below. Gartner places vendors in one of four quadrants – Leaders, Visionaries, Niche Players and Challengers based on their score system.

2018

Gartner has named Cisco, Aruba (HPE), and Extreme Networks as the leader in the Magic Quadrant for Wireless LAN Infrastructure on July 2018.

Gartner Magic Quadrant for Intrusion Detection and Prevention Systems (2018, 2017, 2015, 2013, 2012, 2010 ...)

According to Gartner, “The network intrusion prevention system market has undergone dynamic
evolution, increasingly being absorbed by next-generation firewall placements. Nextgeneration
IPSs are available for the best protection, but the IPS market is being pressured by the uptake of
advanced threat defense solutions.

This Magic Quadrant focuses on the market for stand-alone IDPS (IDP / IPS) appliances; however, IDPS capabilities are also delivered as functionality in other network security products. Network IDPSs are provided within a next-generation firewall (NGFW), which is the evolution of enterprise-class network firewalls, and include application awareness and policy control, as well as the integration of network IDPSs (IDP / IPS)

2018
Gartner has named McAfee (StoneSoft), Cisco (SourceFire), Trend Micro as a Magic Quadrant Leader in 2018 for Intrusion Detection and Prevention Systems (IDPS). (In 2013, McAfee acquired Stonesoft, and Cisco acquired Sourcefire. In 2015, Trend Micro acquired HP TippingPoint at $300M.)



Tuesday, October 23, 2018

Threat Modeling

This post is to collect Internet resources regarding threat modeling. There are some other similar posts regarding Threat Intelligence and Threat hunting. Search my blog you will find more. 


Threat Modeling Methodologies for IT Purposes
Conceptually a threat modeling practice flows from a methodology. Numerous threat modeling methodologies are available for implementation. Based on volume of published online content, the four methodologies discussed below are the most well known.