Monday, December 24, 2018

Gartner Magic Quadrant for SIEM Products (2018,2017,2016,2015,2014,2013,2012,2011...)

Gartner defines SIEM as a technology that aggregates data produced by security devices, network infrastructure and systems, and applications. Products in the security information and event management (SIEM) market analyze security event data and network flow data in real time for internal and external threat management. They collect, store, analyze and report on log data for incident response, forensics and regulatory compliance. Vendors in this space are continually improving threat intelligence and security analytics. Companies are looking to adopt this technology in order to detect threats and breaches, and by compliance needs. Early breach discovery requires effective user activity, data access and application activity monitoring.

Companies placed by Gartner in the Leaders Quadrant have been the most successful in building an installed base and establishing a revenue stream from the SIEM market. Leaders also typically have a high share of the market and high revenue growth. They've also demonstrated superior vision and execution for emerging and anticipated requirements of the market. What's more, they've garnered positive customer feedback for their SIEM products, as well as service and support of those products. 

2018
There are three new vendors (Dell, Exabearn and Securonix) and four existing vendors (IBM, Splunk, LogRhythm, McAfee) in Leaders quadrant. 

Wednesday, December 19, 2018

Proofpoint Wombat Security Awareness Training - Phishing Campaign Step by Step

Wombat ThreatSim® Phishing Simulations are an excellent addition to any security awareness training program, particularly those focused on fighting phishing attacks. Wombat ThreatSim Phishing Simulations serivce has SaaS-based interface which makes it easy to deliver simulated phishing emails and customizable Teachable Moments, which display targeted "just-in-time teaching" messages to individuals who fall for a phishing test.ThreatSim’s customizable email templates address three key testing factors: attachments, embedded links, and requests for personal data. Based on Wombat site, no one else in the industry can offer multiple templates in one campaign, random scheduling of emails to spread out delivery, along with Auto-Enrollment into targeted training if an employee falls for an attack.

This post is a quick step by step guide how to create a basic Phishing Campaign hosted from Wombat ThreatSim platform.

Log into Wombat Security Education Platform and Click ThreatSim -> Phishing Campaigns

Tuesday, December 18, 2018

Ubuntu 16.04.5 LTS (Xenial Xerus) Installation Step by Step in VMWare Workstation (Not Easy Installation)


1. Ubuntu16.04 Installation
1.1 VMware Workstation Virtual Machine Creation for not easy installation
If you are using VMware workstation , by default, system will do easy installation for you, which means all settings will be automatically entered by VMware Workstation. You wont need to provide too much or any information during installation process. We are not going to use this method in this post. We just choose  the option "I will install the operating system later" to skip easy installation.

YouTube Video:
Easy Install vs Non Easy Install

Expose your local service to public: Ngrok, FRP, localtunnel

For many IT workers remotely involved with networking, it is quite common to need to expose your Intranet application to the outside world in a secured manner. Unfortunately, we work most of the time from private IP networks, be that at the workplace, at home or at the coffee shop. The router(s) or firewall (s) that stands between our workstation and the internet makes it harder to expose a local socket to the outside. Most of the time, this is preferable for security.

A couple of solutions you can choose now:
1. Change your router / firewall configuration to do port forwarding or NAT from public to your application. But in many cases, you wont be able to make that changes or you even do not have that options.
2. Tunneling services : either self hosting or cloud services such as:
  • Ngrok
  • FRP 
  • Localtunnel
This post is going to explore some of tunneling services I am using.


Ngrok

Setup & Installation
1. Download ngrok
ngrok is easy to install. Download a single binary with zero run-time dependencies. There are following versions available to download : WinodwsMac OS X Linux Mac (32-bit) Windows (32-bit)Linux (ARM) Linux (32-bit) FreeBSD (64-Bit)FreeBSD (32-bit)

Gartner Magic Quadrant for Unified Threat Management (2018,2017,2016,2015,2014,2013,2012,...)

Gartner defines the unified threat management (UTM) market as multifunction network security products used by small or midsize businesses (SMBs) (< 1000 employees).


2018 Gartner Magic Quadrant for Unified Threat Management Report
For leaders quadrant, no changes since 2015. Fortinet, Check Point and Sophos are in there.

Gartner Magic Quadrant for Enterprise Network Firewall (2018,2017,2016,2015,2014,2013,2011,2010)

Based on Gartner's definition, the enterprise network firewall " is composed primarily of purpose-built appliances for securing enterprise corporate networks. Products must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices, multitiered demilitarized zones (DMZs) and, increasingly, the option to include virtual versions for the data center. Customers should also have the option to deploy versions within Amazon Web Services (AWS) and Microsoft Azure public cloud environments. These products are accompanied by highly scalable (and granular) management and reporting consoles, and there is a range of offerings to support the network edge, the data center, branch offices and deployments within virtualized servers and the public cloud. "

Here is the difference from UTM appliance, which  UTM approaches are suitable for small or midsize businesses (SMBs), but not for the remainder of the enterprise market.


2018 Gartner Magic Quadrant for Enterprise Network Firewalls
Cisco comes back to Leaders quadrant again. Palo Alto, Fortinet and Check Point are still doing well as Leaders.

ArcSight SIEM Logger Web, Search Examples, Use Case Reports

ArcSight Logger is one of products from Micro Focus SIEM platform. It  streams real-time data and categorizes them into specific logs and easily integrates with Security Operations. As a result, organizations of any size can use this high performance log data repository to aid in faster forensic analysis of IT operations, application development, and cyber security issues, and to simultaneously address multiple regulations.

Summary




Wednesday, December 12, 2018

Python Cyber Security Testing Tool Collection

Networking

Scapy: send, sniff and dissect and forge network packets. Usable interactively or as a library
pypcapPcapy and pylibpcap: several different Python bindings for libpcap
libdnet: low-level networking routines, including interface lookup and Ethernet frame transmission