In part 5, we looked at auditing your network device logs. A decade ago, security professionals were primarily concerned about network perimeter and endpoint security. While those concerns are still valid, technological advancements have created new scenarios that need …
Simplifying security auditing, part 5: Detecting network attacks
Anyone trying to access resources in your network needs to interact with your network devices: firewalls, routers, switches, and IDS/IPSs. Each of these devices generate syslogs that contain important security information and must be audited to gain complete visibility into …
Chrome’s removing the “Secure” label from HTTPS sites—but why?
Gone are the days when the green “Secure” label stood to distinguish legitimate websites from potentially malicious ones. Shortly after marking all HTTP sites with a “Not Secure” badge earlier this year, Google has now stepped up to remove …
Simplifying security auditing, Part 3: Keeping insider threats in check
Insider threats are on the rise. In fact, both administrators and average employees are among the biggest security threats in an organization. When it comes to security auditing, there are two areas you need to focus on: Active Directory …
Simplifying security auditing, Part 1: Regularly reviewing server activity
Everyone knows about the importance of log management in IT security. Yet, organizations struggle with implementing effective log management techniques in their networks. This blog series aims to revisit the fundamentals of log management and discuss the different security events …
Network breach at Australian National University serves as a reminder about the Notifiable Data Breaches scheme
Earlier this month, several news outlets reported that Australian National University’s (ANU) network was breached, allegedly by Chinese hackers. Although the official statement from ANU said that the threat was averted and no data was compromised, the breach serves as …
How to leverage SIEM to meet the GDPR’s requirements
Today’s businesses run on data. From getting customer information for payment, processing employee information for payroll, using publicly available data for targeted advertising, to tracking people’s behavior for marketing, data has become the power center of organizations. But with this …
Cyberattacks are coming—is your firewall ready?
In HBO’s hit series Game of Thrones, the Seven Kingdoms had the Wall to keep out White Walkers, and for many generations, it did exactly that. But even the strongest fortifications can fall flat if improperly managed; like the Wall …
Learn how to audit and secure your SQL and IIS servers
Virtually every business today depends on databases and web servers for daily operations. Since these business-critical applications deal with sensitive data, keeping them secure is a major priority—as a security professional, you need to carefully evaluate and implement security measures …