INSIDER THREAT SECURITY BLOG

Sysmon is an important tool within Microsoft’s Sysinternals Suite, a comprehensive set of utilities and tools used to monitor, manage, and troubleshoot the Windows operating system. Per Microsoft’s own definition, Sysmon “provides detailed information about process creations, network connections, and changes to file creation time. By collecting the events it generates using Windows Event Collection or SIEM agents and subsequently analyzing them, you can identify malicious or anomalous acti…

Having worked with Unix and Linux servers for a long time, one feature that I came to appreciate is the Secure Shell (SSH) daemon.  The SSH server daemon allows users to securely connect to Linux and Unix servers using an SSH client.  Those of you who work with Linux and Unix servers are quite familiar with open-source SSH tools such as Putty and WinSCP.  Personally, I find WinSCP quite helpful as it allows me to transfer files back and forth from my Windows desktop machine to …

By now it’s common knowledge that FireEye has disclosed they were the victims of an attack by a nation-state seeking government information. If you aren’t aware of the particulars of this attack, I strongly encourage you to take a few minutes and read the blog posted by the FireEye team. It includes details about the attack and what was compromised, as well as how the company plans to address the situation. In the next few days, we will face a barrage of messages from vendors seeking to re…

Going remote is the new reality as we continue to grapple with a devastating global pandemic. The transition to remote learning in our nation’s schools, in particular, has created a new level of upheaval and burden that’s impacted most every home and community. Luckily, most of Stealthbits’ existing corporate customers switched to digital work rather seamlessly after testing and reinforcing the security of their networks and IT infrastructure. Educational institutions, on the other hand, were…

If recent years have taught us anything about the intent of threat actors, it’s that no victim or circumstance is off limit when there’s a profit to be made. Throughout the year attackers have used COVID-19 to take advantage of victims’ fears of the virus, exploited new attack surfaces resulting from the increase in remote work, and even attempted to steal vaccine research. Earlier this year, it was reported that the FBI’s Internet Crime Complaint Center (IC3) has seen reports in cybercrim…

PostgreSQL or simply referred to as Postgres has had a very colorful history.  It began in 1986 as a POSTGRES project led by Professor Michael Stonebraker, which was sponsored by Defense Advanced Research Projects Agency (DARPA), the Army Research Office (ARO), the National Science Foundation (NSF), and ESL, Inc.   Postgres95 was released in 1994 for general use on the web which included support for SQL language interpretation.  In 1996, Postgres95 was officially renamed t…

September has been declared National Insider Threat Awareness Month (NITAM) through a joint venture between the National Counterintelligence and Security Center (NSC) and the National Insider Threat Task Force (NITTF).  The goal of this effort is to educate organizations and their employees on the threat, helping them understand how it can occur through both intentional and unintentional means, and to help employees recognize and report unusual behavior. This is amidst a particularly …

This year has been a year like no other, with what seems to be a never-ending and always evolving set of headlines. At a glance, we’ve seen the evolution of the Coronavirus pandemic, the ongoing wildfires across not only the country but the world, the death of a basketball legend, Brexit finally coming to fruition, a civil rights uprising, and so much more.   The state of cybersecurity this year has had just as many ups and downs. While research done by the&nb…

In this era of big data, it is in an organization’s best interest to seek to safeguard their critical data assets, especially sensitive data, to the best of their ability. However, data breaches continue to occur, and according to certain studies, are happening every minute. And now with more consumer data being collected than ever, these breaches pose a real problem not only to an organization’s operations but to their credibility. But imagine if data security, and possibly more importantly …

In my last blog, I stated that “data security can be achieved without data privacy, but you can’t effectively fulfill data privacy without data security. When it comes to complying with regulations, or protecting against breaches, if you don’t know your data, you won’t be able to justify it to a regulator, or safeguard it from malicious intent.” Complex, Heterogeneous Data Infrastructure Challenges Once you’ve discovered all the data in your organization, you can then write a report. Ho…