NetApp File Activity Monitoring
Note: This blog is the third in a 4 part series, followed by a webinar to review all the challenges with File System access auditing. Sign up now for the webinar “Challenges with Relying on Native File System Logging“. Register now.
In our last post, we walked through configuring file access auditing on a Windows File server and explored some of the common challenges with data interpretation. In this post, we will take a similar look at file access auditing on a NetApp CMode File Serv…
Impressions from RSA 2019
This year’s RSA convention was a riot of sights and sounds with a lot of familiar faces, mega-booths with flashy giveaways, as well as some new/old companies in the form of recently acquired or merged organizations. There were the familiar topics of security analytics, security as a service, and advanced threat detection, but on the surface, it is difficult to pick out any obvious new trends.
After thinking back about everything I saw, I have decided that the one common theme was the re-em…
Anatomy of a Hack: How TEMP. Mixmaster Attackers Use TrickBot and Ryuk to Poach Big Game
Cyber-crime continues to evolve – especially over the last year in terms of ransomware. Ransomware used to be largely a spray-and-pray proposition where attackers used automated tools to spread and encrypt as fast as possible, with immediate ransom demands. Those did enough damage.
However, cybersecurity researchers are reporting a new, more patient and human-driven extortion scheme where criminals infect many networks but only select larger organizations with deeper pockets. In these larg…
Microsoft Advanced Threat Analytics (ATA) Compared to StealthDEFEND for Active Directory
Detecting advanced threats against Active Directory can be approached in a variety of ways. When looking at Microsoft Advanced Threat Analytics (ATA) compared to STEALTHbits StealthDEFEND for Active Directory they have the same goal and a similar approach, however, there are some key differences.
Microsoft is in a privileged position to build a threat
detection solution to protect against Active Directory attacks. Their end
product is similar to what you would expect from a third-party ven…
LDAP Reconnaissance – Defend with StealthDEFEND
Editor’s note: This is the second blog post in a series of blogs for using StealthDEFEND to defend against attacks. Read the first blog “Using StealthDEFEND to Defend Against Password Spraying”.
In this blog post, we’ll be talking about LDAP Reconnaissance and how we can use StealthDEFEND to defend ourselves against this type of attack.
Introduction to LDAP Reconnaissance
When an attacker initially compromises a system on a
network, they may have little to no privileges within the do…
Active Directory Object Recovery (Recycle Bin)
Editors note: This is the 3rd in a series of blog around Active Directory (AD) backup and recovery using Stealthbits, StealthRECOVER. Read the 1st blog, An Introduction to Active Directory Backup and Recovery and the 2nd blog, Active Directory Object Recovery.
The previous post in this series discussed the joys of Active Directory object recovery in an environment without the AD Recycle Bin. If you missed that post, I strongly encourage you to go back and read it as it is arguably the sin…
Using StealthDEFEND to Defend against Password Spraying
In this blog post, we’ll be talking
about Password Spraying and how we can use StealthDEFEND to
defend ourselves against this type of attack.
Introduction to Password Spraying
Password
Spraying is a technique attackers leverage to guess the
passwords of accounts by trying a small number of highly common passwords against
a large number of accounts while also staying below an organization’s defined
lockout threshold. This allows an attacker to compromise accounts without a…
Challenges with Native File System Access Auditing
Note: This blog is the first in a 4 part series, followed by a webinar to review all the challenges with File System access auditing. Sign up now for the webinar “Challenges with Relying on Native File System Logging”. Register now.
An organization’s ability to efficiently and effectively capture file level access is paramount in order to not only proactively prevent data breaches or attacks, but to respond in the event your data has already been compromised. Often times, we focus on this …
ProTip – Active Directory Advanced Threat Analytics and Response
Stealthbits Technologies’ most recent release, StealthDEFEND 2.0, brings with it a whole new suite of advanced threat analytics inside of Active Directory (AD). If you are already a user of StealthDEFEND, you are already aware of the great response and analytics it provides for file system monitoring by leveraging machine learning and user behavior analytics. Now, with StealthDEFEND 2.0, and the expansion into new threats and monitoring capabilities around AD, Stealthbits Technologies is uniq…
Taking a Data Centric Audit and Protection (DCAP) Approach Avoids the Weaknesses of a Siloed Data Security Strategy
Data Centric Audit and Protection (DCAP) is a term defined by Gartner back in 2017 in response to the weaknesses of the Data Security Governance practices at the time. At that time, data protection strategies focused on the security of the application, or storage system that contained the data. This focus led to a variety of technology-specific security tools which tended to be owned and managed by different teams within IT. This siloed approach to data security worked well as long as the dat…
