Every Organization Needs Centralized Logging

Oct 18, 2022 6:03:30 PM / by Eric Capuano posted in DFIR, Incident Response, Open Source, Defense, Monitoring, Graylog, Logging, Compliance

Logs are on the systems, why do I need this?

Because Digital Forensics & Incident Response is expensive -- likely the highest billable rate among most IT/security practices.

Why? Because it is a very skilled, but meticulous and time-consuming activity and my team has done our fair share of it. Most often, the bulk of the time is spent collecting often volatile evidence from countless systems in hopes that enough of the attacker activity is still traceable. The best evidence sources are often the ones least available at the time of the investigation -- logs. Why? Because they roll over, or get deleted, etc.

If I walked into an organization that had centralized logging, I could probably cut the IR effort in half because a huge amount of the data I need is there ready to be queried. This allows me to perform deeper forensic analysis only on systems that exhibited noteworthy activity.
 
Read More

Remote Access Done Right

Oct 14, 2022 3:00:00 PM / by Whitney Champion posted in SecOps, Security, DevOps, Infrastructure, Cloud, SSO

Do you have resources on prem? In the cloud? How about in multiple clouds? How do you access them all, and how do you track all of those resources? How do you handle key management? Password management? User management? How do you maintain who or what has SSH and RDP access? How do you provide secure access to internal websites or even other data sources? How do you know your admins and analysts and end users are accessing them securely? How do you know who has keys sitting in their downloads folder? How do you track any of it? 

Read More

Business Email Compromise & Wire Transfer Fraud

Aug 3, 2022 7:57:28 AM / by Andrew Cook posted in fraud, wire transfer

If anyone in your organization handles financial transactions, invoices, or payroll changes over email, you're at risk of wire transfer fraud. Criminals target sophisticated social engineering attacks toward anyone that can authorize or redirect payments or financial transactions, including accountants, salespeople, payroll and HR staff, and executives. The core issue is this: email is never a trustworthy way to validate a person's identity. It is critical that your leadership and users understand this. 

Read More

Recon InfoSec Expands Reach And Partner Program With Channel Partner Portal Launch

Jun 14, 2022 11:15:00 AM / by Kelley Wilds

Recon InfoSec, an industry-recognized leader in Managed Detection & Response, cybersecurity assessments, incident response, and training, is offering its portfolio of services and capabilities through an exclusive channel partner program.

 

Read More

Recon InfoSec Offers Free Cybersecurity Threat Hunting Service for Critical Infrastructure Entities

May 17, 2022 11:35:00 AM / by Kelley Wilds posted in Threat Hunting, critical infrastructure

With the ongoing conflict in Ukraine and U.S. sanctions against Russia continuing to build, the need has never been greater for American infrastructure entities to protect their operations from cyber threats and attacks.

Read More

Okta + LAPSUS$ Security Incident

Mar 22, 2022 8:11:44 PM / by Eric Capuano posted in Incident Response, Monitoring, Logging, Cloud, SSO

As many in the industry are now aware, Okta experienced a form of security breach back in January which the wider industry was unaware of until screenshots obtained by the LAPSUS$ group were posted on Twitter on March 21st, at 10:15pm CDT.

Read More

Recon InfoSec Receives SOC 2 Type II Certification

Mar 9, 2022 9:24:51 AM / by Eric Capuano posted in InfoSec, Defense, Compliance

At Recon, we are committed to meeting the security demands of the evolving threat landscape and exceeding the expectations of our customers. We follow best practices, up to and including closely following Google's BeyondCorp approach to "Zero Trust" for our entire infrastructure. Our security philosophy is, "we must always be the most secure part of any organization that we may ever work with." This has enabled us to be a strong, trusted advisor and service provider to our customers and channel partners.

Read More

Widespread Phishing and Business Email Compromise Campaign

Feb 24, 2022 2:18:40 PM / by Luke Rusten posted in SecOps, Intel, phishing, sigma

In this blog post we cover a widespread phishing campaign Recon recently observed targeting multiple customers. This post is not meant to be highly technical, instead it walks through how these attacks unfold and but still provides defenders and organizations some tools to defend against these attacks.

Read More

Recon's Guide to Testing for the Log4J Vulnerability using Canarytokens

Dec 14, 2021 2:10:00 PM / by Andrew Cook posted in SecOps, Security, log4j, Canaries, InfoSec, Thinkst

This guide will walk you through using CanaryTokens.org to generate a token and how to use that token to determine if an application is vulnerable to Log4j. The generated token is a string of text that you will place in various user-controlled fields of the applications (such as search boxes, forms, and password fields). If the application is vulnerable, you will receive an email from CanaryTokens.org indicating that the application is vulnerable.

Read More

Recon's SOAR Playbook To Detect Log4J Exploitation

Dec 13, 2021 2:14:00 PM / by Andrew Cook posted in SecOps, Security, log4j, Canaries, InfoSec, Thinkst

The recent Log4j vulnerability (CVE-2021-44228) is unprecedented in its global scope and impact. This open source logging framework for Apache is found buried in everything from the Mars Helicopter to Minecraft. The exploit is as simple as getting the system to log a message containing a specific string, which can be done as easily as changing your iPhone’s name, sending a chat message, or visiting a website.

Read More
View RSS Feed