If you couldn't tell by now, we love Graylog. We may have mentioned them a time or two :)
Integrating Graylog With TheHive
Jan 31, 2020 2:11:00 PM / by Whitney Champion posted in Automation, DFIR, Incident Response, SecOps, Security, Defense, Python, Graylog, DevOps, TheHive, Cortex, API
Network Defense Range (NDR) Returning to BlackHat 2020
Jan 26, 2020 2:26:00 PM / by Eric Capuano posted in Incident Response, InfoSec, Training, Threat Hunting, NDR, Defense, BlackHat
We're thrilled to be accepted back to BlackHat to run our live-fire Network Defense Range (NDR) course again this year! We received overwhelmingly positive feedback from last year's attendees and we have even bigger plans this year.
Locking down ZeroTier peer-to-peer networks
Feb 9, 2019 3:38:00 PM / by Eric Capuano posted in ZeroTier, Defense, DevOps, VPN, Cryptography
In a previous post, we shared our affinity for ZeroTier:
Build a Free Private Mesh Network for Secure DevOps
Dec 8, 2017 4:31:00 PM / by Eric Capuano posted in ZeroTier, Defense, DevOps, VPN, Cryptography, Networking
Over time and for various reasons, I've amassed quite the catalog of cloud-hosted servers. This has caused much anxiety in the form of rapidly expanding attack surface which I've met painstakingly with manually managed firewall rules and nginx ACLs... Not anymore!
Slacking at Security Operations
Oct 24, 2016 4:58:00 PM / by Eric Capuano posted in Automation, Operations, Defense, Intel Sharing, Slack
Running a Security Operations Center requires fighting a constant battle to increase analyst efficiency, speed and accuracy. Fast and effective communication coupled with automation is the only answer. So why not have both in the same platform?
Macro Security for Enterprise Defenders
Oct 20, 2016 5:01:00 PM / by Eric Capuano posted in Defense, Malware, Macro
In my experience, one of those most prevalent and common threats to today’s enterprise networks comes in the form of malicious email attachments (shocker!). Attackers leverage document types that are most likely accessible to software installed on the victim endpoint, making Microsoft Office a prime target. Yes, in 2016, malicious macros are still a major problem.