CISO Express | A Security Professional’s Home Page

NSS Labs

  • Once More Unto The Breach (Detection Test)
    It is difficult to go a week without reading about a major enterprise being breached. And it is because of this that the Breach Detection Systems (BDS) market is growing at an incredible pace that is expected to continue well into the future (32% CAG…
    - 4 Aug 15, 12:00am -
  • New tools for faster security incident responses
    How quickly could you solve a crime if you had at your fingertips a comprehensive index of all activities occurring at a crime scene before, during, and after the crime? Security professionals have spent considerable amounts of time determining the s…
    - 20 May 15, 12:00am -
  • NGIPS – HP TippingPoint Update
    In our recently completed Next Generation Intrusion Prevention Systems (NGIPS) test, NSS Labs and HP TippingPoint discovered an anomaly during testing. Fundamentally, the nature of the anomaly was related to a recent CVE, which was being heavily util…
    - 24 Apr 15, 12:00am -
  • Security Orchestration – Integration, Process, and Wise Investments Driven by a Security Conductor
    When I am asked by friends to discuss the security breaches that feature ever more frequently in the news, I use a music analogy. Why music? For one thing, I am a fan of traditional classical music; for another, this allows me to describe the roles o…
    - 14 Apr 15, 12:00am -
  • The Best Place for Yesware is Nowhere
    A talented security colleague came across a tweet from a company called Yesware and remarked to me that it could be construed as spear phishing with specific language for legal protection. I can see his point, but in pedantically technical language,…
    - 5 Mar 15, 12:00am -
  • Detecting the Invisible Part 3: "Retreat from the Breach"
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the final in a three-part series on the impact of the breach detection system (BDS).As t…
    - 5 Mar 15, 12:00am -
  • Detecting the Invisible Part 2: "Once More Unto the Breach, Dear Friends"
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the second in a three-part series on the impact of the breach detection system (BDS).
    - 4 Mar 15, 12:00am -
  • Breached? Continuous Forensic Analytics Speeds Incident Response
    Over the course of the last few years, the number of publicized breaches has risen dramatically, ultimately costing some CXOs their jobs. The irony is that in many cases, the breach itself is not the cause of their dismissal, but rather it is the han…
    - 3 Mar 15, 12:00am -
  • Detecting the Invisible
    Our approach to securing the enterprise has changed, and breach detection technology has been largely instrumental in this process. This report from NSS Labs is the first in a three-part series on the impact of the breach detection system (BDS).
    - 2 Mar 15, 12:00am -
  • How Does The Average Enterprise Stay On Top of The Latest Technology?
    You’ve probably heard the phrase “drinking from a fire hose,” and in the security world, it has never been more applicable than it is today.
    - 4 Feb 15, 12:00am -

ICSA Labs

Miercomm Research

    Open DNS Security Lab

    • The Weather Report: Seamless Campaign, LuminosityLink RAT, and OG-Miner!
      In our first ever Cisco Umbrella Security Weather Report, we break down the Seamless Exploit Kit Campaign, discuss the LuminosityLink Remote Access Trojan and Open Graphiti Miner!The post The Weather Report: Seamless Campaign, LuminosityLink RAT, an…
      - 24 May 17, 1:00pm -
    • The Hours of WannaCry

      The Hours of WannaCry

      In the span of just 10 days, two large-scale, wormable attacks grabbed international headlines. First, a phishing campaign posing as a Google Docs sharing request gained access to Google accounts then spread across its victim’s contacts, and no…
      - 17 May 17, 2:33am -
    • Detecting the Google Docs Phishing Attack Using Traffic Analysis

      Detecting the Google Docs Phishing Attack Using Traffic Analysis

      The massive phishing attack disguising itself as a Google Docs sharing request is dominating headlines. We’re proud to say that our Sender Rank algorithm detected the attack before the blogs began to roll! Not only that, our unique perspective g…
      - 4 May 17, 5:54pm -
    • Enigma 2017 Recap

      Enigma 2017 Recap

      Earlier in February, a few of us from Security Research at Cisco Umbrella and Sarah Brown (from Security Links, based in Delft, The Netherlands) headed to Oakland for the 2nd annual Enigma Security Conference (Jan 30-Feb 1). Enigma is a 3-day confe…
      - 24 Apr 17, 6:32pm -
    • A Wretched Bin of Scum and Villainy

      A Wretched Bin of Scum and Villainy

      A Brief History of Pastes For more than 25 years, people looking to share computer code and snippets of text have used pastebins, web applications designed to store text. Often chosen because they would preserve formatting, pastebins were also an at…
      - 14 Apr 17, 5:45pm -
    • Healthcare industry embraces Cisco Umbrella
      Why are Healthcare organizations across the country using Cisco Umbrella? Healthcare IT professionals need to overcome a mounting list of security challenges: unmanaged consumer endpoints, ever-changing regulatory landscape, uptick in smart medical d…
      - 13 Apr 17, 8:06pm -
    • OG-Miner : Data Crawling on Steroids.

      OG-Miner : Data Crawling on Steroids.

      The Internet moves fast. New websites are created everyday, new articles are shared through blogs or social media, fresh data is served through APIs, emerging threats are repeatedly setup behind bulletproof and ephemeral infrastructures. Monitoring…
      - 4 Apr 17, 4:44pm -
    • ‘Seamless’ Campaign Delivers Ramnit via Rig EK

      ‘Seamless’ Campaign Delivers Ramnit via Rig EK

      The Cisco Umbrella Team has been tracking an Exploit Kit campaign that we refer to as ‘Seamless’ due to its inclusion of the now deprecated seamless iframe attribute. This campaign has been discussed indirectly in other blog posts – we’d…
      - 29 Mar 17, 11:10am -
    • Domain Names: Are you watching closely?

      Domain Names: Are you watching closely?

      Let’s say you’re a fan of DC Comics and visit their webpage frequently. If I were to ask you to recall the IP address of dccomics.com in order to visit the website, chances are you wouldn’t know it. The IP would have no meaning to you. Domain…
      - 28 Mar 17, 12:23pm -
    • Visualizing Time-Dependent Graphs

      Visualizing Time-Dependent Graphs

      Intro Data-Ink Maximization – is the concept of making every keystroke count (including the delete character), popularized by Edward Tufte. One famous example of this is how he redesigned the scatterplot into what is known as a rugplot. Simplify, t…
      - 21 Mar 17, 12:26pm -

    Forrestor Labs Reseach

    SANS Security Laboratory

    • Can you build a Defense in Depth architecture without an architect?
      We interviewed a number of GIAC AdvisoryBoard members who have been working as architects for majorenterprises as to what they look for an architecture position.
      - -
    • Will the Ph.D. become the Cybersecurity Terminal Degree?
      The percent of security job pastings asking for a Master's level degree is increasing. How much longer will it still be the terminal degree for the field.
      - -
    • Denial of Service
      As we say in cyber warfare, a denial-of-service attack is aneffort to make your opponents' information resources less valuable tothem. Of confidentiality, integrity, and availability, this isprimarily an availability attack. Stephen Northcutt disc…
      - -
    • Stephen Northcutt's Emerging Trends in IT and Security 2013 - 2015
      An emerging trends analysis and a stab at predictions for IT and security coming 2013-2015. Last updated May 2014.
      - -
    • Two factor authentication for online banking
      Eight or nine years ago, I was asking about banks that support twofactor authentication. At that time I found eTrade bank and CharlesSchwab and not much more. SANS NewsBites carried a story about HSBC and I as asked people if they knew of banks tha…
      - -
    • Daniel B. Cid, Sucuri
      Daniel Cid from Sucuri has agreed to a thought leadership interview. We hope that you will enjoy his thoughts and impressions and we certainly thank him for his time.
      - -
    • Dominique Karg, AlienVault
      Dominique Karg from AlienVault has agreed to a thought leadership interview. We hope that you will enjoy his thoughts and impressions and we certainly thank him for his time.
      - -
    • The 6 Categories of Critical Log Information
      This report is based on work done by Marcus Ranum, Tina Bird, Chris Brenton and Anton Chuvakin. Version 3 was created by Peter Czanik fromBalaBit. Version 3.01's technical review was done by members of the GIAC Advisory board: John Allison, Jake Eva…
      - -
    • Role Based Access Control to Achieve Defense in Depth
      Role-based access control (RBAC) is an access control method that organizations implement to ensure that access to data is performed by authorized users, and enterprise based RBAC is accomplished with Network Access Control (NAC).
      - -
    • Security Convergence and The Uniform Method of Protection to Achieve Defense in Depth
      Security convergence is an interesting trend that has been picking upspeed heading into 2008. We are running network information that wasformerly analog over our digital data networks, we are convergingformerly separate network devices, especi…
      - -
    • Hybrid Threats
      Though it is certainly true that malware has evolved a lot in thisdecade, the tools in use today are more similar than different fromthe attacker tools of ten years ago. The command and control is better,they are better able to evade detectio…
      - -
    • Lance Spitzner, Securing The Human, founder
      Lance Spitzner of Honeynet and Security The Human fame has agreed to a Thought Leadership interview and we certainly thank him for his time.
      - -
    • Security Predictions 2013-2014: Emerging Trends in IT and Security
      This is an effort to chronicle what a number of really smartpeople believe the state of the information security industry tobe, and where we are going. A lot of the emphasis is on securitythreats, but we also consider what is working and what g…
      - -
    • Separation of Duties in Information Technology
      Several authors join Stephen Northcutt to examine the special considerations for separation of duties in all organizations with regard to their information technology.
      - -
    • Stephen Northcutt's Security Predictions 2012 and 2013
      Stephen Northcutt identifies emerging trends in information security for the 2012, 2013 timeframe.
      - -
    • The Certificate Signing Trust Model Under Stress As An Industrial Security Model
      Acommon part of the security model for industrial IT applications is tonever accept or run a program or driver that has not been signed by theappropriate publisher. However, while it appears to be strongprotection against malicious code, in f…
      - -
    • Bill Pfeifer, Juniper Networks
      Bill Pfeifer is a Product Line Engineerat Juniper Networks supporting security software and data centerfirewalls. He has been in the IT field for 15 years, including stints atan Army tank base, atechnology reseller, and some time at a financi…
      - -
    • Security Predictions 2012 & 2013 - The Emerging Security Threat
      A look at some of the potential emerging trends and security threats for 2012 and 2013. File was started to help prepare for a panel on the same subject at SANS Security West, May 6 - 11 2011 San Diego and also for an upcoming Keynote. Love to hear y…
      - -
    • The Attack Surface Problem
      One of the most important things to understand about defense in depthis attack surface. We can define attack surface as our exposure, thereachable and exploitable vulnerabilities that we have.
      - -
    • Security Leadership Essentials Fairway Markers
      This document is known as the "fairway markers" for SANS Security Essentials. It reflects the newest version of the course which will be taught for the first time December 2010 in Washington DC ( SANS CDI ). We invite alumni of the course to review t…
      - -
    • Eric Cole Emerging Threats Summary 2010
      Here are Dr. Eric Cole's top eleven security issues for 2011 - 2012.
      - -
    • Stephen Northcutt's Security Predictions for 2011 and 2012
      In addition to the work that I have done roundingup other people's thoughts, I also work as a futurist for IT and ITSecurity, and this is my set of predictions for 2011 and 2012. I hope they are useful toyou.
      - -

    Research Labs