Analytics
11/28/2011
01:34 PM
Dark Reading
Dark Reading
Slideshows
50%
50%

Slide Show: 10 Tips And Best Practices For Becoming A Data Security Detective

Tips from security insiders on gathering and analyzing security intelligence and identifying new threats, as well as APT attacks
Previous
1 of 10
Next


Until recently, IT security technicians spent much of their time managing passwords, access lists, and firewall configuration tables. Today, however, the role of the security pro has shifted radically toward threat analysis, forensic investigation, and incident response. The modern data security professional is increasingly asked to be skilled in roles such as first responder, malware researcher, log file analyst, and threat evaluator.

On October 20, 2011, InformationWeek and Dark Reading hosted an all-day virtual event, where experts offered detailed insight in how to collect security intelligence in the enterprise, and how to analyze and study it in order to efficiently identify new threats as well as low-and-slow attacks such as advanced persistent threats. Several best practices emerged from the event, including the following tips from security insiders.

Keynote speaker FBI Special Supervisory Agent (SSA) Melissa Horvath, from the Bureau’s Cyber Division, Cyber Criminal Unit 1, emphasized the importance of understanding how and why criminals perpetrate financial crimes, and explained the inner workings of financial fraud cases involving electronic money transfers.

Previous
1 of 10
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-2808
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Bionic in Android before 4.1.1 incorrectly uses time and PID information during the generation of random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a rel...

CVE-2014-9713
Published: 2015-04-01
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified vectors.

CVE-2015-0259
Published: 2015-04-01
OpenStack Compute (Nova) before 2014.1.4, 2014.2.x before 2014.2.3, and kilo before kilo-3 does not validate the origin of websocket requests, which allows remote attackers to hijack the authentication of users for access to consoles via a crafted webpage.

CVE-2015-0800
Published: 2015-04-01
The PRNG implementation in the DNS resolver in Mozilla Firefox (aka Fennec) before 37.0 on Android does not properly generate random numbers for query ID values and UDP source ports, which makes it easier for remote attackers to spoof DNS responses by guessing these numbers, a related issue to CVE-2...

CVE-2015-0801
Published: 2015-04-01
Mozilla Firefox before 37.0, Firefox ESR 31.x before 31.6, and Thunderbird before 31.6 allow remote attackers to bypass the Same Origin Policy and execute arbitrary JavaScript code with chrome privileges via vectors involving anchor navigation, a similar issue to CVE-2015-0818.

Dark Reading Radio
Archived Dark Reading Radio
Good hackers--aka security researchers--are worried about the possible legal and professional ramifications of President Obama's new proposed crackdown on cyber criminals.