Security Management Strategies for the CIOEmail Alerts
-
Enterprise network security visibility: Beyond traditional defenses
Organizations have implemented various network security technologies to gain better visibility into their networks. However, these security technologies place an increased demand on the network. This TechGuide explores how to improve network security... E-Handbook
-
Improving security management processes with SIEM
This Security School will explain the best means for an organization to effectively analyze SIM data, how to improve SIM collection, set reasonable goals for these tools and how to get the best data in order to improve incident response, change manag... partOfGuideSeries
-
Using SIM for threat monitoring
From a security perspective, it is challenging to keep ahead of the constantly evolving enterprise threat landscape. Security information and event management (SIEM) systems, however, can be a vital component of an enterprise’s threat mitigation arse... partOfGuideSeries
-
Network Forensics: Tracking Hackers through Cyberspace
Authors Sherri Davidoff and Jonathan Ham discuss the benefits of Web proxies and caching for forensic analysts in this chapter excerpt from their co-authored book, Network Forensics: Tracking Hackers through Cyberspace. Feature
-
Introduction to IDS IPS: Network intrusion detection system basics
This one-page guide, which is a part of the SearchSecurity.com IDS/IPS Security Guide, acts as an introduction to both IDS and network intrusion prevention system (IPS) technology. Here, security professionals will learn how to determine which IDS/IP... guide
-
Securing DNS
In this Security School lesson, learn the myriad threats to DNS security including cache poisoning and denial of service attacks, IP spoofing, footprinting and redirection attacks. partOfGuideSeries
-
Security School: Security event log analysis
Learn valuable techniques for sifting through logs to find legitimate security events you need to analyze and respond to before they negatively affect your organization’s bottom line. AIOG
-
Security event log analysis
Learn valuable techniques for sifting through logs to find legitimate security events you need to analyze and respond to before they negatively affect your organization’s bottom line. partOfGuideSeries
-
Quiz: How DAM can help detect and trace attacks
Take this five-question quiz to reinforce your knowledge of how DAM can help enterprises gain new visibility into their databases to help detect and trace potential attacks. Quiz
-
Chained Exploits: How to prevent phishing attacks from corporate spies
Ever wonder if someone is monitoring everywhere you go on the Internet? In this chapter excerpt from Chained Exploits: Advanced Hacking Attacks from Start to Finish, learn how to keep corporate spies at bay. Book Chapter
-
Nessus 3 Tutorial: How to use Nessus to identify network vulnerabilities
Learn how to use Nessus, an inexpensive vulnerability scanner, with our Nessus Tutorial Guide. It not only examines the benefits of this free open source tool, but also walks you through the processes of using it in the enterprise, from installation ... SearchSecurity Technical
- See more Essential Knowledge on Monitoring Network Traffic and Network Forensics
-
Sourcefire updates malware detection, malware analysis capabilities
New features for detecting and analyzing malware in Sourcefire's FireAMP and FirePOWER products supplement flagging signature-based antimalware. News | 21 May 2013
-
Network threat detection moves beyond signatures
Network threat detection requires content monitoring and analysis, rather than solely relying on matching network packets to existing signatures. News | 02 Jul 2012
-
Shared philosophy aids FBI agent’s move to security startup CrowdStrike
Attackers are already in the network, so if companies aren’t monitoring activity, they’re not doing enough, said Shawn Henry of CrowdStrike. News | 23 Apr 2012
-
Marty Roesch pushes collective analysis, underscores cyberthreat intelligence
Sourcefire CTO Marty Roesch introduced cloud-based analysis for threat intelligence gathering. Network security monitoring platforms like RSA NetWitness may be headed in a similar direction. News | 08 Feb 2012
-
Next generation SIEM could boost network visibility, but platforms must scale, experts say
Can security information and event management systems be the foundation for comprehensive IT data analytics? Powerful correlation engines and sharper analytical capabilities are forthcoming, analysts say. News | 01 Nov 2011
-
EMC to acquire NetWitness in wake of RSA cyberattack
EMC said NetWitness will become a core element of RSA's security management products. Article | 04 Apr 2011
-
NetWitness' CSO on targeted malware, Spectrum malware analysis tool
Eddie Schwartz, CSO of network analysis firm NetWitness, talks about targeted malware in the wake of Stuxnet and the company's new Spectrum malware analysis platform. Article | 31 Jan 2011
-
Security expert calls for overhaul of traditional networks
A new "Zero Trust" security model could help prevent insider attacks and eliminate trustless external networks. News | 04 Oct 2010
-
Deep packet inspection software at root of Red Lambda network security
Systems used to protect universities from litigation by weeding out and documenting peer-to-peer file sharing use are now being aimed at the enterprise. Article | 22 Jul 2010
-
Network forensics tools increasingly aid security response teams
As malware continues to evade signature-based antivirus and intrusion prevention systems some organizations are turning to network capturing and analysis tools to detect anomalies and respond to security threats as they happen. One such vendor, Hernd... Interview | 02 Jun 2010
- See more News on Monitoring Network Traffic and Network Forensics
-
Marcus Ranum chat: Network threat detection and wireless attacks
Security expert and Information Security magazine columnist goes one-on-one with Aaron Turner, co-founder of security consulting firm N4Struct. Column
-
Prevent data loss, theft with secure data outputs
To secure data outputs, some organizations are going a step further by deploying data protection systems for specific applications. Opinion
-
Firewall and system logs: Using log file analysis for defense
Log analysis is the most under-appreciated, unsexy aspect of infosecurity, yet Marcus Ranum says it's one of the most important. Opinion
-
To improve breach detection, revisit intrusion detection techniques
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis. Tip
-
SIEM best practices for advanced attack detection
SIEM struggles are common, but Mike Rothman explains why SIEM products are critical for advanced attack detection, and offers a SIEM tuning step-by-step. Tip
-
Logging in the cloud: Assessing the options and key considerations
Expert Dave Shackleford considers a variety of options for logging in the cloud and determines which choice works best for enterprises. Tip
-
Network log management on a budget: How to streamline log analysis
Expert Matt Pascucci examines free tools and offers simple tactics that organizations can use to streamline the network log analysis and management process. Tip
-
Using the network to prevent an Oracle TNS Listener poison attack
Expert Michael Cobb details the Oracle TNS Listener poison attack and tells how enterprises can use the network to defend vulnerable applications. Tip
-
Hardening the network against targeted APT attacks
Mike Chapple offers best practices to defend your network against the latest threat to the security landscape, targeted APT attacks. Tip
-
DNS attack prevention: Inside DNS components vulnerable to attack
DNS attack prevention demands an understanding of the four core DNS components attackers often target. Expert Char Sample explains. Tip
-
Types of DNS attacks reveal DNS defense tactics
A thorough understanding of the types of DNS attacks, including DoS, reflector attacks and DNS cache poisoning, reveal key DNS defense tactics. Tip
-
NMAP NSE tutorial: Network asset and vulnerability identification
In this screencast, expert Mike McLaughlin offers an NMAP NSE tutorial for enterprise network asset and vulnerability identification. Tip
-
How antivirus software works: Virus detection techniques
Antivirus software uses several different virus detection techniques, as described in this tip by expert Lenny Zeltser. Tip
- See more Tips on Monitoring Network Traffic and Network Forensics
-
Recommended tools for remote access Trojan detection
Expert Brad Casey suggests tools that can detect remote access Trojans, or RATs, like FAKEM. Answer
-
Fiber optic networking: Assessing security risks
Matthew Pascucci discusses the potential security risks associated with fiber optic networking. Answer
-
Audit log security: How to monitor and protect audit logs
Is it possible to make audit logs tamper-proof? Expert Matthew Pascucci offers best practices for audit log security and monitoring. Answer
-
Should syslog format be mandatory in a log management product?
Matt Pascucci discusses what to look for when evaluating a log management product and whether syslog format should be a requirement. Answer
-
What to look for in full-packet-capture and network forensic tools
Matt Pascucci explains what to look for in full-packet-capture network logging and network forensic tools, and areas to focus on during the search. Answer
-
Conducting APT detection when Elirks, other backdoors hide traffic
Is it possible to detect APT attacks when malicious traffic is hidden? Expert Nick Lewis details how the Elirks backdoor connection hides APT traffic. Answer
-
Network perimeter security: How to audit remote access services
Matt Pascucci discusses the best tools to audit Internet-facing remote access services and boost network perimeter security. Answer
-
Can a malware 'pressure chamber' provide effective malware containment?
Infosec threats expert Nick Lewis discusses the viability of an antimalware "pressure chamber: to help bolster enterprise malware containment. Answer
-
Print-management software security starts with a private IP address
Print-management software shouldn’t provide a great risk to a company provided it uses a private IP address, says expert Mike Chapple. Answer
-
Network topology mapping: How to automate network documentation
Network topology mapping to boost security can be time-consuming. Learn how to automate network documentation with network management tools. Answer
- See more Expert Advice on Monitoring Network Traffic and Network Forensics
-
computer forensics (cyber forensics)
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Definition
-
network behavior analysis (NBA)
Network behavior analysis (NBA) is a method of enhancing the security of a proprietary network by monitoring traffic and noting unusual actions or departures from normal operation... (Continued) Definition
-
snoop server
A snoop server is a server that uses a packet sniffer program to capture network traffic for analysis. Definition
-
promiscuous mode
In a network, promiscuous mode allows a network device to intercept and read each network packet that arrives in its entirety. This mode of operation is sometimes given to a network snoop server that captures and saves all packets for analysis (for ... Definition
-
footprinting
In the study of DNA, footprinting is the method used to identify the nucleic acid sequence that binds with proteins. Definition
-
network forensics
Network forensics is the capture, recording, and analysis of network events in order to discover the source of security attacks or other problem incidents. Definition
-
information signature
To fight terrorism, the Information Awareness Office (IAO) of the U.S. Defense Advanced Research Projects Agency (DARPA) is planning to develop a system that uses a super database of recorded online transactions and analytical programming that will i... Definition
-
inverse mapping
Inverse mapping is a procedure used to create associations between real or virtual objects that involves some type of reversal of another process or concept. Definition
-
bridge
In telecommunication networks, a bridge is a product that connects a local area network (LAN) to another local area network that uses the same protocol (for example, Ethernet or token ring). Definition
-
probe
In telecommunications generally, a probe is an action taken or an object used for the purpose of learning something about the state of the network. Definition
-
Why advanced malware detection is key to cut through 'network noise'
Video: Wolfgang Kandek, CTO at Qualys, discusses the need for advanced malware detection as true enterprise threats are being lost in "network noise." Video
-
Martin Roesch remembers John Burris; details new Sourcefire products
Video: Interim CEO Martin Roesch pays tribute to late CEO John Burris and discusses new Sourcefire products, including its incident response service. Video
-
Amit Yoran on 'big data' security analytics, threat intelligence
Amit Yoran of RSA NetWitness discusses 'big data' security analytics, threat intelligence and network security monitoring with News Director Rob Westervelt. Video
-
Zenmap tutorial: Mapping networks using Zenmap profiles
Video: In this Zenmap tutorial screencast, Keith Barker of CBT Nuggets explains how to efficiently map networks graphically using Zenmap profiles. Video
-
Webcast: Conduct network forensic analysis to uncover digital crimes
Experts Sherri Davidoff and Jonathan Ham discuss how network forensic analysis exposes the evidence of digital crimes, plus conducted user Q&A. Webcast
-
DNSSEC deployments: The top 5 concerns and how to avoid them
A DNSSEC deployment is possibly the best mitigation for cache poisoning attacks. Learn how to avoid the top five concerns in DNSSEC deployments. Podcast
-
File integrity monitoring software benefits for the enterprise
In this video, Spryo Malaspinas offers a primer on file integrity software basics and file integrity monitoring software benefits for enterprises. Video
-
Dan Guido on teaching penetration testing courses; intrusion analysis
The iSec Partners consultant talks about his penetration testing courses at NYU, his research on intrusion analysis and rethinking intrusion defense. Video
-
PCI compliance requirement 10: Auditing
Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 10: "Track and monitor all access to network resources and cardholder data." Video
-
How to use Nmap to scan a network
Peter Giannoulis takes a look at everybody's favorite, freely available port scanner and OS identifier: Nmap. Video
-
To improve breach detection, revisit intrusion detection techniques
To solve the breach-detection issues highlighted in the 2013 Verizon DBIR, several intrusion detection techniques are needed, says expert Nick Lewis. Tip
-
Recommended tools for remote access Trojan detection
Expert Brad Casey suggests tools that can detect remote access Trojans, or RATs, like FAKEM. Answer
-
Enterprise network security visibility: Beyond traditional defenses
Organizations have implemented various network security technologies to gain better visibility into their networks. However, these security technologies place an increased demand on the network. This TechGuide explores how to improve network security... E-Handbook
-
Sourcefire updates malware detection, malware analysis capabilities
New features for detecting and analyzing malware in Sourcefire's FireAMP and FirePOWER products supplement flagging signature-based antimalware. News
-
SIEM best practices for advanced attack detection
SIEM struggles are common, but Mike Rothman explains why SIEM products are critical for advanced attack detection, and offers a SIEM tuning step-by-step. Tip
-
Fiber optic networking: Assessing security risks
Matthew Pascucci discusses the potential security risks associated with fiber optic networking. Answer
-
computer forensics (cyber forensics)
Computer forensics is the application of investigation and analysis techniques to gather and preserve evidence from a particular computing device in a way that is suitable for presentation in a court of law. Definition
-
Improving security management processes with SIEM
This Security School will explain the best means for an organization to effectively analyze SIM data, how to improve SIM collection, set reasonable goals for these tools and how to get the best data in order to improve incident response, change manag... partOfGuideSeries
-
Audit log security: How to monitor and protect audit logs
Is it possible to make audit logs tamper-proof? Expert Matthew Pascucci offers best practices for audit log security and monitoring. Answer
-
Should syslog format be mandatory in a log management product?
Matt Pascucci discusses what to look for when evaluating a log management product and whether syslog format should be a requirement. Answer
- See more All on Monitoring Network Traffic and Network Forensics
About Monitoring Network Traffic and Network Forensics
Get tips and information on network forensics, monitoring network traffic and traffic analysis through traffic monitoring tools and software, and discover how the technologies can help expose potential hacker threats and vulnerabilities and identify strange traffic patterns.