Unsecured IoT – A Dangerous Gambit!

By: Darin Barton CISSP, CISA In October 2016, one of the world’s largest and most devastating DDoS attacks occurred through IoT (Internet of Things) devices. This was not a complex attack, in fact, it was as simple as it was devastating and affected several major sites including: Amazon, Twitter, Spotify, Netflix and others. How Did This […]

Are You Ready for SDN?

By: Darin Barton CISSP, CISA Someone recently referred to SDN (Software Defined Networking)  as “Still Done Nothing” which I found amusing; but it’s true.  While I’ve been touting the merits of SDN for a few years now, and the technology provides exciting advancements and capabilities, I know of very few organizations who have adopted it. The concept of SDN was created in […]

DDoS Extortion – Prepare Yourself

By: Darin Barton CISSP, CISA 2016 has seen an increase in DDoS extortions for two simple reasons – it’s low risk and companies are willing to pay.  The question is, what would you do? In March 2016 a group calling themselves the Armada Collective began sending emails to a variety of businesses providing on-line services.  These email […]

Malware Defense: Up Your Game!

By: Darin Barton CISSP, CISA, ITILv3 In 2016, organizations can no longer hope to successfully quarantine and clean infected systems on a regular basis. Today, our strongest recommendation is to DETECT, ISOLATE and RE-IMAGE; but this is easier said than done without the proper strategy in place. One of the most challenging obstacles for IT is to both identify and block malware as it crosses the network threshold. Malware can enter a host system through several […]

Security Awareness Training – It’s Worth It!

By: Darin Barton CISSP, CISA We tend to expect a little too much from our employees when it comes to understanding the risks associated with their IT and online habits.  We tell them, “DON’T click on this” and “DON”T go to that” without really informing them why this is necessary.  Over time they get desensitized to IT security and […]

You Can’t Stop What You Can’t See

By: Darin Barton CISSP, CISA By 2017 it is expected that 50-70% of all Internet based traffic will be encrypted.  If that is the case then we need a serious paradigm shift in our perception of IT security – this is The Encrypted Traffic Dilemma. It was early in 2015 when I recognized the growing void within […]

A New Assessment Strategy for 2016

By: Darin Barton CISSP, CISA Vulnerability assessing & penetration testing has long been identified with a mandated once-a-year approach.  The shelf life on this bill-of-goods has long since expired and it is time to adopt a new assessment strategy for 2016. The concept and practice of vulnerability assessing has been misunderstood and drastically underutilized for years.  It continually surprises me […]

Targeted Attack Protection

By: Darin Barton CISSP, CISA Targeted Attacks and Advanced Persistent Threats (APT) are now considered the Number #1 attack vector for cyber criminals. WHY?  Because it works! What exactly is the difference between a Targeted Attack and an Advanced Persistent Threat (APT).  In truth, they are similar but APT’s are generally thought of as being initiated by […]

The 2016 Threat Landscape

By: Darin Barton CISSP, CISA The I.T. threat landscape is rapidly changing and few are immune to its effects.  We expect a significant rise in the complexity of malware and targeted attacks in 2016.  The question is:  Will you be ready? In 2016 we believe there are four vulnerability zones to be acutely aware of: Targeted Attacks Social Engineering Encrypted […]

Security Advisory: Ghost Vulnerability

By: Neil Davidson, SOC Supervisor A vulnerability in the Linux glibc library has recently been discovered, known as ‘GHOST’. With this vulnerability, it can allow attackers to remotely take complete control of the infected system without having any prior knowledge of system credentials. We have investigated with our vendors and determined the current status of their […]