November 21, 2014 | Kate Brew

AlienVault Joins Industry Leaders to Discuss IT Security Trends in Latin America

In November, Carlos Dodero, LATAM Business Unit Manager and Victor Obando, LATAM Senior Advisor at AlienVault participated on panels at the GMS-sponsored Conference in Ecuador attended by 300 and the E-Dea Networks event in Colombia attended by 50 to discuss security trends in the LATAM market with other IT security leaders. In addition, a third partner event featuring AlienVault was held by…

November 18, 2014 | Garrett Gross

Security Tips for Retailers and Consumers this Holiday Season

With the holiday season quickly approaching, many retailers might be finding themselves in the crosshairs of criminals, both physically and online. The unfortunate reality is that most of them are soon entering an IT freeze, or already have, where no new projects go live and performance and availability take precedence. In many cases, this means that any new security upgrades…

Get the latest security news in your inbox.

Subscribe via Email

November 13, 2014 | Garrett Gross

2014 SANS Incident Response Survey Results

With the recent streak of widely publicized breaches of well-known companies, many organizations are examining their incident response (IR) capabilities. SANS conducted a survey earlier this year to explore what IR teams are up against – what types of attacks are most common, what defenses are most widely used, and what challenges IR teams face in their response efforts. The…

November 10, 2014 | Kate Brew

LASCON 2014: If You’re Still Blaming Users, You’re Doing It Wrong

Austin Texas was a good place for Security on October 23-24! So many luminaries: @MartinHellman2, @mattjay, @JohnathanKuskos, @oleggryb, @lance_io, @manicode, @wickett, @mkonda, @jarretraim, @matt_tesauro, @isc4ThePeople, @planetlevel, @securitycabinet, @cktricky, @carnal0nage, @mgbits, @maty_siman, @joshsokol, @marcusjcarey, @jack_mannino, @imas_foss, @lostgravity, @dferguson_usa, @kseniaDmitrieva, @golfhackerdave, @ka, @stephenCoty, @RSnake, @Dav1dHugh3s I couldn’t find all the…

November 5, 2014 | Alissa Knight

Red teams; a diary from the garden of Red versus Blue

As with most terminology used in information technology, such as DMZ (or Demilitarized Zone), the term Red team was originally adopted from its use by the US military, which is still heavily used today in the ongoing force transformation of the Department of Defense. A red team is an independent group that challenges an organization to improve its effectiveness. The…

November 3, 2014 | Dan O'Leary

5 Mobile Device Security Policies to Help You Sleep at Night

Thinking about mobile device security policy keeps me up at night. It probably keeps you up too. On a recent evening, I was browsing the findings of a study by McAfee and Ponemon Institute titled “The Lost Smartphone Problem[i],” which provided data on how many employee devices are lost and recovered annually. My life is exciting. This…

October 28, 2014 | Jaime Blasco

From Russia with love: Sofacy/Sednit/APT28 is in town

Yesterday, another cyber espionage group with Russian roots made it to the New York Times headlines again courtesy of FireEye and a new report they published. FireEye did a pretty good job on attribution and giving some technical indicators; however, they neglected to reference previous work on this threat actor from companies like PWC, TrendMicro, ESET and others. We have…

October 20, 2014 | Piper Lemoine

Jaime Blasco at Innotech 2014 on the Role of Threat Intelligence

Jaime Blasco, Director of AlienVault Labs, and Charisse Castagnoli, office of the CISO at Websense presented a joint session at Innotech 2014. Their discussion centered on breaches, insider threats, predictions and threat intelligence. When asked about how he stays current on the volatile threat landscape, Jaime had an interesting observation: it’s good to have friends. In IT security, even…

October 17, 2014 | Garrett Gross

When its raining cats and dogs, be careful to not step in a poodle…

A new security vulnerability was discovered by a team of researchers from Google that affects SSL v3. This vulnerability, dubbed POODLE (Padding Oracle On Downgraded Legacy Encryption), while nowhere as serious as Heartbleed or Shellshock, can still wreak havoc on your machine or in your environment if the right set of circumstances were to put you in the crosshairs of…

October 15, 2014 | Kate Brew

Account Entrapment: The Victim is Tricked into “Playing for the Wrong Team” with Cookie Abuse

Ben Broussard of Denim Group presented at OWASP Austin on 9/30 and highlighted a really interesting new kind of attack – Account Entrapment. What is Account Entrapment? Counter-intuitive at first glance, it’s not about an attacker gaining access to the victim account. It’s the opposite. It is the attacker being able to log the victim into his…

October 7, 2014 | Branden Williams

Effective PCI Compliance for the Small Business

Companies who process credit card data are getting pummeled by breaches. It doesn’t seem to matter if you are big or small anymore—you are going to be targeted if you have not already been breached. That’s what PCI DSS is for, right? If you follow all of the requirements in PCI DSS, you should…

October 1, 2014 | Garrett Gross

Bourne Again: Helping you see the light through the Shellshock exploit

A recently discovered hole in the security of the Bourne-Again Shell (bash) has the majority of Unix/Linux (including OS X) admins sweating bullets. You should be, too--attackers have already developed exploits to unleash on unpatched web servers, network services and daemons that use shell scripts with environment variables (this can include network equipment, industrial devices, etc.) Jaime Blasco, AlienVault…

Watch a Demo ›
Get Price Free Trial