May 29, 2014 | Darrick Kristich

The Road to Compliance AND Security: Why business needs a new approach

Almost every week another major company is in the media for another security breach or data leak. Last week it was eBay. This week, it was Spotify and Office, a UK-based clothing retailer. With this continued coverage on security issues, comes a growing concern that businesses are having an increasingly difficult time maintaining a solid security posture. Pile on the…

May 27, 2014 | Kate Brew

Security by Sharing! OWASP Austin: Talk on Crowd-Sourced Threat Intelligence

Jaime Blasco of AlienVault with Kyle Smith, OWASP Austin Chapter President Jaime spoke at the Austin OWASP chapter meeting on 5/27. He is a security researcher with broad experience in network security and malware analysis. The last OWASP meeting Jaime presented at was in Barcelona sixyears ago, when he was doing penetration testing. A video recording of the talk is here …

Get the latest security news in your inbox.

Subscribe via Email

May 20, 2014 | Michael Roytman

CVSS Score: A Heartbleed By Any Other Name

Heartbleed is a vulnerability with a CVSS score of only 5.0/10. As of this morning we have observed 840 breaches related to the Heartbleed vulnerability, CVE-2014-0160. More than enough has been said about the technical details of the vulnerability; hence I’d like to use this post to discuss the vulnerability management implications of Heartbleed, because they are both alarming…

May 13, 2014 | Patrick Bedwell

Operation Saffron Rose Catches Ajax Security Team in Cyber Espionage

FireEye published a report today on ‘Operation Saffron Rose’ documenting cyber espionage activity conducted by the Ajax Security Team, a hacking group believed to be based in Iran. The group was previously known for web defacement, but apparently they’ve moved on to malware-based spying. The techniques used to install the malware and/or acquire credentials include…

May 13, 2014 | Lauren Barraco

Top 4 Security Questions to Ask of Your Data (and The Data You Need to Answer Them)

The security industry has an unhealthy love affair with complexity and sophistication. Blame it on the media, or our own tendency towards masochism... but, whatever the reason, it seems that most are more interested in putting most of our time and attention on Advanced Persistent Threats or zero day attacks than in implementing basic security practices. The sad truth is…

May 6, 2014 | Patrick Bedwell

Vulnerability Management Programs and New Age Hackers

From Drawception.com Back in the day, hackers really didn't think to gain by their activities – they broke into systems or web sites for fun and to show off their capabilities.  While this situation was pesky, it turned out that things can always be worse.  Now, with the emergence over the last several years of…

April 29, 2014 | James Taliento

Using OSSIM to Hone Your Security Skills

When you think of SIEM, some of us automatically assume that it's just another tool deployed into a SOC (Security Operations Center) that is used by security analysts and incident responders to identify and react to events occurring on their network. That wouldn't be a false assumption, however, there are practical applications for using an open source security…

April 22, 2014 | Lauren Barraco

File Integrity Monitoring - Because Bad Guys are Sneaky

Sadly, perpetrators of malicious changes in IT don't just announce themselves. While on the surface, File Integrity Monitoring (FIM) doesn't appear all that sexy to security practitioners, it is a great way to deal with sneaky bad guys. It's forensic in nature - providing the ability to look at changes after-the-fact to figure out what happened. The…

April 15, 2014 | Lauren Barraco

Top 5 Problems with Traditional SIEM (Infographic)

Unlike security cameras, going from installation to insight with a traditional SIEM is far from straightforward. In this infographic, we’ll cover a few common problems with SIEM technologies, and how you can avoid those pitfalls with AlienVault Unified Security Management. SIEM is too complex. Collecting the right data, aggregating it, normalizing and correlating disparate technologies for that one…

April 11, 2014 | Jaime Blasco

What should I do about Heartbleed?

Heartbleed is not an exploit you want to ignore as an IT professional. It exposes passwords and cryptographic keys, and requires not only that you patch OpenSSL for each of the services using the OpenSSL library, but also that you replace the private keys and certificates so that attackers won’t be able to use any of the data…

March 25, 2014 | Conrad Constantine

Better than SIEM: Unified Security Management

In Part 1 of this series, we discussed what a SIEM actually is. In Part 2, we discussed what kind of logs you need for an effective SIEM implementation. So life should be grand, right? Nope, the big problem is that most systems’ log files don’t contain entries that say, “Help! Help! I’m being attacked!”…

March 4, 2014 | Lauren Barraco

What’s New in AlienVault v4.5?

At AlienVault, we know that you never have enough time to dedicate to security and that’s why we’re laser focused on how to make threat detection and incident response more efficient for everyone. We know you probably have a full-time job in addition to security and that you can’t afford to waste time tracking…

Watch a Demo ›
Get Price Free Trial