Lessons from the field: To the Left or Right of Boom?

Many in Cyber Security tend to focus on the security event (the “Boom”) and mitigating the impact after (to the right of) the Boom. To build true Cyber Resiliency, we need to spend as much, if not more, time to the left of Boom, building the processes for responding to the Boom or better yet, […]

Lesson from the field: Introducing Anti-goals to your project

I was talking to a client recently about a project we were working on and the term “Anti-Goal” popped up. We all know what goals are. The thing that we are trying to accomplish. Anti-goals are those things we are trying to avoid. As we discussed the goals of the project, my client said “And of course we do […]

Upcoming Features for Cyences 1.10.0

Cyences 1.10.0 enriches the data for Office 365 by adding several new dashboard panels and alerts that cover a wide array of changes and updates which are extremely useful for security admins. “Splunk Admin Checks” has been added to the app’s navigation bar to improve the auditing experience for any administrator. The dashboards under Splunk […]

How to Create a Strong Password

1. Make Passwords Long Password length is a primary factor in characterizing password strength. Passwords that are too short or are commonly used words and phrases are vulnerable to brute force attacks.  – NIST (National Institute of Standards and Technology)– Reformed hacker Kevin Mitnick recommends 20-25 characters  2. How Do I Create A Strong Password? […]

Dealing with Security False Positives in Splunk (Enterprise Security)

SIEM tools are extremely useful for security engineers, but a major problem with SIEMs are false positives. No matter which SIEM tool an organization relies on, false positives are a common denominator across the board, since these security tools are generally built to support all environments. Security engineers often find themselves manually fine tuning these […]

Cyences Version 1.6.1 Enhancements & Updates

Added a new Sophos Central endpoint metadata collection command Device Master Table has been renamed to Device Inventory Table  Enhancements have been made to the Device Inventory Table, Asset Intelligence, Forensics, and Office 365 dashboards New Linux/Unix report Sophos Central  Sophos is highly recognized as a worldwide leader in next-generation cyber security. Cyences is set […]

Cyences App Fixes Splunk Integration with Palo Alto Networks

Palo Alto Networks latest software update, known as PAN-OS 9.1, has officially changed the log format for VPN/GlobalProtect logs. This switch has resulted in Splunk users experiening problems with populating their data for VPN/GlobalProtect related dashboards. Palo Alto Networks Log Format Comparison for Splunk 9.0 Log Format ● Previously, GlobalProtect data was present in the […]

Cyences App for Splunk 1.1.0 with Sysmon 13.0

We’ve recently added Sysmon 13 support to our Cyences App in order to detect some of the latest malware/ransomware techniques [Mailto/defray777 ransomware, TrickBot, and BazarBackdoor]. Sysmon 13 lets us monitor the activity of Windows 10 processes and can now detect process hollowing or process herpaderping techniques which would normally not be visible in Task Manager. […]