Charles Herring Charles Herring RSS Feed

Charles Herring is a senior systems engineer at Lancope. Prior to joining the Lancope team, he was a long-time StealthWatch user while serving as a network security analyst with the U.S. Navy.

Anatomy of an SQL Injection

Intelligent NetFlow analysis can provide deep visibility into an SQL injection at several stages of the assault. The mitigation can be automatic or authorized by an operator. Mitigation can range from blocking the traffic at a firewall to advanced actions including routing traffic into a Honeynet. NetFlow analysis provides the actionable intelligence needed to prevent, mitigate and respond to data exfiltration of this type. READ MORE

Are My Computers for Rent?

In a recent blog entry, Brian Krebs revealed that a Russian-based service is selling the IP addresses, usernames and passwords of computers inside organizations including Fortune 500 companies using the Remote Desktop Protocol (RDP). In the comments section, some readers asked how they can check if their servers are listed in the service’s database. While there certainly is merit in that type of diligence, they could better answer that question by reviewing their own network surveillance data. It is a question that intelligent analysis of enterprise NetFlow/IPFIX can quickly answer. READ MORE

Day Zero Is How Long??!

We would like to think that vulnerabilities do not remain zero-day for long, particularly if they are in the hands of attackers. Unfortunately, a recent report from Symantec Research Labs indicates that this is not the case. READ MORE

Network Security School of Fort Knox: Part 6

In the history of security breaches, a common thread is often inadequate procedures. In any security evolution, having appropriate procedures often means the difference between success and failure. READ MORE

Network Security School of Fort Knox: Part 5

One thing we can learn from reading police blotters is that not all attackers are the same. Let’s take a look at the various characteristics of would-be robbers of Fort Knox, and how they compare to the different types of attackers trying to access your network. READ MORE