Lancope's research looks at a collection of nearly two million unique botnet malware samples in an attempt to better understand how botnets use the Internet to communicate. Lancope created visualizations of the TCP and UDP ports that these malware samples used for command and control communications between 2010 and 2012, and compared that information to legitimate network traffic in a typical small office environment. Significant differences in the utilization of different ports are immediately noticeable from the images that Lancope created. READ MORE
This week I’m in Berlin, Germany for Virus Bulletin, the premier technical conference for the anti-malware industry. I have the honor of appearing twice on the conference agenda this year. The first event is a joint presentation with Microsoft regarding the ethics of public vulnerability disclosure. The second appearance is on a panel about collateral damage in cyber conflict. READ MORE
Syslog, packet captures and NetFlow each have their place in an incident responder’s toolset. While most incident responders are very familiar with the power of Syslog and packet captures, many don’t have direct experience working with NetFlow. We encourage them to take a closer look. READ MORE
Unfortunately, many organizations have a perimeter-centric approach to network security and don’t have a lot of visibility into what is going on inside their networks. Closing this internal network visibility gap can be a key ingredient in a comprehensive approach to protecting an organization from Advanced Persistent Threat. READ MORE
We have become too reliant upon fully automated systems to detect and stop computer security breaches. People naturally desire a solution that will prevent all security incidents from occurring in the first place, but is it really reasonable to expect fully automated solutions to stop sophisticated attacks?