10 years ago, when Gartner defined SIEM (Security Information and Event Management) it was trending in the cybersecurity landscape, and every organization was looking for one. More players started coming in with different set of architecture and deployment based on organizations size and requirements. Even now there are new companies coming up with a new […]Read More Breach and Attack Simulation – BAS Products Compared
Australia Signal Directorate (ASD) and Australia Cyber Security Centre (ACSC) has defined a strategy called Essential Eight to help organizations mitigate threats and adversaries. These eight strategies are baselines and can be used as a starting point for organizations and then strengthen up the defense. In this post, I have explained the eight strategies and […]Read More How to protect your organization using Essential Eight mitigation strategy?
Your SIEM (Security Information and Event Management)’s ROI depends on how effectively you tune it. Data sources like Firewall, AD server, File server, generates millions of logs every day. Without proper audit policy and SIEM filters, 80% of logs are noise. If you do not tune it, you will not get real value from your […]Read More How to reduce noise in your SIEM?
Every time I get a requirement to monitor critical events from a vendor, I have to go through multiple documents to understand and collate information about the vendor, the log schema and the types of events. This information is hard to Google and gather straightaway. So here I’m posting some Cisco ASA events of interest […]Read More Events of Interest to monitor in Cisco ASA Firewall/IPS
Active directory in Windows have some built in features to set restriction for passwords created in your environment. How cool would it be if we can compare the passwords used in your AD environment with the passwords disclosed in breach database? By doing this you can ensure that none of your users are using weak […]Read More Active Directory Password Audit – Using Pwned Passwords