Often times, as Regional Technical Managers, we engage with clients in device scoping exercises to determine what security logs we should be monitoring. A while back I blogged about this topic, but I wanted to expand a bit more into security logging value, as well as the priority of various log sources.

In most situations the general approach to scoping is to focus on “high value” log sources that can provide the most security relevant information and provide the greatest visibility into the client environment. The other component to scoping is to understand the clients’ assets and compliance drivers. At the end of the day, the goal is to obtain the highest level of visibility into the client environment. The business objectives piece of this is huge because we want to meet the clients’ critical business and security/compliance objectives... read more >

No one likes to admit it. We all have this one common theme in all of our IT lives. We know the products we use in our industry are, or will, become vulnerable. We know being vulnerable is the equivalent to leaving your back door open to the yard, while activating your alarm. Because even though there may be layers of security in place, there are always vulnerabilities somewhere.

We are going to discuss some recommendations for starting a vulnerability management program. This will be a lengthy discussion for a blog, so I’m breaking it into three parts. In part two, we will discuss general processes. Part three will cover implementing the program and continuing it forward. Today, we will focus on part one, accepting reality.

Reality: I came into work day one (previous life before Solutionary) and stared into this “IAVA Compliance Repor... read more >

At Solutionary, I wake up every day thinking about how else we can help our customers be more secure. We want to bring our customers peace of mind, so they can focus on their business and worry more about the things that will bring them success in their markets.

One area I’ve been focusing on lately is the risk associated with Microsoft’s Active Directory and how employees’ access is provisioned through its framework. What I’ve discovered is that often, companies wrongly assume the risks associated with their domain controllers (servers that run Active Directory) are equivalent to the risks posed by other internal servers. This is a dangerous myth.

Domain controllers allow users to log in daily, whether in the office or remote, and determine what internal domain assets the users have access to. I can best describe this as “managed chaos”. The risk here is very high. Domain controllers are a single point of access to all domain... read more >

“I’m given her all she’s got, Captain!”, the words were made famous by Scotty in the movie Star Trek. For the circumstances encountered in the movie it was certainly a wise choice to make and probably saved the U.S.S. Enterprise from demise.

Networks today are often very complex, and too often, in a state of disarray from years of piling on more software, hardware and “solutions” as our business grows.

Complexity may not be something we were expecting or envisioned as we expanded our network’s capabilities, but nonetheless many IT shops continue to implement “the next best thing” to solve “the next big problem.”

As humans, it is natural for us to have the mindset of “there’s an app for that” when looking for solutions (a product of years of marketing brainwashing I assume). However, sometimes fixes to problems are over-engineered and provide “too... read more >

Organizations have long-struggled with managing the vulnerability lifecycle – scanning, remediation and reporting. The tedious, time-consuming tasks associated with vulnerability management are the bane of many security professionals.

Of course, this is all done for good reason. Vulnerability management is an important part of any security program and is required from regulatory mandates such as PCI DSS, GLBA and SOX. Gartner notes that “90% of successful attacks occur against previously known vulnerabilities for which a patch or secure configuration standard was already available.” Ensuring vulnerabilities are properly remediated significantly reduces the chances that the device will be exploited by an attacker or infected with malware.

To make the vulnerability lifecycle management process more efficient for clients, Solutionary embedded a fullvulnerability lifecycle management feature in our... read more >