Talk to an expert

Category: Blog

SANS Incident Response Framework

The SANS Incident Response Framework

Incident response plans give security teams a standardized set of procedures for mitigating the risks associated with security incidents. They make cyberattacks less disruptive, reduce operational downtime, and contain data breaches. Since every organization is unique, it needs to create a set of incident response playbooks designed to fit its security risk profile. It also […]
5 Most Overlooked Elements of Incident Response Plans

5 Most Overlooked Elements of Incident Response Plans

Learn how to establish robust, standardized security controls for handling any kind of incident. Data breaches and security incidents are tense, high-pressure situations where every second counts. In that scenario, having a clear and detailed incident response plan ready can mean the difference between success and failure. In an environment where one hour of downtime […]

The NIST Cybersecurity Framework

Every organization wants to improve its information security capabilities. Part of a security leader’s job is identifying the best way to do that. However, no two organizations are exactly alike. Various stakeholders may have different ideas about what high-impact security excellence looks like in practice. Achieving meaningful security goals means getting everyone on the same […]

The Future of AI in Cybersecurity: How to Plan Ahead for AI Disruption

Find out how AI is likely to impact the cybersecurity industry in the next decade.  Artificial intelligence has been an integral part of the cybersecurity industry for several years now. However, the widespread public adoption of Large Language Models (LLMs) that took place in 2023 has brought new and unexpected changes to the security landscape.  […]

Introduction to Incident Response Frameworks

Efficient incident response processes lead to reduced downtime, lower security operations costs, and higher ROI on security spend. Cybersecurity is all about being prepared. Thorough incident response processes are crucial to your organizations’ ability to successfully overcome a security breach. Prevention is important, though it can only take your organization so far. There is always […]

NIST and SANS Incident Response Frameworks Explained

Introducing  NIST and SANS Most security leaders focus on two incident response frameworks: NIST and SANS. NIST SP 800-61 is published by the National Institute of Standards and Technology, a government agency. It describes a six-phase incident response process that includes guidelines for formulating security policies and interacting with external organizations. The SANS Incident Handler’s […]

Advanced HTTP Flood Attacks Are Becoming Commonplace: Make Sure Your Organization is Prepared

Cybercriminals are now leveraging attack vectors previously only available to well-funded nation-state actors. Security professionals know the dangers associated with distributed denial-of-service attacks (DDoS). These attacks typically target the core data transmission protocols that form the foundation of every organization' internet services. 

AI-powered Ransomware: AI is Now a Critical Piece of Today' Security Puzzle

As ransomware groups enhance their capabilities with generative AI and sophisticated automation, security leaders need to extend their detection and response capabilities more than ever. 
What Is Managed Detection Response (MDR)? A Comprehensive Guide

What Is Managed Detection Response (MDR)? A Comprehensive Guide

As the importance of protecting valuable data and systems increases, organizations are facing mounting challenges in defending against sophisticated cyber attacks. To address these threats head-on, businesses are increasingly adopting advanced security solutions such as Managed Detection Response (MDR). In this comprehensive guide, we will explore the key components of MDR, highlighting its core elements, […]
MDR Cybersecurity: Strengthening Defenses Against Modern Threats

MDR Cybersecurity: Strengthening Defenses Against Modern Threats

In our interconnected world, the specter of cyber attacks casts a formidable shadow. With each technological advancement, cybercriminals adapt their tactics and strategies, posing new challenges for organizations. To effectively counter these ever-evolving threats, robust cybersecurity measures are essential. Among these measures, Managed Detection and Response (MDR) has emerged as a pivotal component in fortifying […]

Managed Detection Response Solutions: Enhancing Cybersecurity Defense

Today’s rapidly evolving digital landscape, organizations face an ever-growing threat of cyber-attacks. The traditional reactive approach to cybersecurity is no longer sufficient to protect sensitive data and critical systems. Managed Detection Response (MDR) solutions have emerged as a proactive and effective approach to enhance cybersecurity defense. In this blog, we will explore the core components, […]

The Evolution of Managed Detection Response: A Comprehensive History 

Introduction to Managed Detection Response (MDR):  Managed Detection Response (MDR) has emerged as a crucial component in the field of cybersecurity, providing organizations with enhanced threat detection and response capabilities. In this blog, we will delve into the history of MDR, exploring its origins, advancements, and its current role in the modern cybersecurity landscape.  Early […]

How to Detect and Mitigate Compromised Credential Attacks

Most security technologies are ineffective against unauthorized users with stolen credentials.  Cybersecurity vendors spend a great deal of time and money warning against technical exploits and ransomware attacks. These are undoubtedly serious threats, but they are not nearly as complex or dangerous as compromised credential attacks.  In fact, although ransomware dominates headlines in the cybersecurity […]

Celebrating Managed Detection Response: Join Our Exciting Journey!

We're thrilled to announce our momentous milestone as we start our journey of 15 years in the managed detection response field. Reflecting on our achievements, we express our appreciation for our outstanding team and valued industry partners. To honor this occasion, we're introducing Lumifi Day, a special celebration dedicated to our team members. Lumifi Day […]

An interview with Michael Malone: The evolution of Managed Detection Response (MDR) 

Q. Can you share with us the journey of Datashield/Lumifi and how it has evolved in the field of Managed Detection and Response (MDR)? What were the key milestones and challenges along the way?  Datashield/Lumifi has come a long way in Managed Detection and Response (MDR). Our journey began as an investment by myself and […]

Malicious Insiders in Healthcare: The Moment UEBA was Made For

With UEBA-powered platforms like Exabeam, you can catch threat actors who already work within your network.  External threats aren't the only kind of threat security leaders need to prepare for. Insider threats often pose an even greater risk. 

How to Leverage UEBA to Address Your Organization' Unique Risk Profile

You can make UEBA technology work right out of the box – but custom configuration is needed to unlock its real value.   User Entity and Behavioral Analytics (UEBA) technology is a game-changing addition to any security tech stack. UEBA-enhanced insights allow security teams to detect sophisticated attacks that other technologies often miss.  Compromised credentials and […]

Why Aren't Security Experts Talking About Public Administration?

Government agencies are quietly suffering a significant uptick in security incidents and data breaches – but the cybersecurity industry doesn't seem to have noticed yet.  One insight stands out among the many contained in Verizon' 2023 Data Breach Investigation Report.  

Top 5 Takeaways from Verizon's 2023 Data Breach Report

Cybercriminals are adopting new, more sophisticated tactics. Security leaders can't depend on purely technical solutions that ignore the human element.  If there is one broad theme to Verizon's 2023 Data Breach Report, it's that the arms race between cybercriminals and cybersecurity professionals hinges on the human element more than ever. The report declares this clearly […]

Use Automation to Enhance the Value of Human Expertise in the SOC

Automation isn't always a replacement for human expertise. The two must work together to generate lasting security value.  Security Operations Centers have struggled with workforce shortages for years. Experts were already alarmed at the growing cybersecurity talent gap back in 2017.  

Compromised Credential Attacks Are Top Cause of Data Breaches

The use of stolen or compromised credentials remains the most common cause of a data breach. It was responsible for 19% of breaches studied by IBM in 2022. The reason? These attacks are relatively easy to plan and execute.

Protect Your Security Budget Against Economic Risks with MDR

Security leaders are increasingly being asked to do more with less. In-house capabilities don't scale fast enough to keep up.  Business leaders are cutting costs across the board in preparation for a potential recession. Business units that were used to receiving ample funding are hitting limits to near-term growth. Organizations that used to fund ambitious […]

EDR vs XDR – Which is the Best Solution for Your Business?

Both technologies provide endpoint protection, but with different levels of sophistication.   For years, endpoint detection and response (EDR) has formed the backbone of many enterprise cybersecurity solutions. EDR technology enables greater visibility into systems, allowing security professionals to detect threats from file-less attacks, document-based malware, and zero-day exploits. 

Cyberattacks on Banks: 5 Growing Threats in 2023

Cyberattacks against banks and financial institutions continue to rise as cybercriminals develop new tactics.  The global financial sector is one of the biggest cybercrime targets in the world. The volume and sophistication of cyberattacks on banks surged in 2022, spiking considerably at the very end of the year. 

Remote Work: Hidden Evils Revealed

Remote work is seemingly here to stay, with many workers forgoing their commute to work for a nice stroll to their in-home office. The WFH movement provides great flexibility but comes with even greater challenges for cybersecurity.   A 200% increase in cyberattacks has been witnessed following the remote working surge, leading to a greater […]

Phishing: The World's Top Cyber Threat

What is Phishing? Phishing is a type of online fraud which aims to steal personal and financial information by impersonating reputable companies. Phishing can be done through email, websites, and social media. One of the most common ways phishers try to get your information is by sending you an email from a company you do […]

OpenSSL 3.0.7 Released: Everything You Need to Know About the High-Severity Vulnerability

OpenSSL originally warned this patch would fix a critical vulnerability impacting all OpenSSL 3.0 installations. OpenSSL has released a patch fixing the headline-making vulnerability it first announced on October 27th, 2022.  

OpenSSL Critical Vulnerability: Everyone Must Update to Version 3.0.7

The open-source cryptographic library is an industry-standard found in an enormous range of applications. In late October, the OpenSSL Project announced it would release a patch for a critical security vulnerability on November 1st, 2022. The organization did not share any details about the vulnerability itself, other than the fact that it impacts all OpenSSL […]

Ransomware Attacks and How to Protect Yourself

What is Ransomware? An organization or user's access to data on their computer is restricted by malware known as "ransomware." Cybercriminals put businesses in a situation wherein paying the ransom is the quickest and least expensive option to recover access to their data by encoding these files and requesting a ransom demand for the decryption […]

How NDR Is Revolutionizing Cybersecurity

Network Detection and Response (NDR) is an exploding field of cybersecurity, providing network-wide monitoring and advanced detection of potential malicious threat actors and suspicious activity, that other tools may miss. An NDR solution continuously scans all entities of network traffic while creating a baseline of normal network activity, creating an incredibly difficult environment for attackers […]
biometrics post

How Do Biometrics Affect Cybersecurity? 

Biometrics 101  Biometrics utilize your physical characteristics to assess identification matters such as fingerprint scans, facial recognition, retina scans, etc. as a more advanced sector of security. Biometrics is simply defined as a biological measurement or a unique physical characteristic that not even your twin would share. Think of it as you, yourself, being the […]

Cybersecurity Awareness Month | October 2022

  Starting 18 years ago, cybersecurity awareness month has magnified into a global effort to educate, inform, and empower everyone to protect themselves online as cyberthreats continue to see dramatic increases over the past decade. As our livelihoods shift predominately online, we become more vulnerable to prying eyes and malicious threat actors. This collaboration between […]

Machine Learning and AI in Cybersecurity

Artificial intelligence (AI) and machine learning are positioned to assist today's enterprises as they fight to defend themselves against the rising number of cyber attacks.    Real-time learning and analysis of potential cyber risks is made feasible by AI and machine learning. Additionally, they use computers to create behavioral models, employing these models to forecast […]

Incident Response in Exabeam: How to Create Playbooks and Automate Security Incident Resolution

Learn how to use the platform's security orchestration, automation, and response (SOAR) solution to quickly investigate and resolve security incidents.  Exabeam enables security teams to automate their response to security incidents, dramatically reducing the time and resources required to mitigate active attacks. The platform's Incident Responder lets analysts automate time-consuming tasks when investigating incidents and […]

Cloud Attacks: Are You Still Safe?

Cloud Attacks: Are You Still Safe?  95% of respondents are using the cloud, according to the 2016 State of the Cloud Survey. The nature of cloud-based computing offers the prospect of severe cloud security breaches despite its fast expansion, which can significantly harm an enterprise. One of the top worries is data security.   How […]

Cyber Corruption: LAPSUS$

What do Microsoft, Okta, T-Mobile, Nvidia, and LG all have in common? Well, for starters, they have all been extorted by one of the most prolific and unpredictable hacking groups of 2022.   The group coined, LAPSUS$, remarkably infiltrated and extorted a handful of the largest, pre-imminent tech giants in the world through a unique […]

Public WiFi: Top Dangers for Remote Work

Public Wifi & Working From Home By 2025, upwards of 36 million Americans will have entirely remote or flexible occupations, an 87 percent post-pandemic rise, according to some analysts. One might infer that having the opportunity to work outside of the office has led many employees to select open areas like cafés, diners, railway stations, […]

Keep Your Digital Footprint in Step with Your Information Security Needs

Every online action you perform involves sharing a bit of data – over time, that data can add up.  Successful organizations and influential people rely on the public Internet to promote their brands, ideas, and products. A significant amount of time and energy goes into building a brand, and most of it is spent online. 

A Guide to Cybercrimes and How They are Disrupting Our Lives 

What is Cybercrime?  Cybercrime is a term that refers to all criminal activity perpetrated using computers and the internet. It includes crimes like hacking, phishing, identity theft, and more.      The term cybercrime was first coined in the late 1980s by William Gibson in his novel “Neuromancer”. He used it to refer to crimes […]

Palo Alto Networks PAN-OS Vulnerability: What Users Need to Know

The flaw has been exploited in real-world attacks, but most Palo Alto customers will remain unaffected.  In the second week of August, Palo Alto Networks issued a security warning for a high-severity vulnerability in its PAN-OS operating system. Many of the company' networking hardware products use this operating system, but not all of them are […]

How to Create a Ransomware-Ready Disaster Recovery Plan

Data disasters come in all shapes and forms, and enterprises need to have multi-layered contingencies in place. A good enterprise disaster recovery plan protects against a wide variety of scenarios. It must ensure business continuity – or provide a plausible roadmap for it – in case of natural disasters, human errors, and malicious cyberattacks. 

How to Access and View Event Logs Using Exabeam in Linux

Examining event and endpoint logs is the first step towards building comprehensive customized rulesets.  Many information security leaders have significant deployments on open-source operating systems based on the Linux kernel, and for good reason. Linux distributions like Debian and Ubuntu have a reputation for visibility and security at a price that's impossible to beat – […]

How to Set Up Robust Log Management in Linux with AuditD

Find out how to configure Linux to generate comprehensive log feeds for SIEM, UEBA, and SOAR technologies.  Linux is an attractive solution for enterprises in search of a flexible, powerful operating system. Many different operating systems use the Linux kernel, such as Ubuntu, Debian, and Red Hat Enterprise Linux (RHEL), which itself is an enterprise-ready […]

Craft Custom Rules to Improve Exabeam Performance: Part 2

Enriched data enables analysts to conduct faster, more accurate investigations in Exabeam.  The first part of this series covered some of the ways analysts can use context to build custom rules in Exabeam. Teaching Exabeam to recognize network zones and asset groups enables security professionals to cluster similar behaviors together, making it easier to investigate […]

Security Posture Priorities

Solution Evaluation An integral step in creating a resilient cybersecurity platform is to perform an audit of your organizations existing policies and procedures. Lumifi can help with this endeavor during our Asset Criticality Assessment, during client onboarding process, and periodically on a structured timeline. Here are components we consider when looking at the entire security […]

Breaking-Down Managed Detection and Response

Cybersecurity is a very important issue for any organization, and events can lead to a variety of negative outcomes; incidents often result in data theft, financial loss, and even damaged reputation. The cost of an attack is very high, which is why it's important to be prepared for the worst-case scenario. Managed Detection and Response […]

Simplifying SOAR

Security Orchestration, Automation and Response (SOAR) is an integrated, automated, and orchestrated set of services that provide a response to cyber incidents. It enables the rapid identification of cyber incidents and prevents them from escalating into major disasters.   SOAR was developed as a response to the need for automating incident responses and remediating security incidents. SOAR utilizes a framework that can […]

The 3 Types of Firewalls: What Is the Most Secure Type of Firewall?

We'll chat more in detail further along here, but right away, we want to tell you what the three types of firewalls are:

What Is SOAR Security?

The SOAR in SOAR security stands for:

How to Configure Your Windows Audit Policy to Optimize SIEM Performance

You can significantly improve Windows' log reporting capabilities with a few key changes. Your SIEM works by collecting log data from across the enterprise IT environment. The more detailed and comprehensive these logs are, the more accurate its insights will be. Although Windows has a basic set of log reporting capabilities built in, the operating […]

Everything You Need to Know About the Spring4shell Vulnerability

A newly discovered Spring vulnerability enables remote code execution on enterprise Java applications. In late March, a developer publicly posted exploit code describing a zero-day vulnerability in the popular Spring Framework, a popular solution for building enterprise applications in Java. Spring is part of VMWare's suite of enterprise products, designed to let developers quickly and […]

How to Alleviate Alert Fatigue When Enterprise Security Needs Keep Growing

Cybersecurity leaders prioritize security event management efficiency now more than ever. Security analysts receive messages and alerts all day long. It' a core part of the job. 

How Advanced MDR Helps with Security Detection and Response of 7 Common Threats

677.66 million. That's the number of cumulative detections of newly-developed malware applications worldwide in 2020. If you think your organization's basic antivirus software can keep up with this constant barrage of attacks, well, it's simply not possible.

EDR Endpoint Protection: What It Is, How It Works, and Its 5 Benefits to Businesses

The average IT department manages thousands of endpoints, each coming with a very real risk of cyberattack. From laptops and servers to IoT devices and digital assistants, hackers are constantly on the lookout for an open door to infiltrate.

Upgrade Your Audit Policies: What Should You Be Logging?

Your security response depends heavily on what data you log, and how you log it. Your security information and event management (SIEM) solution uses logs to build an accurate picture of your organization's security profile.  

What Is Managed Detection and Response and Why Do You Need It?

The security of data and systems is one of the most important concerns in today' business world. If your data is at risk or compromised, it can cripple your operations along with the trust others have in your business.

Lumifi's Complete Guide to Information Security Managed Services

Companies must protect important and sensitive data no matter its form. So, what is information security? It includes everything from making sure digital information is protected against hackers to assuring a physical filing cabinet full of billing information is defended against thieves.

Is SOAR A Must For Your Tech Stack?

Security Orchestration, Automation, and Response (SOAR) tools enable analysts to establish efficient workflows for handling both common and highly sophisticated threats.  Even the best enterprise cybersecurity workflows suffer from scalability issues. 

The Necessity of Threat Hunting

Press play to get an inside look at how Lumifi works with Anomali ThreatStream.

How Fortune 200 Enterprises Select MDR Vendors

For large organizations, managed detection and response is just one of many cybersecurity solutions that must work together seamlessly. Enterprise cybersecurity professionals have to choose their tech stack wisely.  

New Federal Standards Prioritize Logging to Detect, Prevent, and Remediate Cybersecurity Incidents

The Federal government has defined new standards for cybersecurity event logging systems. On May 12th, 2021, just days after the headline-making Colonial Pipeline ransomware attack, the White House issued an executive order on improving the nation' cybersecurity.  

Tony Simone Named Exabeam's "Techical Person of the Year" for 2021

Castra Managed Services is excited to announce that its company co-founder, Tony Simone, has been named Exabeam' "Technical Person of the Year" for 2021.  Exabeam, the Gartner Magic Quadrant leader in security information event management (SIEM), held its annual Spotlight Partner Summit early last week, where various partners met to discuss industry trends and new developments in SIEM technology.  

How Data Lake and Cloud Archive Can Improve Your Security Posture

Is your business weighing out the pros and cons of data lake and cloud archive? We can help with that. What we need to establish first is how does your organization handle the compliance regarding your company' and customer' data? Where does that data reside? Is it secure, and if you needed to recall aging data […]

Improving Visibility and Preventing a Miss - Part 3: Custom PowerShell Rules

A major risk for a SIEM or SOAR is not effectively using key PowerShell logs collected. We talked about the risk of incorrect and empty logs or lack of logging required for advanced detection, and once you have them we cannot assume machine learning and modeling behavior will detect everything.

The Difference Between Cybersecurity & Network Security

Today’s threat landscape is more diverse and expansive compared to any period since the beginning of the information age. Recent security trends such as the increase in malicious activities rising by 358% from July 2019 to July 2020 and 90% of healthcare organizations reporting security breaches to highlight the increased dangers enterprises face. To effectively detect and […]

Update on PrintNightmare & Kaseya Ransomware

Over the 4th of July weekend, two breaches were brought to Lumifi's attention pertaining to PrintNightmare and Kaseya. Details on PrintNightmare While you likely do not have Print Servers exposed to the world (we hope not), we also wanted to note that we are aware of this and have diligently reviewed detection methodology. POC code […]

Improving Visibility and Preventing a Miss - Part 2: Custom PowerShell Collection

A worrisome risk for a SIEM or SOAR is not collecting key logs used or required for the advanced modeling in today's platforms. In our experience, incorrect/empty logs or lack of logging required for advanced detection (as we discussed in the first post on this topic), is obviously bad, yet failing to pick them up […]

Strong Showing For Lumifi Partners In 2021 Gartner Magic Quadrant

With a clear separation in the market among the considered vendors, the newest Gartner Magic Quadrant for EPP, showcases 4 Lumifi partners who are leading in this space. Recently, Gartner released their Magic Quadrant for EPP and we saw a clear separation in the market among the considered vendors. As an industry we have witnessed […]

What is Cyber Insurance?

Statistics show that the fallout from successful cybersecurity incidents has both financial and business-related consequences. A data breach costs the average enterprises approximately $60,000, and in extreme situations, small and medium-sized businesses may go out of business within 6 months from the date the incident occurred. Thus, to determine whether the financial cost of successful […]

Top 5 Most Popular Cybersecurity Certifications

The cybersecurity analyst has become the third most valuable job description in the technology industry. The increasing security incidents to IT infrastructure, the demand for accountability from end-users, and the financial cost of successful breaches are significant reasons enterprises and startups are taking cybersecurity seriously. Ambitious professionals who choose a career in IT security are […]

What is Ransomware?

Ransomware is a form of malware cybercriminals use to encrypt data stored in computers or online servers. Cybercriminals demand payment to release the encryption key blocking the user from accessing the encrypted data. Payment is typically made through diverse mediums, including digital currency like Bitcoin. Once payment has been made, the victim is generally provided with […]

F5 BIG-IP Vulnerabilities

Twelve days ago, F5 announced several security vulnerabilities that went primarily overshadowed by the Exchange/Hafnium situation. It's important to understand that some of these are critical, remote command execution-level vulnerabilities that require nothing more than an attacker to connect to an F5 BIG-IP device. For those devices, being positioned "in front of" web server clusters […]

Microsoft Exchange Vulnerability

As you may know, a zero-day vulnerability in Microsoft Exchange Server was published last week that is garnering a lot of attention. Microsoft has attributed this to a known threat actor that has now compromised thousands or even tens of thousands of systems with these attacks, though it's important to understand that other attackers are […]

5 Do's and Don'ts to Qualify Your Next MDR

(Updated April 2022) The success of your managed detection and response deployment hinges on asking the right questions.  Managed detection and response is a valuable element of your enterprise' security posture. With the right technologies in the hands of competent, highly trained analysts, you can significantly reduce security risks while paying a fraction of what […]

What is Penetration Testing?

A penetration test or pen test is a simulated cyber-attack against computer systems, application systems, and IT infrastructure to discover loopholes. These simulated cyber-attacks come in diverse forms with the intent of breaching a system through its servers, web or mobile applications, and other endpoints. The purpose of pen testing is to discover exploitable vulnerabilities in […]

What is the MITRE ATT&CK Framework?

Learn about the MITRE ATT&CK® Framework and how cybersecurity teams leverage its matrix of tactics and techniques to assess risk and vulnerabilities within an organization. Definition  The MITRE ATT&CK Framework is a knowledge base of tactics and techniques that can be used as a foundation for classifying adversary behaviors and assessing an organization’s vulnerabilities.  Created in 2013 by the […]

SolarWinds vs. Splunk: Comparing Two Leading SIEM Solutions

SolarWinds Log Event Manager and Splunk Enterprise Security are two of the top security information and event management tools. Both SIEM solutions differ but offer high-performing features that simplify threat detection and response within expansive networks. Here, we look at key differentiators between both options. To effectively compare both options, the following criteria were chosen […]

What is SOAR?

SOAR is an acronym thrown around a lot within the cybersecurity industry, but what does it really mean? SOAR stands for Security Orchestration, Automation and Response. SOAR tools are the technologies used to orchestrate responses to security incidents and assign responsibilities between various tools and individuals within a security team or enterprise. The working principles of […]

5 Questions to Ask an MSSP

An organization’s choice to seek a managed security services provider (MSSP) to guard over its IT infrastructure is usually based on three major reasons. According to Gartner’s 2020 Market Guide for Managed Detection and Response Services, they are: To simplify the decision-making process while ensuring the final choice leads to a long-lasting business relationship, here […]

MDR Service Delivery Options

Organizations of all sizes rely on managed security service providers (MSSPs) to deliver managed detection and response (MDR) and additional cybersecurity services at scale. Understanding the various service options can save your organization money and resources. The difference in technology and its usage is the primary differentiating factor between MDR providers. While some rely on […]

FireEye Breach - Our Observations

Cybersecurity Firm, FireEye Experienced a Major Breach in December of 2020 Castra actively investigated for deeper, specific information from our sources about how FireEye detected such a sophisticated, persistent, nation-state backed novel attack on their network and systems. This likely was the most frightening and impactful breach that we have seen happen all year.

What is Microsoft Defender for Endpoint and How Does it Work?

Microsoft Defender for Endpoint, formerly known as Microsoft Defender Advanced Threat Protection, provides enterprise-level protection to endpoints to prevent, detect, investigate, and respond to advanced threats. The platform provides preventative protection, post-breach detection, automated investigation, and response to possible threats or breaches in security. Whether your company is considering implementing Microsoft Defender for Endpoint or […]

Behavioral Indicators of Insider Threat Activity

Contrary to popular beliefs, an insider threat is not always a security risk within an organization's immediate perimeter. Current employees and managers aside, an insider threat could be a former employee who had access to specific information, a third-party consultant, or a business partner. In any case, malicious insiders account for about 38 percent of […]

Why User Education is #1 in Cyber Resilience

Statistical data shows that over one-third, or 36 percent, of ransomware infections happen due to a lack of cybersecurity training across organizations across all industry verticals. Another 30 percent of the ransomware infections worldwide materialize because of weak user passwords, while 25 percent are due to poor user practices, according to managed service providers (MSPs) […]

Best Practices for Vulnerability Management

One can broadly define vulnerability management as a set of processes and procedures to identify, analyze, and manage vulnerabilities across a critical service's operating environment. This broad definition extends to IT systems and infrastructure, which are now as critical as power generation facilities and resource gathering operations. Keeping in mind the growing number and sophistication of […]

Top 5 Takeaways for NIST 800-53 Rev 5

Recapping a highlight from Cybersecurity Awareness Month, the National Institute of Standards and Technology (NIST) has released an update to its master IT security guidance document, Special Publication 800-53. This update, "Rev 5," is the first major change to SP 800-53 in seven years, and a lot has changed in cybersecurity since 2013. The new […]

What is Microsoft Azure Traffic Manager?

bal regions and secure an optimal level of availability and responsiveness for your services.  How Azure Traffic Manager Works  Azure Traffic Manager is directing client requests to the most suitable service endpoint by using a DNS (Domain Name Server). The load balancer examines the health of the endpoints and then applies a traffic-routing method to distribute the traffic.  […]

What is Microsoft Azure Security Center?

Azure Security Center by Microsoft is a solution that provides unified security management across hybrid cloud workloads. It offers threat protection for data centers within both cloud workloads and on-premises. The platform also works with hybrid clouds that are not part of the Azure ecosystem. The Azure Security Center is designed to resolve a pressing problem when […]

RSA Cloud Security Solutions

RSA Security LLC is one of the leading providers of network security services focusing on encryption and data security. Launching their services back in 1984, they are a global security company gradually transforming their business to protect organizations in the cloud. Cloud security is not just a growing business but also an irreversible trend in […]

Google Chronicle vs Splunk

Alphabet’s announcement concerning the inclusion of big-data security into Chronicle led to a 5% drop in the value of Spunk’s shares and sparked a debate on which security information and event management (SIEM) tool supplies better options. As with many comparisons, a definite answer on which SIEM tool is best is one that comes with […]

Mimecast: Outlook Plugin

Mimecast is a security company that offers solutions for corporate users to secure their email communications along with threat detection technologies. Mimecast Outlook Plugin is a tool that works on Microsoft Exchange servers to protect your email platform within the widely used Outlook platform, covering a variety of threats. How the Mimecast Outlook Plugin Works […]

Google VirusTotal Overview

Lumifi has been working with leaders in malware detection and threat intelligence for years. As we launch our cloud-native Managed Detection and Response offering with Google Chronicle, we are also integrating with VirusTotal. Read our comprehensive guide to VirusTotal and its free and enterprise features. What is VirusTotal? Google’s VirusTotal is a web-based scanner that utilizes over 70 […]

SentinelOne: Security Integrations

SentinelOne is known for its AI-driven endpoint security protection platform (EPP). The lightweight agent integrates with leading security tools and platforms. Their team regularly announces partnerships and development with best-in-breed tools. API-First Approach SentinelOne was created with an API-first approach, made to interface seamlessly with leading security tools. Their current automation integrations include SonicWall, Fortinet, […]

Free and Open Source Cybersecurity Tools

Open source software is a rapidly growing market because every user has access to the respective programming code, can audit what the code’s functionality does and can edit the code to fit specific requirements. Published The overall market for open source is projected to stand at $21.6 billion in 2020 and then grow by over 30 percent by 2020, reaching close […]

Popular MFA Solutions

Multi-factor authentication (MFA) is a method and technology to verify a user’s identity requiring two or more credential category types for the user to be able to log into a system or make a transaction. The MFA method requires a successful combination of at least two independent credentials, which generally combines one of three following credential categories:  Note: Multi-factor authentication is only not limited […]

What are Managed Security Services?

The use of managed services is growing as organizations struggle supervising multiple sophisticated software systems and advanced corporate networks. One specific area of company outsourcing is the implementation and management of cyber defenses to protect digital assets against ever-evolving security threats.  Managed Security Service Providers (MSSPs) address several business-critical issues organizations face when it comes to cybersecurity. A managed security service provider can assist in creating and deploying complex security infrastructure, managing platforms and tools, performing incident response, and providing continuous 24/7/365 monitoring.  […]

VIDEO: Remote Workforce Roundtable Interview with Greg Foss

The full interview with Greg Foss, Senior Threat Researcher at VMware Carbon Black an endpoint protection focused cybersecurity solutions provider. The interview is around the recent shift to a remote workforce due to the COVID-19 pandemic. Topics of the interview include the marketing hype, addressing a remote workforce and moving forward with the Coronavirus implications. Questions Include: As […]

What is a VPN?

A virtual private network (VPN) enables two or more devices to submit and receive data using a secure private connection over a public network such as the Internet. VPNs use a technology called "tunneling" to establish a secure connection between an organization's network and an outside network through the insecure environment of a public network […]

Phishing on the Rise During the Pandemic – Here' How to Fight It

Cybersecurity threats based on major disasters or world events are nothing new. During the coronavirus pandemic, one threat in particular has increased much more quickly than others: phishing for sensitive information in disguised emails. During March 2020 alone, phishing attacks were up 667 percent! Protecting your system from the malicious intrusion of phishing emails is […]

Leveraging the Power of Exabeam

Organizations of all sizes are dealing with more data than ever before, and as Lumifi learns about increasingly complex attack vectors, it is worth noting that traditional SIEM may no longer fit the purpose of the modern security program. Traditional SIEMs are based on correlation rules, with no machine learning and no behavioral monitoring. Security teams, […]

Leveraging the Power of Exabeam

Organizations of all sizes are dealing with more data than ever before, and as Castra learns about increasingly complex attack vectors, it is worth noting that traditional SIEM may no longer fit the purpose of the modern security program.

What is Email Encryption?

Encryption is a method to cypher data that a user sends and receives, as well as data that resides on endpoints and servers. Any organization must handle Data at Rest and Data in Transit, the former being the data stored on corporate endpoints and servers while Data in Transit representing any message or document employees […]

How a SOC Handles Credential Harvesting

Dealing with credential harvesters has its perks. Day in and day out I get to personally observe how sophisticated a phishing website can be. Some websites are so elaborate that only a trained analyst can identify them, while others are so obvious no one in their right mind would fall for it. Either way, if […]

What is SCADA and IoT?

Learn about the difference between SCADA and IoT systems and how they work and compare to one another. What are SCADA systems? Supervisory control and data acquisition (SCADA) systems have been used for decades to monitor and control production facilities or equipment across industries such as oil and gas refining, energy distribution, water management, waste […]

Sarbanes-Oxley Act Overview

The Sarbanes-Oxley Act (SOX) was enacted in 2002 following a series of corporate scandals involving large public companies in the United States. The main goal of the legislation was to restore the trust in the U.S. financial markets and prevent public companies from defrauding their investors. The law, also known as the “Public Company Accounting […]

Ensuring the Cybersecurity of a Remote Workforce

As the COVID-19 pandemic continues to grip the globe, many companies are finding it necessary to transition from on-site to remote work – and experts warn this could be the new normal for the foreseeable future. Is your company ready to make the switch securely? Lumifi has some tips on making the transition with cybersecurity […]

What is Proofpoint and How Does it Work?

Proofpoint is a cybersecurity platform aimed to protect workers and data from advanced cybersecurity criminals that target email, social media and mobile devices. Proofpoint’s email protection is a cloud-based solution that allows companies to easily filter their inbox and outbox. This software can identify and protect users from malware and threats both known and unknown, that […]

FBI Warns ICS Cybersecurity Under Attack by Kwampirs

The ICS sector is under attack. According to the Federal Bureau of Investigation (FBI), a new security threat is on the horizon for those in the Industrial Control System (ICS) sector. While the Kwampirs remote access Trojan (or RAT) is not new, it is now targeting ICS companies and especially the energy sector. The FBI […]

How to Deploy: Carbon Black (CB) Defense Sensor

Carbon Black (CB) Defense is a distributed process monitoring tool for threat detection across enterprise networks. The Carbon Black sensor executes data capturing activities to discover suspicious activities that occur within a network. Once deployed, the CB Defense sensor stays on and always collects data that can be categorized and analyzed for suspicious activities To […]

5 Ways to Protect Your Business' Data During Tax Season

If you're an accountant or tax professional, you know that tax season is also scam season and that you're a prime target. Cybercriminals are using new, sophisticated scams that can compromise your website or infiltrate your systems with remote desktop software. These join the more traditional email-based attacks that trick you into installing malware that […]

Why Phishing is Still a Problem

Is Phishing Still a Problem?The short answer is yes. The long answer is that it is a growing problem for businesses each day which requires greater defense. Phishing is the most popular attack vector for criminals and has grown 65% in the last year, according to Retruster. Lumifi is here to explain phishing, how attacks […]

Successful Password Policies for Organizations

Learn some of the basic considerations when establishing a strong password policy for your organization. Find out some of the best practices and industry standards when it comes to user access and a password policy framework. Most places of business require that their employees access their facilities by using a key or key card.  In […]

Improving Visibility and Preventing a Miss - Part 1: Mandatory PowerShell Logging

One of the greatest risks for a SIEM or SOAR platform is missing that one event that helps with accurate detection. In general, misses can occur for several reasons, although in our experience, misses mostly stem from incorrect/empty PowerShell logs or merely a lack of logging required for advanced detection.

Microsoft Releases Notice of More RDP Vulnerabilities

Two more security issues announced surrounding Remote Code Execution against Remote Desktop Services. Microsoft released a notice today concerning two vulnerabilities, which would result in a Remote Code Execution vulnerability against the Remote Desktop Services.  These are being tracked under CVE-2019-1181 and CVE-2019-1182. This is akin the previous vulnerability that we notified you on, CVE-2019-0708, […]

Everyone Wants to Be a Penetration Tester

There is a lot more to cyber security than just hacking... So… Everyone wants to be a penetration tester! Lately I’ve been speaking at events, conducting interviews, mentoring new security professionals and students and every single person when asked how they want their career to progress or what they are interested in doing, like clockwork […]

The Four Pillars of Network Security

Every organization works hard to attain a healthy security posture. But what does that mean? It involves a properly resourced team of information security experts working to leverage the latest information security tools. The job of the security team is to prevent attacks before they happen, protect the organization in the case of an attack, […]

The True Cost of Information Security

In-House vs. Outsourced SIEM Management: Discover the True Cost of IT Security (Updated November 2022) Your SIEM management needs will grow over time. Can your information security team follow suit? Security information event management is one of the pillars of effective information security. Capturing and investigating event logs lets security operators detect and respond to […]

Block Threats with Lumifi & Netshield

Lumifi can now combine the power of Netshield's active blocking with AlienVault's USM and immediately block rogue devices AND monitor egress network traffic to effectively block malicious behaviors like malware and phishing. Through the power of Netshield's Network Access Control (NAC), Lumifi can offer unrivaled protection for the inside of your network. Firewalls are a […]

Top 5 Cybersecurity Steps to Take in 2019

Cross Posted from Net Friends Author(s): Net Friends

Beginners Guide to IDS, IPS & UTM

There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive definitions; so let's take a look at IDS, IPS, and UTM through that lens. IDS An Intrusion Detection Sensor (IDS) is a tool that most […]

Why Set-and-Forget SIEM Deployments Often Fail

(Updated April 2022) There are many ways to optimize and automate your SIEM workflow, but you can't replace the human element. 

Shadyware ... Malware or Legit Software

What's the difference between malware and legitimate software? Just as malware is often purported to be legitimate software, legitimate software sometimes uses unethical marketing and operating practices. Some folks term this "Shadyware." It is marketed as useful software, which it may be in part, but it also contains annoying or harmful functionality that negatively impacts […]

Adblocking

Adblocking is becoming a more and more contentious topic in recent days. Publications, understandably, do not want people to block ads - they derive much of their revenue from them. Users find them to be intrusive and often feel that they impede their usage of a site; and, given the recent meteoric rise of malvertising, […]

Egress Filtering: A Valuable Part of Your Multi-layered Security Posture

The concept has become increasingly important as cloud infrastructure expands throughout the enterprise IT network. (Updated May 2022)

Network segmentation

Network segmentation is the practice of dividing a formerly 'flat' network [where every device can contact every other device] into a series of segments that have restricted communication between them. What's this mean in real terms, though? And why would you want it - and is it useful outside of making PCI compliance easier? In […]

Four Pillars of Network Security

Every organization is working hard to possess a "strong security posture." But what does that mean? A strong security posture, means you possess a healthy quantity and quality of Information Security Experts (Human Beings) and Information Security Tools (Technology/Products). Information Security Experts are leveraging Information Security Tools to prevent attacks before they happen, protect the […]

Castra is now part of Lumifi

Learn More
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down