Optiv Blog

Will Blockchain Change the World?

· By Ken Dunham ·

There has been a lot of hype around “blockchain” these past few months. After attending sessions, discussing it with others, and researching how it is being used, it is apparent that there is a need to clear the air on this emerging topic. Blockchain has been touted as a technology that will take the world by storm and change just about everything we do on computers, but clearly it is not a silver bullet nor is it so universally applicable. It has great potential to offer trusted, traceable, and cost-efficient ledgers and associated actions with some applications of the technology.

Continue reading

Reading Obscure Memory

· By Loren Browman ·

Extracting data from memory chips is always an exciting part of any hardware assessment. I have a few chip readers at my disposal which can do the heavy lifting in the majority of cases. In fact, my TNM5000 boasts 23,000 supported devices with the supplied 16 adapters. But what do you do when the chip is not supported by your reader? Or maybe you have no adapter for the exact package you intend to read?

Continue reading

The Payment Transformation

· By J.R. Cunningham ·

Since the dawn of transactions between humans, the physical point of the transaction has served as a key instrument in the prevention of fraud, financial theft and mistakes. Letters were sealed by their senders with wax and an impression that was unique to them, ancient Roman tax collectors would carefully examine coins to ensure they weren’t fakes and cattle ranchers would brand their cattle with hot irons to prove ownership. Even the relatively modern (in the scheme of things) cash register of the early 1900’s would have a marble slab for coins that would enable the merchant to drop the coin onto the slab and determine, by sound, if the coin was real.

Continue reading

Keeping Credentials Safe: Worldwide in Real-Time

· By Janel Schalk ·

If you were to gather ten cyber security experts in a room and ask them what the most common threat actor access point is for today’s enterprise, every one of them will likely answer user credentials. Credentials have proven to be the weakest link in the cyber security industry. In fact, Verizon’s 2017 Data Breach Investigations Report (DBIR), demonstrates 81 percent of hacking-related breaches have leveraged stolen and/or weak passwords.

Continue reading

Managed Security Services (MSS) and Eyes on Glass in the Real World

· By Ken Dunham ·

“Eyes on Glass” is a common saying when it comes to reviewing SIEM logs and managed services but is often misunderstood. A layman notion is that you simply have someone looking at a large quantity of log data with a low level of skill required to see if something important appears requiring escalation. Technically “eyes on glass” requires a high degree of skill and capabilities to interact directly with unique client technologies, something not commonly included with managed services.

Continue reading

Lessons on Proactive Incident Management From… the Packers?

· By Jeff Wichman ·

Fantasy football and information security have more in common than you think. Both are all about planning, scenarios and virtual practice. But the primary step includes the work and planning that should go into preparation for an incident. Preparation, planning, execution, and knowing what your team can do matters as much in football as it does in security.

Continue reading

Caught Between a ROC and a Hard Place

· By J.R. Cunningham ·

It’s important to understand the perspective of both the business and the security leader. Merchants invest heavily in PCI compliance and it’s money well spent. However, they continue to struggle with prioritizing, implementing and supporting vital payment security programs. The business perspective is that PCI compliance is a necessary evil, both because non-compliance risks increase credit card transaction fees from the acquirer, and because it’s perceived to be one of those “have to” regulatory requirements such as the Sarbanes-Oxley Act (SOX), Health Information Technology for Economic and Clinical Health Act (HITECH), or Federal Information Security Management Act (FISMA) (even though, frankly, it’s not).

Continue reading

3 Key Ways To Improve Your Incident Response

· By Jeff Wichman ·

As attack surfaces expand it is critical for enterprises to develop and implement a proactive incident response (IR) plan that combats an increasing lack of perimeter visibility. What does an IR plan need to include to ensure optimal results and reduce fire-fighting modes.

Continue reading

ATT&CK’s Initial Access Adversarial Tactic

· By Joshua Platz ·

By far the best way to prevent a security incident is to prevent the initial access from being obtained in the first place. This is why organizations spend large portions of their security and IT budget on key security technologies such as firewalls, antivirus and exploitation prevention software, application whitelisting, and vulnerability scanning tools. All of these devices and software work together to harden the infrastructure, in attempt to prevent intrusion.

Continue reading

Inside and Outside the Cardholder Data Environment

· By J.R. Cunningham ·

Businesses have spent an enormous amount of money on PCI compliance. It is time to leverage these existing investments and expand them to include payment security. Therefore, it’s important to find the common ground where PCI compliance and payment security can benefit one another. The quickest way for cyber security professionals to get thrown out of the board room is to say, “Remember that PCI thing? Well, scratch that, we need funding for a whole new security approach.”

Continue reading
(694 Results)