Optiv Blog

Tales from Trenches: How a Simple Helpdesk Fix Led to IAM

· By Mark Modisette ·

Still on the fence about the implementation of Identity Access Management (IAM)? The more you read, the bigger it gets. It’s complicated. It’s involved. It’s labor intensive. You may have to shelve things you have and add new things. It’s… daunting. As a former CISO, I get it. But stay with me a minute.

Continue reading

ATT&CK Series: Process Injection, Bypass User Account Control, Exploitation for Privilege Escalation

· By Aaron Martin ·

When it comes to network security and protecting against potential breaches, a vast majority of companies spend large portions of their budget on hardening the perimeter of their networks to prevent initial access. Some commonly overlooked factors are implementing host-based access controls and hardening systems and applications within internal networks to mitigate an attacker from escalating privileges after an initial foothold has been gained. In this post, we will delve into ATT&CK’s Privilege Escalation techniques and tactics from an adversarial perspective.

Continue reading

Titanic - Lessons Learned for Cyber Security

· By Ken Dunham ·

Computer security professionals are all too familiar with the “cat and mouse” game seen on the global stage of the enemy and defenders. History does indeed repeat itself, because we are human. Humans tend to be reactive, take things for granted, and assume much when it comes to our strengths and weaknesses. Bad actor tools, tactics, and procedures (TTPs) continue to evolve with nascent technology and infrastructure solutions.

Continue reading

Will Blockchain Change the World? (Part 2)

· By Ken Dunham ·

In the previous post of this two-part series, we introduced the concept of blockchain and its possible use cases. Blockchain innovation promises streamlined operations, immutable public ledgers and more. It also shows promise in applications where there is a lot of red tape, inefficient operations, and challenges such as transnational currencies and transactions in the financial market. But there are also a variety of threats and risks associated with adoption of blockchain technology.

Continue reading

Leveraging Risk Strategy to Move Beyond Check-Box PCI Compliance

· By Bryan Wiese ·

Merchants often put compliance spending at the top of their list for budgeting purposes because the consequences of non-compliance can be expensive. Fear of increased processing fees from acquiring banks, penalties from credit card companies and the risk of brand and reputational damages can be quite compelling.

Continue reading

Will Blockchain Change the World?

· By Ken Dunham ·

There has been a lot of hype around “blockchain” these past few months. After attending sessions, discussing it with others, and researching how it is being used, it is apparent that there is a need to clear the air on this emerging topic. Blockchain has been touted as a technology that will take the world by storm and change just about everything we do on computers, but clearly it is not a silver bullet nor is it so universally applicable. It has great potential to offer trusted, traceable, and cost-efficient ledgers and associated actions with some applications of the technology.

Continue reading

Reading Obscure Memory

· By Loren Browman ·

Extracting data from memory chips is always an exciting part of any hardware assessment. I have a few chip readers at my disposal which can do the heavy lifting in the majority of cases. In fact, my TNM5000 boasts 23,000 supported devices with the supplied 16 adapters. But what do you do when the chip is not supported by your reader? Or maybe you have no adapter for the exact package you intend to read?

Continue reading

The Payment Transformation

· By J.R. Cunningham ·

Since the dawn of transactions between humans, the physical point of the transaction has served as a key instrument in the prevention of fraud, financial theft and mistakes. Letters were sealed by their senders with wax and an impression that was unique to them, ancient Roman tax collectors would carefully examine coins to ensure they weren’t fakes and cattle ranchers would brand their cattle with hot irons to prove ownership. Even the relatively modern (in the scheme of things) cash register of the early 1900’s would have a marble slab for coins that would enable the merchant to drop the coin onto the slab and determine, by sound, if the coin was real.

Continue reading

Keeping Credentials Safe: Worldwide in Real-Time

· By Janel Schalk ·

If you were to gather ten cyber security experts in a room and ask them what the most common threat actor access point is for today’s enterprise, every one of them will likely answer user credentials. Credentials have proven to be the weakest link in the cyber security industry. In fact, Verizon’s 2017 Data Breach Investigations Report (DBIR), demonstrates 81 percent of hacking-related breaches have leveraged stolen and/or weak passwords.

Continue reading

Managed Security Services (MSS) and Eyes on Glass in the Real World

· By Ken Dunham ·

“Eyes on Glass” is a common saying when it comes to reviewing SIEM logs and managed services but is often misunderstood. A layman notion is that you simply have someone looking at a large quantity of log data with a low level of skill required to see if something important appears requiring escalation. Technically “eyes on glass” requires a high degree of skill and capabilities to interact directly with unique client technologies, something not commonly included with managed services.

Continue reading
(66 Results)