Thursday, 12 April 2012

Open Source Network Forensics and Zero-Day Malware

Although I work at a large enterprise with enough budget for the best security tech money can buy, I still have a passion for open source tools and a deep admiration for the people that freely give up their time and energy to build things of value and then share it with others.

We have successfully implemented a combination of open source tools, particularly in the field of network forensics, to detect and alert on malware traffic that was missed by the expensive tech, although they of course do their fair share of detecting and blocking as well.

It's obvious that now, more than ever, a defense in depth strategy is needed to combat what is in my opinion the #1 threat organizations face today - malware.

So why yet another blog...

Inspired by the name of one of the blogs I read regularly, The Day Before Zero, I've decided to put words into action and start a blog where we (me and others in my team) can share our experiences and learnings from the trenches of IT Security.

Because that is what we do, we defend the organizations we work for on a daily basis against the bad guys out there. So hopefully this blog will help in bolstering your defenses and keeping your company out of the headlines.

Splunk & Active Directory Password Expiry

So the other day I was asked by our IT Helpdesk if I could send them an alert when a VIP user's password is close to expiring so that th...