Elastic stack demonstrated itself as a leader for open source big data analysis, data collection, and visualization products. The stack which is usually abbreviated with ELK contains the following components

• Elastic search - data indexing and analysis…

Quest InTrust is a very powerful log management framework which also contains a lot of possible ways to notify about triggered alerts:

• Email alerts
• SCOM connector
• Alert Reports in SRS
• Alerts in SQL DB 
• Web Interface for Alert management - InTrust Monitoring…

It is well known for anyone who tried to run a VM in the cloud that RDP port if left opened will be attacked with massive waves of brute-force attempts from IPs all around the world.

I run a detection lab in Azure and at some point, it just started to…

In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protection…

Something really cool about honeypots and deception technology, in general, is that you can see a hacker or a penetration tester in action with very little false positive notifications. Deception also can help with detecting yet unknown threats that cannot…

DC in the cloud

There could be many different reasons that require Domain Controller running in the cloud:

• Overal company direction to get rid of the on-prem data center with all of the supporting services including Active Directory, DNS and DHCP
• Legacy…

The cyber-security community is buzzing about this recently unveiled vulnerability in Windows Textservices Framework.

"Project Zero: Down the rabbit hole" https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html by a security researcher…

Quest InTrust 11.3.2 maintenance release happened last week. One of the main features is improved and expanded support for Linux OS. Let me focus on this topic and provide some details about how InTrust can be used to setup truly centralized and feature…

Currently 30% of companies in the United States are using the NIST Cybersecurity Framework to manage risks with projections of 50% by the year 2020 (https://iapp.org/news/a/the-future-of-the-nist-cybersecurity-framework/). 

Quest has a broad portfolio…

In reviewing the DFS Cybersecurity regulation Section 500.02, I immediately began thinking of the NIST Framework. Section B has several subsections that map to NIST:

Probably everyone in the IT world heard at least something about mimikatz – a PowerShell library for performing targeted attacks in Microsoft Windows infrastructure. There are numerous other PowerShell toolkits developed to help attackers to recon, to…