I’ve worked in our Security Operations Center for the last 6 years and
we monitor ever potential intrusion issue our customers face, mitigate
these threats and perform forensic analysis when required. We also and
manage their PCI scans, their AIP modules and their Fortigate UTM
devices.I feel that as a company need to back away from the UTM/IDS/IPS all in
one based security model where we are trusting device’s that provides
our analyst’s with little to no packet data back to our original IDS
model of a snort/vortex hybrid as we can never truly understand the
full depth of an attack or even potential threats being thrown against
our customers networks with the data we currently use. Our false
positive rate is through the roof and though it may cost us more now
we need to focus on getting our analysts the data they need to fully
understand these intrusion events or else we will never be able to
truly compete at large scale enterprise level.We need to provide our PCI customers with actual mitigation strategies
for when they fail their PCI scans instead of simply sending them a
auto generated report compiled from nessus, saint and nexpose results.
I feel we are under utilizing our entire staff whom are all potential
points of infiltration and defense as well. We need to keep all of our
teams on their toes and potentially provide incentives for those who
question the person walking towards the data center theyve never seen
before about why they are there or to notify our security team when
they receive an email that may seem slightly abnormal. We need a good
mixture of internal security testing, random internal penetration
tests and audits. Another great way to imrpove on this would be
phishing our own employee’s to see if our minimal internal security
training is truly enough and will show us the employees who may need
slightly more training.If we truly want to perform well in the security field we need to
provide our customers and the security community in general with more
information regarding our research on botnet reverse engineering, more
information regarding mitigating current and active threats such as
infection campaigns. We should also be working with our russian and
chinese speaking analysts to infiltrate many of the known underground
forums to provide our company, customers, partners and the industry as
a whole with as much information as possible regarding the threats and
targets we could obtain from this intelligence.
Our first contest winner’s entry: Evan Keiser
Posted in Uncategorized.
– May 14, 2012
Episode 80 – Winners and Losers
Tonight, Martin, Steve, and Joseph announce the first winner of the Southern Fried Security Elevator Pitch contest: Evan Keiser! Congrats! We still have 3 BSidesLasVegas tickets to give out, so make sure you send in your entries.
We also discussed a few stories tonight.
First, we talked about Adobe, and their recent dealings with patching their flagship CS5 product:
http://www.securityweek.com/adobe-changes-tune-forcing-paid-upgrade-fix-security-flaw
Then, we talked about the newly proposed .secure TLD, and some of those ramifications:
http://www.wired.com/threatlevel/2012/05/dot-secure/
And lastly, we talk about a fantastic article about how to identify the real threats to your organization from DarkReading:
As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter. And don’t forget to submit your entries to sfspodcastcontest@gmail.com
Posted in Podcasts.
– May 14, 2012
Episode 75 – Global Payments – Oy Vey!
This evening, the gang is all here! Martin, Joseph, Steve, and Yvette all jump on to talk about
some new and exciting breach type stories.
First, we talked about our first credit card payment processor breach since Heartland, Global
Payment Systems.
http://krebsonsecurity.com/2012/04/global-payments-1-5mm-cards-exported/
http://www.darkreading.com/security/privacy/232800063/global-payment-systems-compromised-in-massive-breach.html
And if we’re talking breaches, we had to talk about this year’s Verizon DBIR:
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss
And if you have any feedback, drop us a comment or find us at @SFSPodcast on Twitter.
Posted in Podcasts.
– April 2, 2012
Episode 73 – The Song of the Sabu
Episode 73 – The Song of the Sabu
Tonight, it’s just Martin and Joseph, and they’re hitting some of the breaking news of the evening. First, they talk about the Security Bloggers Meetup from RSA, and props to all the winners and nominees:
http://www.ashimmy.com/2012/03/social-security-blogger-award-winners.html
Then, we get in to the real meat of the show tonight: Sabu and the FBI arrests:
http://erratasec.blogspot.com/2012/03/notes-on-sabu-arrest.html
To close out, we brought up some fun news for this summer: BSidesLasVegas2012 is offering mentorship for those who want to break in to the security speaking “circuit”. Check that out here:
http://www.securitybsides.com/w/page/51614272/BSidesLV%202012
As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss
And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.
Ah, and our closing song for the evening: The Song of the Cebu - http://www.youtube.com/watch?v=_uv8Ej4CEoQ&ob=av3n
Posted in Podcasts.
– March 6, 2012
Episode 72 – Doing It Right, Doing It Wrong
Tonight, we announce ourselves a new member: Yvette Johnson! (@jetsetyvette on twitter) She’s going
to bring a softer side to the podcast. So of course, we picked us two stories on opposite ends of
the spectrum to get her started.
First, we had us a story of folks doing it right: Liquidmatrix. Read this entire article.
Seriously. Now do it again. A fantastic article, we had nothing but good things to say about it.
http://www.liquidmatrix.org/blog/2012/02/21/we-are-losing/
On the very opposite end of the spectrum, an article from Forbes. A textbook example of FUD
marketing. (For prior reading, check out this article for a little background:
http://www.loglogic.com/blog/what-does-s-stand )
http://www.forbes.com/sites/petercohan/2012/02/17/loglogic-helps-ceos-sleep-at-night/
As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss
And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.
Posted in Podcasts.
– February 21, 2012
Episode 71 – They Did What???
Episode 71 – They Did What???
Tonight it’s just Martin and Joseph, so we decided to hit some of the hard hitting topics of the last week:
First, we talk about a fantastic article from Dark Reading about “Do you need a Security Operations Center”: http://www.darkreading.com/security-monitoring/167901086/security/perimeter-security/232500661/do-you-need-a-security-operations-center.html
Then, we get warmed up for our rants of the evening with Steve’s article about the VeriSign disclosures, or lack thereof: http://www.thetechherald.com/articles/VeriSign-left-executives-and-the-public-in-the-dark-about-breaches/16168/
And finally, we get to a nigh-impenetrable blog post from Trustwave, talking about why they issued a Certificate Authority to a private organization: http://blog.spiderlabs.com/2012/02/clarifying-the-trustwave-ca-policy-update.html
We wrap up with a nice wrap-up of Shmoocon from Martin, and announcements about SOURCE Conference.
As always, you can find the podcast here or on iTunes: http://sfspodcast.libsyn.com/rss
And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.
Posted in Podcasts.
– February 6, 2012
Episode 69 – Offensive Security Redux
Tonight Martin, Joseph, and Steve touch on some fun topics tonight, revisiting some of our conversations from about this time last year in Episode 43. Without further ado – our stories for the evening:
It’s the breaches of the week!
http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/
http://www.thetechherald.com/articles/24-million-customer-accounts-exposed-in-Zappos-hack/16025/
And for the second half of our podcast, we discussed a return to Offensive Security, thanks to this article by George Hulme:
http://www.csoonline.com/article/698237/enough-defense-is-it-time-for-an-it-security-offensive-
And for your bonus image for the day, we ma have dug up an image of Alex Hutton during his college days:
I'm not saying this is Alex, but it's probably Alex
As always, you can find the podcast here: http://sfspodcast.libsyn.com/rss
And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.
Posted in Podcasts.
– January 23, 2012
Episode 67 – Hashes, Hackers, and STRATFOR – Oh My!
A happy new year to all our listeners! The boys are back in town, as it were. There are some big changes that came up this year, the first of which being a slight change to our format. We’ll be moving to a bi-weekly schedule, with interviews or other format episodes on the alternate weeks.
Also, it’s with great regret that we have to announce that our good friend, Andy Willingham, will no longer be on the podcast with us for a while. Life can be a little crazy, and he’s going to take a break for a little while, and we wish him all the best.
So this week, Martin, Steve, and Joseph dug into the password leak from the STRATFOR breach, and what the implications could be for passwords, and how we should look at the breach, based off of Steve’s article: http://www.thetechherald.com/articles/Report-Analysis-of-the-Stratfor-Password-List
Join us next week as we have a special interview with Alex Hutton.
As always, you can find the podcast here: http://sfspodcast.libsyn.com/rss
And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.
Posted in Podcasts.
– January 9, 2012
Episode 62 – Experts and Leaders
Episode 62 – Leaders and Experts
This week, for two weeks in a row, the whole gang is back. We hit two articles that provoked a lot of thought amongst us, so without further ado:
Security 101: Security in 140 Characters or Less
http://isc.sans.edu/diary.html?storyid=11725&rss
Are you an IT security leader – really?
http://www.networkworld.com/news/2011/100311-are-you-an-it-security-251503.htm
Join us next week, as we continue to put right what once went wrong, and hope each time that our next leap will be the leap home.
Posted in Podcasts.
– October 3, 2011
Episode 60 – Signal to Noise
This evening, it was just Martin and Joseph covering some of the big
news of the past week: Diginotar and Sony.
Diginotar, a Certificate Authority from Holland was breached over this
past week, and the fallout just seems to keep growing:
http://www.thetechherald.com/
http://www.f-secure.com/
Back in the spotlight again is Sony, but for good (we hope) reasons
this time, as they’ve announced their new CISO:
http://www.1up.com/news/sony-
Also, as we said on the podcast, for people with a high signal to
noise ratio on Twitter, try starting with these folks.
@CSOonline @mikkohypponen @uscert_gov @HDMoore @rwestervelt @WeldPond
@riskybusiness
As always, you can find the podcast here: http://sfspodcast.libsyn.com/rss
And if you have any feedback, drop us a comment or find us at @SFSPodcast on twitter.
Posted in Podcasts.
– September 7, 2011
