I have been watching the Cisco AMP and Paladin CyberSentinel Managed Endpoint Detect & Respond consoles for a number of clients of late. One thing is extremely apparent. Your administrators are under constant attack from emails with fake invoices, as well as Microsoft Word and Excel documents – all of which are infected.
This tidbit is a refresher on looking at Cisco Firepower Intrusion Event logs and daily reports. Specifically, I wanted to review for all of you again the meaning of two key columns, the Impact and Inline Result columns The Firepower Impact scale is designed to help the recipient understand where to focus scarce resources first.
One of the things we are quite proud of here at CSI despite the numerous network down stories over the years (many of them gruesome) we have never had a client miss a payroll. A business official’s worst nightmare is not that the network is down. It is that they might miss payroll.
This one is short and sweet. Once in a while we encounter equipment or software that you have purchased elsewhere, but you want CSI to actively support you with it moving forward. The reality with some of these vendors is that we are not allowed to call for technical assistance or even to place a […]
Often we all don’t get true clarity on the importance of certain issues until you are living them. That is why for instance Dutchess County BOCES attempts to do a yearly, live, full DR test. It is amazing what you find out when you actually force yourself to go production on plan B. Documentation is […]
Keeping up with my theme on DNS related posts, this week I will again reprise a post from over a year ago on the importance of implementing proper control of DNS as part of your malware protection program. It remains as valuable part of your overall all network and security management policies.
In the February Tech Talk Webinar entitled, “SCCM Troubleshooting Part II” Scott introduced the new Support Center for client troubleshooting which became available in 1810. It provides real-time log viewing, or capturing the state of a Configuration Manager client computer for later analysis.
The US-CERT (Computer Emergency Response Team) recently gave a presentation on what China has been doing to hack anything they can hack with the goal of stealing intellectual property, money and personally identifiable information. While most public sector schools and government agencies are generally not vast repositories of intellectual property, they do manage and transfer […]
We constantly harp on all of you segregating third-party vendor equipment on to vendor VLANs. The purpose of that is to keep third-party vendor equipment completely away from your internal network. Ideally, we don’t want these vendors to see, touch, or ask your internal network anything.
Last month on January 22nd the US Dept of Homeland Security took the unusual step of issuing Emergency Directive 19-01 to all Federal Agencies. The directive issued steps that had to be taken by those agencies to mitigate potential DNS infrastructure tampering.
