Posts

Researching the difference between SIEM and SOAR

Image
A great matter of debate and confusion I have always seen is the line of difference between SOAR and SIEM along with fact that if you have one, do you still need the other or in conjunction. In order to understand the clarity, let us analyze the details and the concept behind both one by one: 1.       Understanding SIEM SIEM is the abbreviation for the technology platforms which stands for security information and event management used to collect and store security data. This can be related to simple examples including firewalls, intrusion detection systems/ prevention systems etc. This technically helps to aggregate and correlate all of this gathered data by help in analyze date wth focused analytics and machine learning software. 2.       Understanding SOAR SOAR on the other hand is the collective technology involving Security orchestration, automation and response (SOAR), that is intended to help imbibe security operat...

Demystifying Zero trust architecture

Image
1.     Introduction to zero trust: A more and more raging buzz word in the world of information security, Zero Trust Architecture refers to the “defense in depth” approach of implementing security concepts removing the process of automatically trusting actors and devices integrated in network. Zero trust architecture provides a thorough end to end approach to enterprise resource and data security controls interwoven around identity (person and nonperson entities), credentials, access management, operations, endpoints, hosting environments, and the interconnecting infrastructure. Zero trust leads to ultimately verifying every single component trying to connect to the system before granting access. Relying on fine grained methods such as micro-segmentation and granular perimeter enforcement based on users, zero trust helps to control security over controls such as trusting a user, machine or application for gaining access to a part of the enterprise network. Zero ...

Digital Wallets Security

Image
Introduction to digital wallets  Digital wallet, also referred as "e-Wallet" allows people to perform electronic transactions without the need to have physical cards. Not only does it allows to perform payment and transactions, but also is handy to store other identity documents such as loyalty card(s) within the wallet. It also eliminates the need to carry multiple physical cards. Now as we have understood in simple words the meaning of digital wallets let us understand how do digital wallet transactions work. Steps of a digital wallet transaction being performed To use a digital wallet, the user needs to open the wallet application on mobile. To do this users can either use facial recognition, fingerprint identification, or PIN codes (based on the phone model and the configuration) Post unlocking the application, the user next selects the stored payment method for use, as digital wallets allows to store multiple cards There can be two type of transactions for digital wallet...

Threat intelligence overview - Threat Intel Series Part-1

Image
TLDR:  Threat intelligence is on way to becoming a must-have capability for every organization. This will not only help protect the firm but also keep them aware of constant threats and the plan to safeguard against those. Threat intelligence overview: As defined by Gartner, threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. This curated information helps a firm to make better decisions about how to defend ourselves and our business, from cyber-based threats. Threat intelligence can help identify and analyze different cyber threats relevant to your organization  The best approach is to use specialized threat intelligence tools to capture and digest feeds and thereafter analyze them via existing knowledge to know if a threat is real and the applicable...

Network forensics overview

Image
Introduction Network forensics in a nutshell is the combined activities regarding capturing, recording, and analyzing network packets in order to determine the source of attacks. Steps of network forensic examinations ·         Identification ·         Preservation ·         Collection ·         Examination ·         Analysis ·         Presentation ·         Incident Response Types of analysis performed on network level: ·         Data-link and physical layer (Ethernet) Methods are achieved with eavesdropping bitstreams on the Ethernet layer of the OSI model. Monitoring tools or network sniffers such as Wireshark or Tcpdump are used. These help to capture traffic data from a network card ...