AlienVault announces new training: Incident Response for USM Appliance Analysts

AlienVault recently announced a new addition to the AlienVault training portfolio: Incident Response for USM Appliance Analysts, a two-day course that we will start delivering Live and Online in May.

AlienVault has had *many* requests from customers and MSSPs for training focused on the analysis of threats identified by the USM Appliance. This course provides security analysts with the knowledge and skills to fully leverage the AlienVault Unified Security Management (USM) Appliance to perform analyst duties to identify and remediate known and emerging threats.

Please visit the web page below to learn more:

Botnets: Is your network really protected?

Security is taking a backseat as more and more devices connect to the internet

The tech world moves at a tremendous pace, unleashing wave after wave of innovation intended to improve our everyday lives. Many new devices, from security cameras to fridges, or TVs to baby monitors, are now internet connected. This affords us remote access and facilitates the collection of data, which is ostensibly used to make our systems “smarter.”

However, it also opens new doors into our offices and homes through which hackers can come uninvited.

There were around 6.4 billion connected things in use worldwide in 2016, and that’s set to grow to 8.4 billion this year, according to Gartner. There’s no doubt that the Internet of Things (IoT) will bring many benefits, but it also brings greater risk.

Awareness is growing, but everyone needs to take steps to secure IoT devices.

Hacking your IoT devices

Security has yet to catch up with the IoT trend. A couple years ago, an HP study found that 70 percent of IoT devices were vulnerable to attack. You may wonder how hackers gain access to these devices in the first place. Often, it’s because default passwords and credentials are used. In some cases, devices are woefully insecure by design with administrator logins that have been baked into the firmware.

The success of the Mirai DDoS botnets, which took control of devices such as routers, DVRs and digital cameras, was based on malware that scans a broad range of IP addresses and tries to log in to devices using default usernames and passwords. A botnet of more than half a million devices was assembled to attack one of the key domain name service providers, Dyn. It took down large parts of the internet last October, impacting major websites, including eBay, Amazon, Netflix, PayPal, Reddit and Spotify.

Devices are also frequently hacked through phishing emails, where users are tricked into opening attachments or clicking links that install malware or redirect them to false website fronts designed to steal their credentials. Malware can even be delivered through an old USB drive, so don’t be tempted to plug one in if you find it lying around and don’t know where it came from. Curiosity can kill the cat. For years we’ve seen cases of people picking up USB fobs in parking lots dropped there on purpose by the bad guys.

Building botnets

Hackers seize control of vast numbers of devices quite quickly and build botnets, which are networks of thousands, or even hundreds of thousands, of devices. They use these botnets to carry out volumetric attacks that flood target websites or servers with traffic, sometimes managing to make them completely inaccessible for normal folks. They may also be used to send spam, scan for further vulnerabilities, exfiltrate stolen data, or conduct brute force attacks.

These botnets often span the globe, and the devices often lack static IP addresses, so it’s very difficult to reliably identify them and block them. There’s little indication for the victim that their device has been infected and is now being used for nefarious activities.

To make matters worse, many hackers are just looking to turn a quick profit, so they offer botnets for hire to anyone willing to pay. Since the malware required to build a botnet can be bought, or a botnet can be rented directly, there’s no real skill barrier to deploying one.

Defending your networks

You’ll need to do some homework to make sure your network is safe. To start, make sure you change the default passwords that come with your IoT devices. This is an easy first step, but it’s not enough. You should also look into the manufacturer and be vigilant for admin credentials that are hardwired in the firmware.

The next thing you need is a decent firewall and a security platform that scans your network in real time and analyzes traffic to uncover threats. Look for malicious traffic detection, botnet detection, and command and control call-home traffic detection. You want a system that can identify suspicious traffic and highlight an infected host quickly, then isolate it until you can take action.

We must also bring more scrutiny to bear on IoT device manufacturers and software developers. If we don’t collectively start taking security more seriously, the IoT could be our downfall.


This article was originally posted on Network World >

InfoSec at Your Services Meetup: 7 Secrets of Offensive Security – Thursday, April 6, 2017

Join us for our next InfoSec at Your Services Meetup:

“7 Secrets of Offensive Security”
by Gary Miliefsky



Thursday, April 6, 2017
6:30 PM to 8:00 PM


319 Speen Street, Natick

Host: Gary Miliefsky

Gary Miliefsky
Meet Gary >

We will discuss:

The 7 Secrets of Offensive Security. With all the breaches happening in the news, isn’t it time you get one step ahead of the next threat? Get proactive and learn these secrets before you become the next victim.

Gary Miliefsky is the co-founder and CEO of SnoopWall, Inc. He is a breach prevention expert who has appeared on Good Morning America, the Today Show, CNN, FOX New, CTV and network programming across North America. SnoopWall is the leader in network breach prevention. They are ranked as the top mobile device security company by Cybersecurity 500 and one of the top 50 Most Valuable Tech Companies in Insight Success.

Click here for more information and to register >


Hackers show no mercy—even for pot dispensaries. Anatomy of a national point-of-sale breach and takedown of 1,000-plus marijuana dispensaries

Back when Apple was the plucky young upstart that dared to be different, the Mac was the machine for creative types and there was a perception that it wasn’t a target for hackers because of its cultural cool factor.

You would expect the same rules to apply to the legalized marijuana market, but a major hack attack on a pot dispensary last month set that notion up in smoke.

MJ Freeway, providers of popular medical marijuana tracking software, suffered a point-of-sale system hack that left over 1,000 marijuana dispensaries unable to track their sales and inventories. Because of the state regulations regarding the sale of marijuana, some dispensaries were forced to close early or shut their doors completely. The disruption lasted weeks and caused patients to suffer long delays with obtaining access to their medicine.

Closer inspection reveals this was a well-coordinated cyber attack that was intended to take the system down. [Read More @ NetworkWorld]