This two-part series is focused on reducing the impact of a breach through early detection. In part one we looked at the change in mindset from purely preventative measures, to implementing effective detection methods within your environment; and the positive impact that this could have.  In this article we will look at bridging the gap between the initial point of intrusion and instigation of an effective incident response plan.

80% of businesses do not have an incident response plan, 15% have a documented plan but lack the foundation to provide an efficient or effective response, leaving only 5% [1] of business with an actionable incident response plan in place.  In this, the second part of our IR series we are going to look at the need for an effective and functional Incident Response plan.

Part 2 of 2 – Vulnerability details

This is the second and final post in our series about zero-day vulnerabilities we discovered in NfSen and AlienVault OSSIM. If you missed the first post, please click here to read about how our discovery of one zero-day vulnerability led to another three being discovered. As part of our responsible disclosure policy we contacted the vendors and assisted them with the process of developing patches.

Spring is finally upon us and after a long, gruelling winter; lambs are frolicking, daffodils are sprouting, and hackers are still breaching websites. It’s time to revisit your website security and make sure you’re taking the necessary measures to protect yourself and your customers.

New forms of malware are being created and identified every day; discovering and exploiting vulnerabilities can be a lucrative business. 2014 saw 317 million new pieces of malware, equating to nearly 1 million new threats being released each day according to the Symantec Threat Report.  

Voice Over Internet Protocol (VOIP) has recently become an interesting talking point in regards to PCI Compliance. If you aren’t taking the security of your VOIP seriously, you could be putting your entire organisation at risk; and could be liable for loss of cardholder data. It’s not as simple as just segmenting it away, there needs to be controls in place to prevent hackers from accessing that network segment among other security methods.