Here's my concern.. I've tweeted this a few times in the last couple of weeks.
What you don't know can, and probably already has, hurt you. And if you think I'm mistaken, send me a couple of days of your netflow data and I'll show you. Ooops sorry, you don't know how to collect netflow? Well there ya go.
The truth is, the folks that tell me that they don't have a problem are the same folks who can't configure snort, have never heard of Bro, and for the most part, focus on the checklist (that they use like a safety blanket). It's that warm woolly PCI (FISMA, HIPAA, 800-53, ISO, other) checklist that says you've done what you've supposed to, and therefore must be safe. But on the same day when we're sending out literally tens of thousands of victim notifications, I'll sit at a meeting of qualified information security folks who are smart as hell, but still haven't come to the realization that much of what lies slightly below the waterline is really a huge iceberg just waiting to sink your unmonitored, unprotected, but compliant boat.
So... A few weeks ago, we started sending victim notifications. We don't charge for them. They just go out periodically. We're hoping for karma points somewhere along the line. The idea was simple... let's raise some awareness. We post a short piece to our new distro site (cms.wapacklabs.com), and you can pull a bit on the victim alert that you may have received, and it'll probably have a link to an authoritative incident response process --maybe one of the AV vendors, or Microsoft, or when needed, someone that can help with a larger problem.
So here you go... we've posted a few good pieces recently. You should go look. Between the CMS and our API, Threat Recon, every infosec pro from the entry level IPS virgin to the hardened coffee-breathed greybeard, you can get what you need. Not enough? Red Sky Alliance is alive and well --for three years now in just a couple of weeks. So if you need more information, join the conversation in Red Sky.
Need a reintroduction? Call us. We've added a bunch of new offerings to our lineup from feeds to the collaboration to being integrated into a number of new products. I'd love nothing more than to show you how we've matured.
So here's the deal.. at no charge, you can pull two victim notification explanations, sometimes with mitigations; sometimes with links to others who've already analyzed it.
For $250 per year you can sign up to be notified when new notifications go up, and be able to download anything that we post to that area.
Need more? Our intel reporting can be purchased for slightly more, but when paired with Threat Recon, you'll have a pretty good picture of what's going on. Intel reports give you the full 'story', and if you need to dive down, search for the intel report on Threat Recon.
As a teaser... here are a few of our recent posts on our new CMS.
Have a great weekend!