by mathildeexlm mathildeexlm No Comments

SPF, DKIM & DMARC, the three pillars of email security

The ending of the almost eponym 1946 movie finds Frank musing about his own incoming death. You see, he and his beloved Cora escaped justice once after having killed her husband, Nick. But here he is, condemned for murdering Cora, even though her death was accidental. And in his mind, it feels pretty much as if Justice was served in the same way as the postman delivers letters, who rings once, and if nobody answers, rings again for important missives.

Arguably, a lot of drama could have been avoided if Frank had just absconded with Cora straight from the beginning. And instead of a goodbye note left in a cash register for Nick, Cora would have posted a letter from far away. But that would probably not have made an interesting story, apart maybe, the said delivery of the letter by a postman.

That will be the focus of today’s post. Except instead of an envelope, stamps and paper, we will bring it to our digital era and look at how emails travel and what measures can be taken to ensure they are legitimate.

Or even better, what measure can be taken to prevent unauthorized people to send an email seemingly coming from our domains.

Read more

by mathildeexlm mathildeexlm No Comments

10 CSOC tools for simplifying your daily life as a CSOC Analyst

CSOC Analyst man repairing computer

CSOC Tooling

Working as a CSOC analyst is becoming more complex, with alert volumes increasing rapidly as perimeters are integrated, tools, regulatory constraints, and the need to detect suspicious behaviour as quickly as possible.

Increasing the number of analysts to solve these problems would seem utopian as cybersecurity skills are increasingly sought after and consequently hard to obtain. Even though attracting talent must continue to be a major challenge, implementing good CSOC tools to simplify daily life is also critical. As is usually the case with the triptych: process, competent personnel, and technology, which must be adjusted to implement an efficient CSOC. As a result, the technology part of this article will focus on the CSOC tooling.

Read more

by mathildeexlm mathildeexlm No Comments

MITRE ATT&CK: Yet another new framework to learn about

In the hope of preventing a breach, companies deploy various detectors: from border security (firewall, proxies, …) to endpoint protection (EDR, antivirus, …). And, potentially, centralize all these events in a SIEM to correlate and implement Use Cases.

So many solutions and vendors, but yet some questions remain: how well (or not) is your detection against the most common attack vectors for your business sector? Are you able to detect attackers’ activity once they breached your infrastructure? Do you have overlapping sensors?

This article presents a framework, Mitre Att&ck (Adversarial Tactics Techniques & Common Knowledge), which becomes more and more popular and attempts to address the above questions. We will first, remind the existing methods and detail how Mitre Att&ck contributes to improving the understanding of an attack. We will then describe the various objectives achievable with this, as well as the requirements to get the most of it. Lastly, we will consider the interface developed by Mitre to fulfil the objectives efficiently.

Read more

by mathildeexlm mathildeexlm No Comments

Passwords: hash them harder, better, faster, stronger

What have we learned from the latest 30 years of password storage? We went from plaintext passwords in databases to hashed passwords, salted and even peppered passwords. Distributed computing required algorithms to adapt to new types of workload. So, what are the best practices, and what makes a truly resistant password hash against offline cracking?

Let’s review the basics of password hashing and the usage of the different algorithms used by the industry. Read more

by mathildeexlm mathildeexlm No Comments

Newsletter: SWIFT CSP: A change to reinforce the security of the global banking system

Secure the SWIFT Network

In 2016, users of Society for Worldwide Interbank Financial Telecommunication (SWIFT), Bangladesh, Vietnam and Ecuador suffered cyber-attacks and had huge financial losses. Due to the exponential increase of cyber-attacks and frauds against financial institutions, the same year, SWIFT introduced its own Customer Security Programme (CSP). The main goal of this programme is to ensure and improve the security level of each SWIFT customer to bring more confidence in the SWIFT’s network. To follow this aim, SWIFT proposed three guidelines: Secure your environment, Know and Limit Access, Detect and Respond.

Read more