News & Publications

Title Date

The So-Called Intel Bug

Two named bugs dropped on January 3rd, both concerning the way in which modern CPUs work. Nearly all intel hardware for approximately the past 25 years is affected. The Meltdown and Spectre bugs are severe in nature, and organizations will need to address the specific and pervasive risk of information leakage and take specific mitigative measures.

Best practice Audit Policies - Windows OS

When configuring Windows to write audit logs for your SIEM, consider the following policies as a way to improve value over volume in your logging.

Set It and Forget It...Fail.

You’ve set up your SIEM, you have logs flowing and a report or three. You are done, right? You don’t need to look at it every day, right? You can just check it on Friday on the way home, right?
It emails you an alarm, so you are done, right?

Early Thoughts on Krak

The news is coming out today about a core protocol-level flaw in WPA2-PSK named "KRAK" [a forced acronym for Key Renegotiation AttacK, the method by which connections can be compromised]

Our Thoughts On The Equifax Breach Of 2017

Cross Posted from Net Friends

Castra has been asked by several of our customers what they should do to respond to one of the biggest data breaches ever, the Equifax Breach of 2017 that resulted in the potential loss of sensitive information that could be used for identity theft, impacting just under half of the entire US population, or 143 million people.

How Does The Equifax Incident Compare to Other Data Breaches?

Cross Posted from AlienVault

The Equifax data breach news which broke last week was a bit of a shocker. About 143 million Americans were affected, which is most of the US adult population, and an unknown number of Canadians and Britons. The leaked data included some highly sensitive information including social security numbers, home addresses and credit card numbers.

How to Protect Your Business from a Cyber-Attack

Cross Posted from ITProPortal

In today's digital world, cyber attacks are inevitable and businesses must protect themselves accordingly.

Cleanrooming Legacy Systems

The WCry worm threw into sharp relief how quickly the turnaround between exploit announcement and the use of said exploit in a high-profile attack can be: a vulnerability patched in March, with a public exploit shown in April, was used worldwide in early May.

Network Segmentation

Network segmentation is the practice of dividing a formerly 'flat' network [where every device can contact every other device] into a series of segments that have restricted communication between them.

Egress Filtering

Egress filtering counteracts situations when the attacker is either seeking to sniff internal traffic that may be leaking outside the gateway or to provide a block against [and potentially notification of] so-called C2 traffic generated when an attacker has succeeded in infecting a system. Once egress filtering is put in place, your network will be far safer, and a much harder target for most attackers.

Beginner’s Guide to IDS, IPS and UTM - What’s the Difference?

White Paper

There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive de nitions; so let’s take a look at IDS, IPS and UTM through that lens.More Info