Let's find
a solution that
fits your needs
Contact us to see how we can help
with a no cost initial consultation.
Request a Quote
e: [email protected]
p: 919.595.8560

Publications

Blog, News, Publications, Videos and More

Publications

Blog, News, Publications, Videos and More

The Castra Elastic Logger for USM Appliance

A fast and scalable solution to pair with your existing USM instance

Do you need to add long-term logging to your AlienVault USM? Do you want to combine the search power of Elastic with the advanced AlienVault USM platform? If you are looking to expand your AlienVault raw log storage while adding new possibilities for analytics, visualization and reporting, Castra’s Elastic Logger is for you.More Info

AdBlocking and Adblocker Blocking

Most people are familiar with the notion of an adblocker. It's pretty much what it says on the label: a program that blocks ads from showing. They may not, however, be entirely familiar with how adblockers work or what the best kind of adblocker for their use might be.More Info

Analysis of the GAO Report on the 2017 Equifax Breach

Cross Posted from Net Friends

The GAO report provides the most detail to date about the specifics of the breach summarized in the graphic below, such as how the attack started on the Equifax dispute portal servers, how they gained access to 51 databases and extracted data from them for over 76 days in small increments to avoid detection.More Info

Bandura Cyber Announces Strategic Partnership with Castra Consulting

Partnership Enables Automated Threat Intelligence Protection

Collaboration Will Fuse Advanced Threat Intelligence Gateway Technology with Castra’s mSIEM Managed Service OfferingMore Info
Title Date

Beginner’s Guide to IDS, IPS and UTM - What’s the Difference?

White Paper

There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive de nitions; so let’s take a look at IDS, IPS and UTM through that lens.More Info

Best practice Audit Policies - Windows OS

When configuring Windows to write audit logs for your SIEM, consider the following policies as a way to improve value over volume in your logging.More Info

Cleanrooming Legacy Systems

The WCry worm threw into sharp relief how quickly the turnaround between exploit announcement and the use of said exploit in a high-profile attack can be: a vulnerability patched in March, with a public exploit shown in April, was used worldwide in early May.More Info

Default Credentials Considered Harmful

The use of default credentials by vendors is an outdated, dangerous throwback to 20th century practices that has no business being used in today's world. It is this specific antique practice that is directly responsible for the existence of the record-breaking denial-of-service botnet recently used to censor Brian Krebs and the similar attack on OVH - these botnets only exist because default credentials were implemented on devices, in flagrant violation of best-practices when building appliances.More Info

Early Thoughts on Krak

The news is coming out today about a core protocol-level flaw in WPA2-PSK named "KRAK" [a forced acronym for Key Renegotiation AttacK, the method by which connections can be compromised]More Info

Egress Filtering

Egress filtering counteracts situations when the attacker is either seeking to sniff internal traffic that may be leaking outside the gateway or to provide a block against [and potentially notification of] so-called C2 traffic generated when an attacker has succeeded in infecting a system. Once egress filtering is put in place, your network will be far safer, and a much harder target for most attackers.More Info

Happy Patch Tuesday

In today's batch of patches from Microsoft, there are several very important vulnerabilities, but there is one that is specifically critical for users of Alienvault installations.More Info
Prev123Next

Beginner’s Guide to IDS, IPS and UTM - What’s the Difference?

White Paper

There is often a lingering and general confusion over the acronyms IDS and IPS, and how they are like or unlike UTM software modules. Everyone likes primers and simple descriptive de nitions; so let’s take a look at IDS, IPS and UTM through that lens.More Info