This book attempts to capture the risks and security considerations present for general populace of users accessing the web with default browser settings in place and covers some of the most popular browsers around today including the Andriod browser. 

Useful reading for anyone who wants to move beyond the default web browser settings and create a more secure configuration.  The document can be found at: http://code.google.com/p/browsersec/wiki/Main

Security Operations Metrics:  Introduction - An overview of my thoughts on Security Operations and Incident Response Processes and Metrics that are easily achievable in most organizations.

The CSIS commission’s report, “Securing Cyberspace for the 44th Presidency“  was released today.

Though unlike Highlander, I hope that in the end there can be more than one.  SIEM is NOT dead, but if High-Tower’s recent announcement is any indication it certainly will become a thinner herd in the very near future. 

NetWitness announced today that it is providing a free version of it’s Investigator product to the world!

I’ve received a series of follow-up emails, phone calls, and texts asking about “Einstein” and Trusted Internet Connection (TIC).

I found out through twitter that Martin Mckeay has a blog post “What would you ask the Department of Homeland Security Secretary?“ on his Network Security Blog..  Boy, I’d love to participate in that session….

Rocky DeStefano will participate as faculty at the IANS 2008 Pacific Information Security Forum in San Francisco Dec 2-3, 2008.

I recently attended a security conference as a member of a team presenting on log management and SIMs and during one of the sessions a very interesting trend was introduced. A couple of companies have actually moved their network engineering team into the security group.

Decurity will be facilitating several regional Security Operations Workshops in the coming months.  The first workshop is planned during the week of November 17th in Washington DC.  Similar events are being planned (Tampa, NYC, etc.) and will be prioritized based on demand!
UPDATE:  The first DC SESSION will be moved to Jan 2009.  Current Incidents, US Government transition meetings, holiday schedules were too hard to fit into Nov.

I didn’t even realize until several days later, but Decurity is officially 1 year old!  A quick look back at our first year shows we’ve been quite busy and the next year looks amazing in terms of what we are going to accomplish!

Decurity welcomes Travis Aldrich as a key member of the team!

.
Over the past few weeks, I’ve been giving a very similar presentation, to different audiences, when I’m asked to talk about the need for Collection across an enterprise.  The attached diagram illustrates some of the flaws that come with relying on “point solutions” to provide enterprise visibility.  Each technology has it’s inherent blind spots, but in conjunction with one another and a few other tools - namely Full Packet Capture, Log Management and SIEM you can provide your Detection team the ultimate information set for analysis and reduce your time to Incident Identification.  This blog highlights some of the requirements for successfully establishing an effective Collection.

ArcSight User Conference Keynote Presentation by Hugh Njemanze focused on Logger v3.0 to be released in the very near future.

I’ll be posting my notes and comments from this years ArcSight User Conference Notes over a few blog entries this week.
This is the first entry:  Major ArcSight Organizational announcements