877.791.9571 |

About the Author:

Lohit is a Security Professional currently working as a Security Analyst with Oracle. He has experience in working with RFPs/RFIs; Security HLD and LLD design; Network Security elements like Firewall, IDS/IPS, DLP, Reverse proxy, WAF; in Public Key Infrastructure(PKI); in Application Security testing for OWASP Top 10; in Compliance's like PCI-DSS 2.0,3.0 , ISO 27k1, HIPPA; with Cloud Service Provider's such as AWS; in Security Incident and Event Management(SIEM) with tools like Splunk; in Vulnerability Testing. He holds certifications like Comptia Security+, IBM cloud security solution advisor. Earlier he was working with Infosys.
SIEM-01212015

SIEM Use Cases for PCI DSS 3.0 – Part 3

Welcome to the Part 3 of the series “SIEM Use Cases for PCI DSS 3.0″. We have covered some very good use cases in Part 1 and Part 2. […]

011813_1150_AAnvalSIEMb1.png

SIEM Use Cases for PCI DSS 3.0 – Part 2

So as promised, I have come up with some more use cases for PCI DSS 3.0 requirements. I will try to cover as many requirements and use cases as […]

011813_1150_AAnvalSIEMb1.png

SIEM use cases for PCI DSS 3.0 – Part 1

After I got an outstanding response to my previous article on SIEM use cases, I have now prepared a series of articles for some SIEM use cases. In this […]

fast-flux12232014

Fast Flux Networks Working and Detection, Part 2

With the assumption that readers have read Part 1 of this topic, this article will contain the other part of this article, i.e. what benefits an attacker gets from […]

fastflux12172014

Fast Flux Networks Working and Detection, Part 1

Introduction
In this series of articles, we will learn about a not-so-new type of attack, but one of the most difficult attacks to control. Yes, we will lean about the […]

websocket-logo12042014

WebSocket Security Issues

Overview
In this article, we will dive into the concept of WebSocket introduced in HTML 5, security issues around the WebSocket model, and the best practices that should be adopted […]

firewall-12112013

Checklist for Next Gen Firewalls

Due to the ever-changing threat landscape, a few security products such as firewalls, IDS/IPS, etc. are becoming obsolete because of the older technologies being employed within them. In this […]

NAT-PMP10272014

NAT-PMP Vulnerability

In this article we will learn about the latest NAT-PMP vulnerability being discovered, which will affect around 1.2 billion SOHO routers worldwide.
What is a SOHO network?
SOHO stands for small […]

POODLEattack10202014

End of SSL with POODLE

In this article we will learn about the how SSL has reaches its end with various vulnerabilities. This article will also cover the recent vulnerability discovered by Google researchers […]

tunnel10162014

Teredo Tunneling

Introduction
In this article we will learn about a transition technology in networking known as Teredo tunneling. There are various transition technologies already in place such as 6to4, but because […]

microsoft_direct_access10102014

Microsoft DirectAccess

In this article we will learn about a very famous security product of Microsoft known as Microsoft Direct Access. It is a product built over an old security concept […]

windowsBootProcess-04042013

Windows Resource Protection

In this article, we will learn about a not-so-well known but a very useful security feature in Windows: Windows Resource Protection. This feature can help a great deal in […]

FIDstand09302014

SAML, OAuth, OpenID

Introduction

In this article, we are going to see what are federation, single sign-on, and three federated identity standards, namely Security Assertion and Markup Language (SAML), OpenID and OAuth. We […]

ColdBootAttack09152014

Cold Boot Attack

In this article, we will learn how sensitive cryptographic key material can be taken away from DRAMs, which are used in most modern operating systems through an attack known […]

Tokenization09112014

Want to Limit PCI DSS Scope? Use Tokenization

Every organization should follow a proactive rather than a reactive approach to protect against threats, risks and vulnerabilities, to which if their IT infrastructure is exposed can lead to […]

MSNAP08192014

Microsoft NAP (Network Access Protection)

In this article we will learn about one of the most important features introduced by Microsoft from the perspective of network access protection (NAP). We will also cover all […]

Encryption

Amazon S3 Encryption

Introduction
Cloud computing has really changed how organizations operate and store their data. Cloud computing attracts big organizations with tags such as huge savings on cap-ex, op-ex, on-demand, and availability. […]

FileInteg07182014

File Integrity Monitoring (FIM) and PCI-DSS

In this article, we will learn about the requirement of file integrity monitoring in PCI-DSS (Payment Card Industry Data Security Standard). If we talk about PCI-DSS, FIM is the […]

Data_Loss_prevention07092014

Data Loss Prevention (DLP) Strategy Guide

In this article, we’ll learn about the concept of data loss prevention: why it is needed, what are the different types of DLP and its modes of operations, what […]

PKI-In-Cloud06302014

Public Key Infrastructure (PKI) in the Cloud

As the adoption of various forms of cloud models (i.e. public, private, and hybrid) in various industry verticals are increasing, the cloud buzzword is on a new high. However, […]