Testing the Recovery from DCShadow Attacks
MITRE ATT&CK reports that a “rogue” domain controller could be used to manipulate data in Active Directory. This attack, known as a DCShadow attack, requires you to have administrative rights, but als...
Using Automation to Lean out your ERP Change and Patch Management
I expect the past 18 months has been challenging for you and your company. Likely, your company had to adjust the way you operate since the pandemic hit. It must be difficult keeping the manufacturi...
ERP Automation may be the Key for Healthcare Success
No doubt the past two years have been challenging for all ERP teams, this is especially true for the healthcare industry. The pandemic, in many cases, has increased the number of changes to their ERP...
Using Foglight User Defined Collections to check SQL Server Security Best Practices
I was reviewing the article 13 SQL Server Best Practices recently and it occurred to me that 3 of the tips could be put in Foglight to continually check that your SQL Server instances are compliant. ...
Integrating InTrust event log forwarding with ELK SIEM
Elastic stack demonstrated itself as a leader for open source big data analysis, data collection, and visualization products. The stack which is usually abbreviated with ELK contains the following com...
New in Quest InTrust – Real-Time alert notification in the Event Log
Quest InTrust is a very powerful log management framework which also contains a lot of possible ways to notify about triggered alerts: Email alerts SCOM connector Alert Reports in SRS Alerts in SQL D...
How InTrust can drastically reduce RDP attack attempts frequency
It is well known for anyone who tried to run a VM in the cloud that RDP port if left opened will be attacked with massive waves of brute-force attempts from IPs all around the world. I run a detection...
New in Quest InTrust – Suspicious process creation detection
In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persis...
Your Ticket to the IT Dance: The Endpoint Compliance Two-Step [New Paper]
Who says IT administrators can’t dance? It turns out that IT asset management and compliance boils down to a two-step, which almost anybody can do. Sure, there’s a difference in style between the quic...
Want to see if someone is attempting a known CVE in your infrastructure? Just collect logs
Something really cool about honeypots and deception technology, in general, is that you can see a hacker or a penetration tester in action with very little false positive notifications. Deception also...
Mitigating the insider threat, step 3: Keep admins in their lanes
In my first and second blog posts in this series, I explained how limiting the power of user and admin accounts by controlling permissions and GPOs reduces the usefulness of those accounts to attacker...
Mitigating the insider threat, step 2: Control your GPOs
In my previous blog post, I explored the first step in mitigating the insider threat — understanding and controlling privilege across the environment — and reviewed how Quest Enterprise Reporter Suite...