NSA Best Practices Now Include Application Whitelisting

By: January 26, 2015

The Information Assurance Directorate of the National Security Agency/Central Security Service recently released a new document titled Defensive Best Practices For Destructive Malware. The document clearly states a concise overall strategy for preventing malware: “Prevent, Detect, and Contain.” Forgive my… Read More

Security Zen: The Path to Security Isn’t Always Black and White

By: January 22, 2015

Please don’t tell anyone, but on some systems I used to administer a long time ago, I let “warez dudez” hang out on a couple of my file servers. (No, I did not use any of their warez.) This was… Read More

Following Poweliks Strike, Custom Bit9 Rule Offers Key Insight and Blocks Infection

By: January 21, 2015

I love to hear stories about how our customers use our products. I previously wrote about a global services firm that used Bit9 to connect the dots to get to the bottom of an Internet Explorer exploit. This same company… Read More

Scan-based Forensics Solutions Are for Cavemen

By: January 15, 2015

I had the opportunity to work with a global services firm that had some problems with malware on machines that were running Bit9. They were running Bit9 in “High Enforcement” mode, so the infection was being blocked, but they wanted… Read More

6 Information Security “Trimmings” I Am Grateful for This Thanksgiving

By: November 26, 2014

With the holiday upon us, I started thinking about the state of information security, and what I appreciate. The fact that I am thinking about information security around Thanksgiving leads me perfectly into the first “trimming” I am grateful for:… Read More

An Analysis of BlackEnergy3 Malware Using Carbon Black

By: November 18, 2014

In our first posting on BlackEnergy, Matt Larsen dissected the evolution of the malware and introduced the newest variant, “BlackEnergy3.” In this post, we’ll take a look at a specific BlackEnergy3 sample and analyze it with Carbon Black. Sample:… Read More