With the advent of cybercrime in recent years, tracking malicious online activities has become imperative for protecting operations in national security, public safety, law and government enforcement along with protecting private citizens. Consequently, the field of computer forensics is growing, now that legal entities and law enforcement has realized the value IT professionals can deliver.

The ultimate success of any security monitoring platform depends largely on two fundamental requirements – its ability to accurately and efficiently surface threats and its level of integration with adjacent systems. In the world of SIEM, this is perhaps more relevant than any other element of contemporary IT security infrastructure.

The cybersecurity state of affairs can be described as too complex today. There is an enormous number of threats endangering sensitive data for the average IT team to cope with. Threats ranging from exposure of physical assets stored in an office, to “social engineering” attacks resulting in unauthorized access, or even threats that exploit obscure software vulnerabilities.

Many people are familiar with the stories of coal miners using canaries to detect carbon monoxide and other toxic gases as a warning system for when they should evacuate. Even though cybersecurity is far removed from coal mining, it has an equivalent “canary in the coal mine” that takes the form of indicators of compromise, or IoC for short. So why should an MSP be concerned with looking for IoCs?

It has been a while since I have been excited to write about encrypted tunnels. It might be the sheer pain of troubleshooting old technologies, or countless hours of falling down the rabbit hole of a project’s source code, that always motivated me to pursue a better alternative (without much luck). However, I believe luck is finally on my side.

The identification of every user making a request to a given system is vital to ensuring that action is only taken by, and information only returned to, those who need it. This happens in two steps: first, the requester is identified (authenticated), and then that identity is used to determine which parts of the application they are allowed to access.

In the workplace, certain web pages can be a distraction for employee productivity—or worse, a disruption. If you’re a managed services provider (MSP), your customers may be interested in finding a way to control the types of websites their employees can access during the workday. One viable option for them to utilize is a DNS block to restrict access to certain web addresses on a given server. This article will help you understand what DNS block is, who uses it, and how it works.