Posted By Nick | April 7th, 2011
When dealing with PC’s that are suspected to have a virus there are a myriad of tools to perform “forensic” tasks. However none of them met ALL of my needs. Most got some of the data, were constrained to a particular format, or required user intervention. Not helpful if you want to instruct tier 1 … Continue reading
Tags: cirt, Incident Response, nirsfot, sysinternals
Filed In: IT Infrastructure Security
Posted By News | February 24th, 2011
Prolific Solutions today announced that proVM Auditor, software designed to facilitate the aggregation and consolidation of vulnerability scan data, has been awarded the Certificate of Networthiness (CoN) and a Computer Hardware, Enterprise Software and Solutions (CHESS) waiver from the U.S. Army Network Enterprise Technology Command. This certification demonstrates that proVM Auditor meets strict U.S. Army … Continue reading
Tags: AppDetective, Army Enterprise Infrastructure Network, automation, Certificate of Networthiness, CoN, DISA, DoD, Gold Disk, IASE, Information Assurance, Nessus, proVM, Retina, SRR, US ARMY
Filed In: IT Infrastructure Security, News & Events, Press Releases, Software and Automation
Posted By Chris | November 25th, 2010
proVM Auditor, our flagship software offering, continues to be a success for us and our clients (We have a 100% renewal rate). With proVM Auditor, we are able to give our clients the ability to more easily manage their vulnerability data and actually put it to use. We have seen our clients go from performing … Continue reading
Tags: automation, Information Assurance, Information Security, proVM Auditor
Filed In: Business Practices, Compliance, IT Infrastructure Security, Management Practices, Software and Automation
Posted By News | November 10th, 2010
Chris Merritt, ProSo CEO, had his article published as the featured article in the fourth quarter IATAC Newsletter. The article, “Looking for a New FISMA,” outlines some of the problems with compliance paradigms – especially as implemented in the federal space. The article is available @ http://iac.dtic.mil/iatac/download/Vol13_No4.pdf. About the IATAC Newsletter This free quarterly publication … Continue reading
Tags: Compliance, Consensus Audit Guidelines, FISMA, IATAC, Metrics
Filed In: Compliance, IATAC SME Program, IT Infrastructure Security, News & Events, Press Releases, Security Testing
Posted By Nick | November 2nd, 2010
It has been quite a few weeks since my last blog post. I have been very busy with the PWB course from offensive security, as well as the daily grind to put food on the table. But, that’s no excuse! Hard core *nix enthusiasts will no doubt say “duh” to the knowledge I’m attempting to … Continue reading
Tags: account creation, Backtrack, guid, Information Security, Linux, non interactive, OCSP, pen test, penetration testing, pw, PWB, Root, root user, second root user, Security, uid, useradd
Filed In: IT Infrastructure Security, Security Testing
Posted By News | September 3rd, 2010
Prolific Solutions today announced that proGD, software designed to facilitate vulnerability scanning with a DISA scanning tool, has been awarded the Certificate of Networthiness (CoN) and a Computer Hardware, Enterprise Software and Solutions (CHESS) waiver from the U.S. Army Network Enterprise Technology Command. This certification demonstrates that proGD meets strict U.S. Army and Department of … Continue reading
Tags: Army Enterprise Infrastructure Network, Certificate of Networthiness, CoN, DISA, DoD, Gold Disk, IASE, Information Assurance, proGD, US ARMY
Filed In: IT Infrastructure Security, News & Events, Press Releases, Software and Automation
Posted By Chris | August 18th, 2010
As part of the IATAC SME (Subject Matter Expert) Program, we are occasionally forwarded questions and asked for our input. The most recent request for information was interesting, so I thought I’d share my response here. Due to Federal Information Security Management Act (FISMA) Certification and Accreditation (C&A) requirements, the government and military operate using … Continue reading
Tags: Approved IA Products List, Approved Product List, C&A, CoN, DIACAP, IATAC, SME
Filed In: Business Practices, IATAC SME Program, IT Infrastructure Security, Software and Automation
Posted By Nick | August 12th, 2010
Malware analysis is not a skill that every IT security professional has. It comes with a heavy amount of programming experience, an understanding of assembly, computer memory, debuggers and decompilers. Malware analysis can take a lot of time and skill, and is usually not done by organizations’ security staff. The staff leaves it to AV … Continue reading
Tags: analysis, joebox.org, malware
Filed In: IT Infrastructure Security, Security Testing
Posted By Nick | August 10th, 2010
I recently had an opportunity to do some research into a large volume of Snort IDS rules that had begun to fire (to the tune of millions of alerts a day) for an organization. At first glance these alerts appeared to be false positives, but they smelled like a lazy application DDoS attempt from some … Continue reading
Tags: False Positive, Snort
Filed In: IT Infrastructure Security, Security Testing