• Home
  • /Articles posted by ' Andrew Alaniz '


The Capital One breach and what we should really be talking about

I’m not going to try and write anything regarding the attack vector, Erick Johnson did that well here: https://ejj.io/blog/capital-one I’m not going to give an executive overview, Krebs did that well here: https://krebsonsecurity.com/2019/08/what-we-can-learn-from-the-capital-one-hack/ I really just want to bring up something I haven’t heard enough people talking about, detection. There has been lots of conversation ... Read More

The Assumed Breach Model – A Practical Approach Part 3

In Part 1 of this series I gave a brief overview of  the assumed breach model of security.  In Part 2, I dove into some details about major components to implementing the assumed breach model.  In Part 3, I am going to provide some concise, real world steps to moving toward this mindset within an ... Read More

#Spectre and #Meltdown – What do we do?

Seems like now about every 6 months or so every asks this same question about some new vulnerability.  The answer should be the same, do the same thing you should have been doing before this vulnerability came out. In an Assumed Breach model of security, these vulnerability would have already existed, and your other network ... Read More

The Assumed Breach Model – A Practical Approach Part 2

In Part 1, I gave a brief overview of the Assumed Breach model.  In this part, I will begin to dive a little deeper into some of the areas where the assumed breach model can focus.  I am going to cover three areas: Network Segmentation Tiered Accounts and Access Control Log Management and Threat Hunting ... Read More

10 Immutable Laws of an Assumed Breach

A few years back Microsoft released a set of 10 Immutable Laws of Security. These are tried and true and should be a foundation of security posture.  I have been developing some information around the Assumed Breach model of security.  You can read about it in a series of blog posts I am going to ... Read More

The Assumed Breach Model – A Practical Approach Part 1

This is something I have been socializing for a while now, but I thought it was time to start putting some of thoughts down in writing. So what is the assumed breach model of security? To put it simply, it is a security strategy that assumes any given endpoint is breached and controls risk as ... Read More

Windows Event Log Management Presentation

I recently presented a brief presentation to the Central Alabama ISSA Chapter on Windows Event Forwarding (WEF).  I have a previous blog with a number of resources for getting WEF up and going.  The main point of this presentation was to point out the simplicity of WEF and for people to consider what they are ... Read More

Risk of using VNC in an Enterprise Environment

VNC is a protocol used by a number of products for remote viewing and control of devices.  I am also including services such as X11 in this discussion.  Ultimately, this includes any remote viewing software that is not native to an application that runs persistently on the end device. Identity Access Management Software like this, ... Read More

WannaCry – Sifting Through The Hype

There has already been a number of blog posts and analysis of the WannaCry ransomware attack.  I am not going to attempt to add any detail to that.  I do find it helpful to have a consolidated list of well sourced resources. Bottom Line Rollout MS17-010 to any systems that don’t have it If you ... Read More

IaaS and the Shared Responsibility Model

  A note to vendors: Infrastructure as a Service (IaaS) != secure/compliant applications, it can, but doesn’t by default. Why are people putting their servers and applications in IaaS providers like AWS and Azure? They can get a cheap, fast and secured data center to host their servers/applications. But that doesn’t mean they get the ... Read More