Closeup image of a microchip

Jack Crook uses Splunk and recently the ELK stack for threat “hunting”. At Quadrant, we also use Elasticsearch in similar methods Jack describes in his blog, but I wanted to take this opportunity to see if I could mimic his work with Sagan!

Lock on top of a close up image of data chip

Quadrant Information Security announces the next release of their Sagan Technology, which will include a new Malware Detonation component.

Closeup image of circuit board

To address these two issues, we made Sagan use “memory mapped” files which allow Sagan to “remember” data between system reboots and process restarts. This also allowed for “Inter-Process Communications” (IPC) between Sagan processes.

Lock on top of a laptop keyboard

Quadrant Security SOC Q&A session with senior analyst, Steve Rawl.

CPU on circuit board

One of the biggest problems faced with log monitoring is ensuring that the proper rules are loaded.

Man in a suit writing with a pencil

For anyone tasked to ensure compliance with the 12 requirements contained in the Payment Card Industry Data Security Standard (PCI DSS), one requirement often causes unexpected difficulty, if only because of the variety of systems involved.

Tablet with stylus