Blog

Jack Crook uses Splunk and recently the ELK stack for threat “hunting”. At Quadrant, we also use Elasticsearch in similar methods Jack describes in his blog, but I wanted to take this opportunity to see if I could mimic his work with Sagan!

Quadrant Information Security announces the next release of their Sagan Technology, which will include a new Malware Detonation component.

To address these two issues, we made Sagan use “memory mapped” files which allow Sagan to “remember” data between system reboots and process restarts. This also allowed for “Inter-Process Communications” (IPC) between Sagan processes.

Quadrant Security SOC Q&A session with senior analyst, Steve Rawl.

One of the biggest problems faced with log monitoring is ensuring that the proper rules are loaded.

For anyone tasked to ensure compliance with the 12 requirements contained in the Payment Card Industry Data Security Standard (PCI DSS), one requirement often causes unexpected difficulty, if only because of the variety of systems involved.