Improving OSSEC Manageability, Security, and Compliance with Atomic Enterprise OSSEC

Posted on by Charles Gold

With more than 500,000 downloads per year and hundreds of thousands of active installs, OSSEC is the world’s most widely used open source host-based intrusion detection system (HIDS).  OSSEC is used by organizations in virtually every industry and geography to meet critical security and compliance requirements both on-premise and in the cloud. The open source […]

Podcast: What is OSSEC and Why People Use It

Posted on by Charles Gold

OSSEC, which is short for open source security, was founded in 2004. It is an open source project for cybersecurity and delivers the most robust endpoint detection and response (EDR) capabilities available to enterprises today. Scott Shinn, OSSEC project manager, introduced its most recent update to 3.0 at the OSSEC conference this past April. In […]

Podcast: What the Equifax Hack Tells Us About Cybersecurity

Posted on by Charles Gold

The Equifax data breach quickly arose to become one of the most notorious in history. It was large. Over 147 million people had their financial records exposed to hackers. At least as of March 2018 that was the number. It has been revised upward a number of times and there could be more. The data […]

Podcast: What is a WAF and How Are They Different from Firewalls

Posted on by Charles Gold

Web application firewalls (WAFs) have become ubiquitous in our always connected, cloud-driven world. Any device that is exposed to the internet is vulnerable and WAFs can eliminate the risk of entire classes of attacks and vulnerabilities from ever threatening system security. However, not all WAFs and configurations are created equal. Good WAFs block what you […]

Podcast: OSSEC, SIEM and Log-based Intrusion Detection Systems

Posted on by Charles Gold

Atomicorp’s CEO Mike Shinn walks through his experience with logging, SIEM and OSSEC approaches. He breaks down what is important and how the logging space has evolved over the past 20 years from a security perspective, including the introduction of security automation. Log-based Intrusion Detection System – LIDS Log-based intrusion detection (LIDS) was one of […]

Podcast: Meltdown and Spectre Vulnerabilities and Countermeasures Explained

Posted on by Charles Gold

It is not an overstatement to say that the Meltdown and Spectre vulnerabilities were a surprise to the security and microprocessor industries. Chip-level vulnerabilities this severe are rare. Part of the issue stemmed from the fact that the vulnerabilities were created by engineering choices designed to improve microprocessor speed. The engineers had simply not contemplated […]

OSSEC Con Presentation: Adding a GUI to OSSEC

Posted on by Charles Gold

One of the most common questions open source project manager Scott Shinn gets about OSSEC is: Is there a management console or GUI for OSSEC? The answer is not in a traditional sense. The command line interface is effective but does not provide log and event visualization. But the open-source security solution does allow users […]

New Video: OSSEC User Panel from OSSEC Conference 2018

Posted on by Charles Gold

  OSSEC users from around the world came together at the OSSEC Conference 2018 this past April to learn more about the open source security solution. Attendees heard experts discuss the many different ways in which OSSEC can be configured to meet any organization’s needs, from compliance to file integrity management. They also got to […]

OSSEC and PCI DSS Compliance

Posted on by Charles Gold

If you take credit cards, you need to be PCI compliant. That is why adhering to the over 250 requirements set by the Payment Credit Industry is a headache for millions of businesses worldwide. Casey Priester of Prometheus Global addressed these pain points in his presentation at the OSSEC Conference 2018. He discussed how OSSEC […]

Adding Elliptic Curve Noise Socket Crypto to Your OSSEC Deployment

Posted on by Charles Gold

Dmitry Dain, co-founder and CTO of Virgil Security recently spoke at the OSSEC Conference 2018 about using encryption. In introducing Dmitry, OSSEC project manager Scott Shinn expressed the importance of the recent contributions by Virgil to the project. Scott pointed out that it has been a goal of the OSSEC contributors to update the crypto […]