Densu Laboratories

What is SIEM?

Learn what SIEM is and why it’s useful for your organization.

If you’ve taken a dip into cybersecurity, you’ve likely heard of SIEM — often pronounced “sim.” SIEM stands for Security Information and Event Management; SIEM solutions collect data that help IT admins analyze their system’s behavior. This can include things like:

Suspicious events, like unusual login location or time
Network activity
Data from servers, firewalls, computers, applications, and so on

SIEMs digest this data and make it easier for IT and Security teams to understand and work with. This could include dashboards, charts, graphs, and more. SIEMs also notify admins when something looks amiss, helping them stay up to date with the condition of their systems and act quickly if need be.

Why is SIEM important?

The information gathered by an SIEM solution is valuable for IT and Security teams because it helps them understand what is going on with their infrastructure. It’s beneficial in the event of a cyber attack, as this data can help them determine the timeline and method of the attack, as well as the affected systems. Data from one part of their infrastructure can be correlated with others, giving admins a more thorough picture of the attack.
Understanding what happens when your organization is attacked isn’t just a “nice-to-have” feature — keeping your information secure is crucial. Attacks show where your systems are vulnerable, and the data processed by SIEMs can help inform how you reinforce your security posture.

Data processing

SIEMs act as a central place for data collection, storage, and analysis — meaning less work for IT and Security teams that need to understand the data. Suppose your organization’s CISO or other executive needs a security report. In that case, SIEMs make it easy to pull the necessary data and present it in a digestible form, whether for a technical or non-technical audience.
SIEMs use machine-based sorting to classify telemetry data. When the SIEM detects potential threats and/or vulnerabilities, it categorizes them based on their severity and impact. This way, IT and Security teams can prioritize their response according to the potential consequences of the event.

Threat detection and incident response

When SIEMs leverage machine learning, they can be a powerful tool to spot advanced threats — including those that the cybersecurity community hasn’t discovered. Since SIEMs are a centralized data processor, they can correlate events in separate parts of your system. This contributes to SIEMs’ ability to interpret suspicious activity; this activity may seem relatively innocent on its own, but when associated with other events, the data starts to show indicators of malicious activity.

Compliance

SIEMs are a great tool to determine your devices’ compliance status. They can create reports for use in a compliance audit, for regulations like:

HIPAA: The US Health Insurance Portability and Accountability Act protects medical records and other personal health information.
PCI DSS: The Payment Card Industry Data Security Standards protect data related to credit card use.
GDPR: The EU General Data Protect Regulation governs how personal data is handled, giving users more control over their personal information.
SOX: The US Sarbanes-Oxley Act mandates how to handle financial information.
FERPA: The US Family Educational Rights and Privacy Act governs how student information can be accessed.

SIEMs and Mobile Device Management

Notifications and alerts from SIEMs tell admins when to take action. Remediating issues doesn’t happen within the SIEM — that’s where Mobile Device Management (MDM) comes in.
Organizations can integrate their SIEMs and MDM systems to correlate inventory data and respond to incidents. For instance, say your SIEM identifies a device with a vulnerable software version. With this data, your MDM can take action and update the software to help restore the device’s compliance status. MDMs also offer SIEMs rich inventory data that can be correlated with other events.

February 26, 2025 by Brian Network Security 0

6 Ways to avoid a Punycode attack

Photo by Arsyad Basyarudin on Unsplash

Research shows a new phishing site is created every 20 seconds and they are usually only live for four hours before hackers take them down and move on to create another deceiving domain. A clever way to cover their tracks and evade detection.

Be cautious if the site presses you to do something quickly. This is a classic strategy by hackers to rush their potential victims so that they are less likely to notice anything suspicious. Often they will offer a “limited time only” deal, and make it difficult to exit the page with ‘are you sure you want to exit’ pop-ups: these are all tactics to make you stay on their site longer and give them your details.
If you are being offered a deal, go to the original company site and check if it’s available there as well, if not it’s most likely a scam doing its best to mimic the established brand and trick visitors into handing over their details.
If some of the letters in the address bar look weird, or the website design looks different, rewrite it or visit the original company URL in a new tab to compare. The letters in the address bar looking strange is a key indicator that punycode is being used to trick you into thinking you are visiting a well-established brand site when in fact you are being taken to a malicious site.
Use a password manager; this reduces the risk of pasting passwords into dodgy sites.
Force your browser to display Punycode names, this option is available in Firefox.
Click on the padlock to view and inspect the HTTPS certificate.

February 5, 2025 by Brian Cyber Security 0

What is Punycode?

Photo by Mika Baumeister on Unsplash

Punycode
noun
Unicode that converts words that cannot be written in ASCII, like the Greek word for thank you ‘ευχαριστώ’ into an ASCII encoding, like ‘xn--mxahn5algcq2e’ for use as domain names.
What does this actually mean?!

Writing with numbers

As with all things computers, it all boils down to numbers. Every letter, character, or emoji we type has a unique binary number associated with it so that our computers can process them. ASCII, a character encoding standard, uses 7 bits to code up to 127 characters, enough to code the Alphabet in upper and lower case, numbers 0-9 and some additional special characters. Where ASCII falls down is that it does not support languages such as Greek, Hebrew, and Arabic for example, this is where Unicode comes in; it uses 32 bits to code up to 2,147,483,647 characters! Unicode gives us enough options to support any language and even our ever-growing collection of emojis.

So where does Punycode come in?

Punycode is a way of converting words that cannot be written in ASCII, into a Unicode ASCII encoding. Why would you want to do this? The global Domain Name System (DNS), the naming system for any resource connected to the internet, is limited to ASCII characters. With punycode, you can include non-ASCII characters within a domain name by creating “bootstring” encoding of Unicode as part of a complicated encoding process.

January 28, 2025 by Brian Cyber Security 0

Why Do You Need an Incident Response Plan?

Photo by Glenn Carstens-Peters on Unsplash

Not long ago, many organizations thought that security incidents only affected others. However, the recent surge of cyber attacks targeting infrastructure used by thousands of organizations has revealed the vulnerabilities in information security practices. The consequences of a successful cyber attack can vary significantly, ranging from minor disruptions in business operations to severe financial and legal repercussions. Therefore, when incidents occur, it’s crucial to understand who is responsible for what. Having an effective incident response plan is essential to keep your actions organized and minimize operational risks.

An Incident Response Plan (IRP) is essential for organizations to effectively manage and mitigate security incidents. Here’s why having one is crucial:

1. Minimizes Damage and Downtime

A well-prepared IRP allows for quick containment and resolution of security breaches, reducing operational disruptions and financial losses.

2. Ensures Regulatory Compliance

Many industries, such as healthcare (HIPAA), finance (PCI-DSS), and government (NIST, GDPR), require an incident response plan to meet legal and regulatory obligations.

3. Protects Sensitive Data

A structured response helps prevent data breaches, reducing the risk of exposure for confidential business or customer information.

4. Enhances Incident Detection and Response

Clear guidelines help security teams quickly identify, analyze, and respond to threats before they escalate.

5. Reduces Financial and Reputational Impact

Cyber incidents can be costly, both in direct financial terms (fines, legal fees) and reputation loss. An IRP helps minimize these risks.

6. Facilitates Coordination and Communication

Provides a clear framework for internal teams and external stakeholders (law enforcement, customers, vendors) to follow during an incident.

7. Improves Post-Incident Learning

An IRP includes post-incident analysis to understand what happened, improve defenses, and prevent future occurrences.

8. Mitigates Legal Risks

A documented and well-executed response plan can demonstrate due diligence, potentially reducing liability in case of legal action.

January 9, 2025 by Brian Cyber Security 0

What is PGP Encryption?

Photo by Zan on Unsplash

PGP encryption (Pretty Good Encryption) is a data encryption program used to authenticate and provide cryptographic privacy for data transfers.

PGP encryption is used to secure all forms of data and digital transmissions. It’s capable of encrypting and decrypting:

Text messages

Emails

Computer files

Disk partitions

PGP is a quick-to-implement and cost-effective encryption method.

What’s the Difference Between PGP and OpenPGP

PGP was originally created to protect files posted on Bulletin Board Systems (BBS). This computerized messaging system allowed users to post messages onto a public message board using a dial-up modem. Bulletin Board Systems were used until the mid-nineties. The retirement of this technology led to PGP being sold multiple times before it was finally acquired by Symantec in 2010. OpenPGP (also known as Open-source PGP, was created by one of the PGP’s inventors, Phil Zimmerman, to overcome the patent restrictions preventing PGP’s liberal use. OpenPGP Standard is now the Internet Engineering Task Force (IETF) approved standard that permits any company to develop and sell PGP-compatible products. GoAnywhere Open is an example of one such solution that offers PGP encryption free of charge. GnuPG is a variant of OpenPGP. It’s also free, but its algorithm differs slightly from PGP. The downside to using this encryption standard over the Symantec-owned PGP is that it doesn’t come with technical support – the bane of all open-source software.

Benefits of PGP Encryption

PGP’s current popularity is due to its original availability as freeware and its long history – originally created in 1990. It’s now the standard form of encryption in finance, healthcare, technology, and other highly regulated industries.

PGP encryption offers the following security benefits:

Reduces the risk of data loss prevention.

Prevents information from being modified during the transfer.

Protects sensitive information from unauthorized access.

Allows the secure sharing of information with multiple parties.

Verifies the authenticity of email senders.

Prevents the recovery of deleted sensitive data.

Ensures email communications are not intercepted.

Protects emails from malicious compromise.

Very blunt learning curve – no training is required to achieve PGP encryption proficiency.

How Does PGP Encryption Work?

To secure sensitive data, PGP combines data compression, password hashing, symmetric-key cryptography, and public-key cryptography.

This feature list is a combination of two file encryption types:

Symmetric key encryption

Public-key encryption

The encryption algorithm can protect data in transit and at rest – especially when coupled with a threat detection solution. PGP assigns users at each end of the communication trajectory with randomly generated public and private keys. For sent messages to be successfully decrypted, they must be authenticated with specific private keys that only intended recipients will have.

The end-to-end process of PGP email security is described below:

Sender A requests to send Recipient B a secure email.

Recipient B generates a random PGP public key and private key.

Recipient B keeps the private key and transmits the public key to Sender A.

Sender A uses the recipient’s public key to encrypt the message before sending it.

Recipient B receives the encrypted message and decrypts it with its retained private key.

Recipient B reads the message.

This process prevents anyone without the correct key pair from decrypting intercepted messages.

December 29, 2024 by Brian Cryptography 0

What is the Red Team?

Photo by Shamin Haky on Unsplash

The world has reached a point where you can’t live without technology. Technology to communicate, to travel, to escape unbearable weather, to have clean water, to ease up the digging of earth, to increase up the flames of fire, to have a cleansed and cool air, and so much more. Wherever you go, you’ll always find technology around you spread around like air. You complete most of the tasks using technology like shopping, selling, calling, messaging, listening to music, watching a movie, capturing a photograph, and the list goes on. Since the world runs on the effect of cause and causality, this digital and technical world has cons too. The flaws and vulnerabilities in technology become the cons in this world. These vulnerabilities are the reasons you fall victim to cyber crimes. The bigger reason for you to fall victim to cyber crimes is cyber criminals. This issue present in the world brings up the term “Red Team”.

Let’s discuss it. The first question that arises is, “What is Red Team?”.

“Red Team” is basically a term that focuses on the security of a system regardless of whether it is for an individual or an organization itself. “Red Team” is a military term that is given to a team of experts that specialize and prioritize in the penetration testing, assessment, and designing of secure systems. Red Teaming is a process that follows steps to detect vulnerabilities in a system or a network and exploit those vulnerabilities by stepping into the shoes of an attacker just to get to know how can an attacker exploit those vulnerabilities and intrude the system. Following the path of an attacker is an important step in red teaming because, by this step only, a designer can get to know how can an attacker intrude into a system and what steps will be necessary to prevent that intrusion.

There’s a lot of stuff across the world regarding cybersecurity. The question that is often asked is “Why is Red Team necessary?”.

Cyber threats have been spread all across the world causing trouble and harm to a huge population. There have been a lot of cyber attacks in the past that has cost a great loss of either money or life. There were attacks in past, there will be in the future. That’s how the world works. Therefore, it is necessary to take steps to prevent the attacks that are hovering above us. Red Teaming is necessary because of the way this process works. Security policies, efficient configuration, secure system and network designs, security patches applied, removal of vulnerabilities, and so much more layers are added into a system to make it secure and prevent it from being attacked. A thorough red teaming process will include testing of a system, a network and all the networking devices used in a system.

A lot of words but one thing in conclusion. Red Teaming is basically an overall process where all the steps are taken that are necessary to provide security.

December 15, 2024 by Brian Cyber Security 0

How Penetration Testing Tools Can IT Support Engineers

Photo by Christina @ wocintechchat.com on Unsplash

Nmap

Nmap, short for Network Mapper, is a reconnaissance tool that is widely used by ethical hackers to gather information about a target system. This information is key to deciding the proceeding steps to attack the target system. Nmap is cross-platform and works on Mac, Linux, and Windows. It has gained immense popularity in the hacking community due to its ease of use and powerful searching and scanning abilities.

Using Nmap you can:

Audit device security
Detect open ports on remote hosts
Network mapping and enumeration
Find vulnerabilities inside any network
Launch massive DNS queries against domains and subdomains

Wireshark

Wireshark is free open-source software that allows you to analyze network traffic in real-time. Thanks to its sniffing technology, Wireshark is widely known for its ability to detect security problems in any network, as well as for its effectiveness in solving general networking problems. While sniffing the network, you’re able to intercept and read results in a human-readable format, which makes it easier to identify potential problems (such as low latency), threats and vulnerabilities.

Main features:

Saves analysis for offline inspection
Packet browser
Powerful GUI
Rich VoIP analysis
Inspects and decompresses gzip files
Reads other capture file-formats including Sniffer Pro, Tcpdump, Microsoft network monitor, Cisco Secure IDS IP log, etc.
Exports results to XML, PostScript, CSV, or plain text

Wireshark supports up to 2000 different network protocols, and is available on all major operating systems including:

Linux
Windows
Mac OS X

Wapiti

Wapiti is a free open-source command-line based vulnerability scanner written in Python. While it’s not the most popular ethical hacking tool in this field, it does a good job of finding security flaws in many web applications. Using Wapiti can help you to discover security holes including:

XSS attacks
SQL injections
XPath injections
XXE injections
CRLF injections
Server-side request forgery

November 15, 2024 by Brian Career Building 0

What are Best Practices for Data Security?

Photo by Dayne Topkin on Unsplash

Data security relies on defense-in-depth, so there are many parts to a best-in-class data security program. But what is sufficient in one industry may be criminally negligent in another.

Best practices should be adopted to achieve the industry’s minimal expected data security level.

1. Data Governance

Data governance is data management 101. Information is grouped into different buckets based on its sensitivity and legal requirements. To limit the risk of data exposure from leaked credentials, users should only have access to the least amount of data they need to do their job.

2. Secure Privileged Access Management

Secure Privileged Access Management (PAM) is integral to a data security strategy. PAM empowers organizations to control the permissions of all users so that sensitive data and intellectual property documentation are only accessible by those that absolutely require it. With a secure PAM strategy, cybercriminals will have difficulty accessing all sensitive data types if they breach an IT boundary. This is especially an important security control for highly regulated industries like healthcare.

3. Encryption

Encryption can protect against man-in-the-middle attacks and make it harder for potential attackers to gain unauthorized access to stored or in transit information. Never store sensitive data in plain text and avoid providing login credentials to websites that lack SSL certificates.

4. Education

Teach staff how to recognize common cyber threats to transform them into human firewalls Some of the most popular cyber threats staff should be aware of include: Phishing attacks, Email spoofing, Domain hijacking, Ransomware attacks, and Different forms of malware attacks, Social engineering attacks.

Besides cyberattacks, staff should also be trained in best cybersecurity practices such as avoiding public Wi-Fi networks and the basics of OPSEC and network security. The complexity of cyberattacks is rapidly rising, so it’s no longer acceptable to solely rely on antivirus programs to prevent malicious code injection. Cybersecurity train needs to become a standard inclusion in staff onboarding programs.

5. Data Security Testing

Test your organization’s data security by sending fake spearphishing campaigns and dropping USB traps around the office. Understand that it is easier to prevent data breaches than rely on digital forensics and IP attribution to understand what happened once a data breach has occurred. Once exposed, data can easily end up for sale on the dark web; many of the biggest data breaches end up there.

6. Incident Response Plan

When your security is compromised, the last thing your organization and your customers need is panic. An incident response plan can limit the amount of data exposed and outline clear next steps to recover lost data or close the attack vector.

7. Regular Data Backups

Ransomware attacks targeting data centers on-premises or accidental deletion devastated business continuity, but this can be avoided with regular backups and a Data Loss Prevention (DLP) program.

8. Secure Deletion

Avoid hoarding data no longer in use, including physical data like folders or paper documents. That said, comply with industry guidelines or regulations that dictate how long you must store data.

9. Third-Party and Fourth-Party Vendor Monitoring

Data breaches are often caused by poor security practices at third-party vendors; you need to monitor and rate your vendors’ security performance. An ideal solution should include a real-time automation component to security posture lapses to ensure that attack surface disturbances are rapidly addressed. According to the latest data breach report by IBM and the Ponemon Institute, automation controls could reduce data breach costs by up to 80%.

10. Accidental Data Exposures and Leaked Credentials Monitoring

Data isn’t always exposed on purpose; this is why it pays to continuously monitor your business for accidental data exposures and leaked credentials.

November 5, 2024 by Brian Privacy 0

How to Store Data Securely on a USB Flash Drive

Photo by Lc on Unsplash

It is strongly advised that you avoid storing confidential information on a USB flash drive and choose more secure storage devices to ensure the safety of your data. The compact size of USB flash drives makes them convenient to carry but also increases the chances of losing or stealing them. This vulnerability poses a severe threat of data loss, leaks, and breaches, which can result in significant financial loss and damage to the reputation of organizations.

Using a flash drive, follow these 7 tips to secure your data.

Buy an Encrypted USB.

Encryption secures sensitive data by making it accessible only to those with a decryption key. When purchasing a flash drive, opt for a military-grade one with 256-bit AES hardware encryption, the most robust algorithm.

Other features to look for in an encrypted USB flash drive include:

Tamper-proof protection
Anti-virus scanning
Brute-force protection
Password protection
TAA Compliance
Remote management capabilities
FIPS 140-2 Certification (Level 3)
Compliance with industry security standards, such as HIPAA, SOX, and GLBA.

2. Use USB Encryption Software.

Microsoft Windows users can use BitLocker to encrypt their flash drives instead of buying an encrypted flashdrive. Note that encryption hardware provides better security than software.

Microsoft’s instructions for enabling BitLocker are available below:

View instructions for enabling BitLocker in Windows 10
View instructions for enabling BitLocker in Windows 11‍

3. Have a Backup

You may only recover the stored data if your flash drive is recovered, stolen, or damaged. Even if a lost or stolen flash drive is returned, you shouldn’t use it again as it could potentially have ransomware or another type of malware installed. The best assurance of recovering the data on your flash drive is to have a backup of all files saved in another storage location, such as cloud storage.

4. Delete Data After Use.

After you have saved, edited, and transferred your data from a USB stick, it is recommended that you delete it immediately. You should then remove the flash drive from the USB port and store it securely to prevent any possibility of losing it or having it stolen.

5. Install Anti-Virus Protection

With different types of malware emerging daily, keeping your software up-to-date is crucial. Use antivirus software that offers malware protection across all endpoints, including hard drives, USB devices, and SD cards – one can infect all.

6. Keep Software Up to Date

Zero-day exploits take advantage of unpatched software vulnerabilities – a common attack vector that can have devastating consequences. Cybercriminals can easily access, edit, and steal data from vulnerable systems and devices, including USB storage. Installing software updates as soon as possible prevents cybercriminals from taking advantage of these vulnerabilities. Most operating systems, including Microsoft Windows, Mac OS / Apple iOS, and Linux, offer auto-updates to ensure you remain protected.

7. Use Alternative Storage Methods

Flash drives, there are better answers than not to take your data security seriously. Even the most secure USB drives differ from modern data storage methods, like cloud storage. Cloud services offer many innovative security features, such as the Secure Access Service Edge (SASE). SASE is a cloud security model that leverages firewalls, cloud access service brokers (CASBs), secure web gateways (SWG), and zero-trust network access (ZTNA). Cloud security mechanisms include Cloud Security Posture Management and Cloud Infrastructure Entitlement Management (CIEM).

Despite their strong security capabilities, like all third-party vendors, cloud services carry third-party risks and other risks specific to their functionality. Organizations and individuals must conduct due diligence to ensure their cloud providers are following appropriate data security requirements.

October 18, 2024 by Brian Privacy 0

Why All Non-Profit’s Should Undergo Penetration Testing

Photo by KeepCoding on Unsplash

While the number of organizations that have suffered a cyber attack goes up, the clock for when it’s your turn is ticking down. In fact, it’s likely that your clock has already run out, you just haven’t noticed it yet.

As each day passes, hacking is becoming a more automated process, allowing unskilled computer users to become successful cyber criminals. The effort required to download hacking software and get it up and running is worryingly low.

An effective form of defense against these automated cyber attacks is regular penetration testing. An organization that conducts regular penetration tests stands a much larger chance of blocking cyber attacks due to their knowledge of vulnerabilities.

Uncover Hidden System Vulnerabilities Before the Criminals Do

The most surefire way to measure your security level is by studying how it can be hacked. A penetration test offers an ability to safely test your system’s resistance to external hacking attempts. It models the actions of a potential intruder by trying to exploit the vulnerabilities caused by code mistakes, software bugs, insecure settings, service configuration errors and/or operational weaknesses.

The major difference between a penetration test and a real hacking experience rests in its safe and controlled manner. It simulates a real attack scenario and exploits the vulnerabilities only to showcase the potential harm of a malicious hacking attempt. Moreover, the client company can pre-define the scope and timing of a penetration test and is informed beforehand about any active exploitation of vulnerabilities in its IT infrastructure.

Organizations usually conduct penetration tests right after the deployment of new infrastructure and applications or after the introduction of major changes to their infrastructure (e.g. changes in firewall rules, firmware updates, patches and software upgrades). This service can help them identify and validate potential security loopholes in their IT systems before cyber criminals can make use of them and successfully bring new products to the market.

Preserve Non-Profits Image and Customer Loyalty

Security attacks may compromise your sensitive data, which leads to the loss of trusted customers and serious reputational damages. Penetration testing can help you avoid costly security breaches that put your organization’s reputation and customers’ loyalty at stake. Moreover, a pen test may grow in time and complexity if the system requires an additional scope. It may be also conducted in combination with vulnerability scanning to provide even more meaningful insights on vulnerabilities and potential breach points in your IT infrastructure.

Hacking has now become an automated process

Hacking tools have grown in popularity and a catalogue of exploitable vulnerabilities is readily available online. Such tools permit even novice hackers to gain access to complex exploits for opportunistic attacks.

COMPLY WITH SECURITY REGULATIONS

Pen testing will help protect your assets from potential hackers and keep you safe online. Regular pen tests follow standards such as PCI, HIPAA and ISO 27001. Following these standards will help you avoid fines. Moreover, it is advisable to stage regular penetration tests and security audits by taking the services, professional security analysts.

October 15, 2024 by Brian Cyber Security 0