Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers. Malicious network traffic from foreign IPs was observed trying to establish communication to a compromised internal system.

The main difference between intrusion detection systems (IDS) and intrusion prevention systems (IPS) is that IDS are monitoring systems and IPS are control systems. IDS won't alter network traffic while IPS prevents packets from delivering based on the contents of the packet, similar to how a firewall prevents traffic by IP address.

Big data is revolutionizing fleet management — specifically in the form of telematics. From engine diagnostics that track fuel efficiency and mileage to sensors that detect aggressive driving behavior and interior vehicle activity, this information is so valuable that we’re quickly approaching the point where connected technology will come standard in every vehicle. Telematics is an operational goldmine.

As cybercriminals continue to use the novel coronavirus pandemic to launch cybercrime scams and cyber attacks on teleworking applications, virtual private networks (VPN), and other technologies associated with remote work, many organizations find themselves in crisis mode, as well. Your enterprise may be scrambling daily to protect your sensitive data, reduce the likelihood of data breach, and guard against malware and ransomware attacks as well as other cyber threats.

We are entering a very different business world at the moment, one which has been thrust upon most of us far quicker than we planned for and will by all accounts last a lot longer than many of us think.

Working remotely, either from home or from elsewhere, isn’t something new. It has been used by many companies worldwide over the past decade. That said, it was typically restricted to only a couple days a month or to specific IT-savvy departments. But as we have seen throughout time, adversity and crisis lead to change and sometimes revolutions in industry, social systems, countries and/or sometimes the entire world. COVID-19 has brought about this level of change.

Only the truly committed ever reach the summit of anything. This sentiment holds true for vulnerability management. An organization cannot reach the summit without a serious commitment to fund and staff the program appropriately across the organization. Reaching ML:5 means tying the program to the business. Everyone must be aligned with the metrics and be ready to find the root cause of any misses so that mitigations can be implemented to alleviate this miss in the future.

Beginning this month, Reciprocity will highlight companies that have earned compliance certifications for information security frameworks. Here’s our May 2020 roundup of compliance news from around the United States, and around the world.