It seems like every other day; we hear about another company that has been hacked and its customers’ personal data compromised. In the wake of these incidents, it’s more important than ever for businesses to take steps to protect themselves from cyber-attacks. One way to do this is by implementing a network monitoring and security monitoring solution.

Government agencies rely on IoT and OT devices to carry out their missions and manage everything from security cameras and personal identity verification (PIV) card readers that monitor and control access to facilities and data, to environmental controls that improve comfort, safety and efficiency. Data centers couldn’t operate around the clock without tightly controlled air conditioning, electricity and other physical infrastructure, much of which relies on IoT.

This summer, we launched Investigator, Corelight’s SaaS-based network detection and response (NDR) solution that fuses rich network evidence with machine learning and other security analytics to unlock powerful threat hunting capabilities and accelerate analyst workflows. Today, we are pleased to share that the Investigator platform is engaged in attestation for GDPR to support customer threat hunting and incident response operations across Europe.

You always want to know what is attached to your network. And whether it could be vulnerable or not. In any organisation it’s normal for different devices, on- or off-prem, wired or wireless, to be constantly added or removed – and this can present an opportunity for malicious hackers to take advantage of improperly secured systems. In many cases, organizations have no idea about how many assets they have, let alone where they are all located.

Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup). Like other C2 frameworks, we studied the Manjusaka implant/server network communications in our lab environment, and here we document some of the detection methods available. We have also open-sourced the content we describe.

The ability of a cybercriminal to place themselves between you and the connection point poses the biggest security vulnerability to public WiFi. You unknowingly communicate with the cybercriminal, who then collects and passes your information to the hotspot, rather than you connecting to the hotspot directly. While there are ways to stay protected on public WiFi, it is still advisable to avoid using it.