Six Crucial Network Segmentation Actions

March 26, 2019 | By:

We are constantly barraged with new technologies and techniques for securing the enterprise. Every new thing we are told is crucially important, and if you don’t master all of it now, you are the next breach headline. It is intimidating to say the least. It is easy to look past the basics of securing the…


Five Thoughts on Securing Multi-Cloud Environments

March 19, 2019 | By:

As its name suggests, a multi-cloud environment is a network that utilizes the services of more than one cloud provider. There are many different ways that multi-cloud infrastructures can be designed and a primary topic of discussion is how to properly secure these environments.  No single cloud service provider has the best environment for every…


Top Six Security and Risk Management Questions

March 12, 2019 | By:

Recently, Gartner put out a report on the top 10 inquiries regarding security projects. The report is based on their analysis of over 10,200 client interactions covering relevant security and risk management topics from July 2018 through January 2019 (see the research here). Interestingly enough, Trustedsec has heard similar inquiries regarding product offerings in discussions…


SDR: Entering the Noise Floor

February 25, 2019 | By:

First, I would like to preface this article by saying that gr-limesuite and the LimeSDR drivers are updated fairly regularly. Some of the issues that I have encountered in the past have been remedied by recent updates. With that said, the information in this article should remain relevant, but the pictures may vary with subsequent…


Current Security Trends in 2019

February 07, 2019 | By:

As the information security industry continues to mature, several things have changed, but many of the fundamental issues remain—even in the face of new technologies, threats, and regulations. Understanding and responding to current trends provides the opportunity for security and risk management leaders to better improve security, increase resiliency, and support the business. With renowned…


A TrustedSec Internship

February 05, 2019 | By:

Every college student has a worry of not being able to find an internship for the summer. An internship can provide real world experience and perspective into a field that interests you, but it can be exceptionally difficult to find the right internship that will ultimately pave a path to finding a job after college….


Adventures of an RDP Honeypot – Part Three: Creation of an RDP Honeypot

February 01, 2019 | By:

Welcome to the third and final part of the blog series on the RDP honeypot that I set up. The first part took a look at RDP and how it can be better secured, while the second post analyzed what the attackers did once they got into the honeypot. In this post I’ll talk about…


Adventures of an RDP Honeypot – Part Two: Know Your Enemy

January 28, 2019 | By:

Welcome to part two of the three-part series on the Remote Desktop Protocol (RDP) honeypot I set up. In the first post, I discussed ways that RDP can be configured to be more secure (and how you should NEVER put it on the Internet). In this part, I’ll talk about what happened when my honeypot…


Adventures of an RDP Honeypot – Part One: RDP Security

January 25, 2019 | By:

Over the last several months, TrustedSec has noticed a common thread in the root cause of incidents we’ve investigated: Microsoft Remote Desktop Protocol (RDP) open to the Internet. RDP on the Internet is a very bad idea. Attackers are constantly searching for, and breaking into, systems set up in this way. Once in, they can…


Local Admin Access and Group Policy Don’t Mix

January 24, 2019 | By:

Having spent a career working with Group Policies, I thought now might be a good time to give an overview of it and I felt like doing a little writeup about Group Policies. I especially want to highlight why having admin access to clients can be really bad. It is important that everyone understands the weaknesses…