FBI, Security Vendors Partner to Take Down Hacker Consortium

“In addition to running the infrastructure that powered this operation that eventually netted the crooks $14 million, DNSChanger also helped revolutionize the malware world, says Andrew Brandt, malware analysis expert and director of Threat Research at forensics and network security analytics firm, Solera Networks.”

No Duqu zero-day patch yet, but Microsoft offers workaround

“Andrew Brandt, director of threat research at South Jordan, Utah-based network security analytics provider Solera Networks Inc., said it will be critical that businesses and individual users apply the patch for the kernel-level zero-day vulnerability once Microsoft releases it.”

Hackers ‘Timthumb’ Their Noses At Vulnerability To Compromise 1.2 Million Sites

“Remote shells are PHP files that, in essence, provide fairly complete remote control capabilities to anyone who knows the exact path to the PHP file on the server and navigates there with a browser,” says Andrew Brandt, director of threat research for Solera Networks.”

Solera research director spots a hybrid spear phishing attack

“Andrew Brandt, The newly-installed director of threat research with Solera Networks, has been analyzing what appears to be a hybrid spear phishing attack against a colleague and revealed the effort that goes into making these targeted attack emails look genuine.”

Applied Network Security Analysis: Introduction

“They need the network, pure and simple. Which means they will leave tracks, but only if you are looking. This is why we favor (as described in React Faster and Better) capturing the full network packet data as possible. Attackers could compromise network devices and delete log records. They could generate all sorts of meaningless traffic to confuse network behavioral analysis.”

Sleazy Ads on Android Devices Push Bogus ‘Battery Upgrade’ Warnings

“These ads cross a line,” says Andrew Brandt, director of threat research for Solera Networks. It’s one thing to market a worthless battery app, he says, but another to scare or trick people into installing a program they don’t need.”

McAfee Leads New Criteria for Next Generation IPS

“To fully understand and eradicate targeted attacks, you need complete visibility of all network traffic, its source and scope, and whether it occurred days, weeks, or months in the past,” said Steve Shillingford, President and CEO of Solera Networks. “McAfee Network Security Platform’s integration with Solera’s DeepSee™ applications delivers a seamless workflow to security analysts taking you from an alert to irrefutable evidence of the attack, breach or threat, dramatically reducing the time it takes to pinpoint compromises.”

APT Shaping SIEM

“Solera CTO Joe Levy says his firm’s technology fills a gap in SIEM by detecting unknown types of events. “The area where SIEM is most deficient is when there’s no clear indicator of compromise,” Levy says.”

Breach Forensics: Keeping Things from Going from Bad to Worse

“The infected or compromised system should then be replaced with a clean image, and whatever information can be gleaned from network security analytics should be used to determine how the system was compromised in order to “close those loopholes with patches, changes to the system configuration, and close monitoring of the state of that system for some time after it comes back online.”

Advanced persistent threats call for a reality check

“The attacks could be there for a while, festering away, leaking out what could appear to be seemingly innocent or irrelevant data,” Hall told me. “If an organization has decided to not capture some network traffic data because they didn’t think it was needed, they could find that they have no idea how they arrived at the point of being breached. Worse yet, they may be unable to detect that they have been breached at all.”