Blog Articles - Blue Core Research

Enter a query to search using AI. You can explain what you’re looking for or copy paragraphs relevant to your search:

Latest posts:

The Enemy Within: Why the “Trusted” Can Be Your Biggest Nightmare

Insider threats are a significant portion of the threat landscape, yet frequently ignored. Discover the risks and why protecting the data itself is the only true defense.

As security professionals, we are wired to look outward. The flashing red lights, the ominous port scans, the whispers of sophisticated APTs – these are the narratives that grab our attention. We build digital fortresses, moats of firewalls, and sentry towers of intrusion detection systems, all pointing toward a faceless external adversary. And why wouldn’t…
Read more
Database Security: From Threats to Solutions

Get up-to-date on real database threats and how to combat them. To fight back, you must know how attackers get your data. Discover current best practices that address these threats and test yourself to see if your defenses will hold.

Why is Database Security So Critical? A serious data breach means someone got into your database and stole data. Databases are the gatekeepers of your data, and anyone who wants to get it must get it from the database. While you should protect all infrastructure components, none is more important than the database. Regardless of…
Read more
Beyond the Black Box: Your database security matters more than you think

Databases often seem like black boxes – complex, obscure, and presumably secured. But that is a false assumption. Failing to pay attention to database security leaves you dangerously vulnerable and far more exposed than you realize.

Let’s be honest. For many outside the dedicated database teams, those servers humming away in the data center feel like mysterious black boxes. They hold critical information, the lifeblood of your organization, yet their inner workings often remain shrouded in inexplicable technical jargon. This lack of visibility can breed a dangerous assumption: a belief that…
Read more
Beyond the Application Walls: Why database security demands your belief and action

Relying solely on application security leaves you dangerously vulnerable. Learn why database security is equally important, if not more so. From insider threats and credential theft, attackers often skip the application and go straight for your data. Only a robust database defense can stop them.

We, as security professionals, operate in a realm of logic, risk assessment, and proactive defense. We preach the layered security model, the principle of least privilege, and the importance of defense in depth. Yet, there’s a persistent, almost baffling, undercurrent in our field: the belief that application-level security is the ultimate bastion, a shield sufficient…
Read more
PCI-DSS in SQL Server and Oracle Databases

Discover best practices, methodologies, and solutions to help you comply with PCI-DSS and protect credit card information.

Introduction PCI-DSS is a security standard published by credit card companies (PCI is the Payment Card Industry, and DSS stands for Data Security Standard). It is a mandatory requirement for anyone processing credit cards. PCI-DSS version 4.0.1 is an almost 400-page document, so this article isn’t replacing it. But we help translate PCI-DSS to practical…
Read more
Reactive Forensics and Auditing: Follow Sherlock Holmes

Learn about reactive forensics, the evidence you need, and how to prepare so that when the time comes, everything works.

A reactive forensic investigation is the IT equivalent of a detective analyzing a crime scene. Just as Sherlock Holmes reconstructed the events of a crime through clues, traces, and deductive methods, reactive forensics seeks to answer essential questions like who did it, when, how, etc.? Basically – what happened? Evidence Collection Holmes analyzes every detail…
Read more
What is the Difference Between Auditing and Monitoring?

What is the meaning of the two terms, what are the differences, what other meanings exist, and why is there confusion?

When people hear auditing and monitoring, they can easily assume they refer to the same thing. After all, both involve keeping an eye on IT systems, right? While both terms have multiple meanings, without qualifiers, they relate to functions that serve different purposes and leverage unrelated tools and technologies. Understanding these differences is fundamental to…
Read more
How to audit an Oracle database?

Learn about the different technology options for auditing Oracle and how to gain value from the data you collect.

Introduction Oracle auditing is a large, complex, and confusing subject with many technology options. We aim to demystify those and help you make educated technology choices, guiding you to a solution that works for you. From capturing data to getting value from it and from a DIY to high-end solutions, let’s explore Oracle auditing. Capture…
Read more
How to audit a SQL Server database?

Learn about the different technology options for auditing SQL Server and how to gain value from the data you collect.

Introduction SQL Server auditing is a large and complex subject with many technology options. We aim to demystify those and help you make educated technology choices, guiding you to a solution that works for you. From capturing data to getting value from it and from a DIY to high-end solutions, let’s explore the world of…
Read more
Choosing the Data Masking Solution that’s Right for You

Learn about data masking, and what to look for when buying a solution.

Introduction In today’s data-driven world, privacy and security are more crucial than ever before. Data masking solutions help protect personal, financial, and business-critical information. Selecting the right solution is essential to a successful masking project and effective protection of your sensitive information. Misleading Terminology Many vendors use terms like Anonymization, Pseudonymization, Tokenization, Hashing, Encryption, Reduction,…
Read more
Database Auditing & IDS: A Comprehensive Guide to Data Protection

Learn why database auditing & IDS is important, How to combat attacks and breaches, Tools & Technologies, Best practices, and much more.

Introduction Modern businesses run on data. From customer data to financial information and beyond, databases store plenty of sensitive information. This data enables company operations and drives decision-making. However, this reliance on data exposes organizations to significant risks. Cyberattacks and data breaches can compromise sensitive information, leading to financial loss, regulatory penalties, lawsuits, and irreparable…
Read more
Budgeting for a secure future: Optimize yours for 2025

As we move into 2025, the digital landscape continues to evolve, bringing with it opportunities and risks. Cyber threats are sophisticated and targets businesses of all sizes. For organizations, a cybersecurity strategy is no longer a luxury; it is a basic necessity.

Cybersecurity Underinvestment Data breaches are at an all-time high. Different studies show different figures about which countries are most under attack, but it’s pretty obvious that nowhere is safe. It seems as though the whole world is under attack and there are many successful data breaches. At the same time, investment in cybersecurity is insufficient…
Read more
Data Masking Performance

Everything you need to know about data masking performance – a crucial element when purchasing and implementing a masking solution.

Significance Data masking is not a daily task, so why is performance a vital subject to consider? While it’s of minor significance whether a data masking process takes 5 seconds or 5 minutes, it’s critical if it takes five days or will never finish. Impossibly long run times are not unusual and render the product…
Read more
From a hacker’s perspective

This comic book illustrates a realistic and common attack scenario. It’s common because it works. How could you defend against this type of attack?

Attack Detail & Analysis Below we’ll explain the types of attacks used in the comics, provide statistics about their prevalence, and discuss possible defensive measures. This attack and successful breach required a combination of several steps. That’s how all breaches are. While it may not be possible to stop them all the steps, you should…
Read more
Email Security: Risks & Effectiveness

A massive recent phishing campaign exposed a critical vulnerability in Proofpoint, a cloud-based email security provider. The incident raises important questions about supply chain attacks, the effectiveness of email security, and the need for layered defenses.

What Happened? Hackers found an exploit in organizations that use Office 365 and Proofpoint. The exploit allowed the hackers to send authenticated emails with digital signatures identical to emails sent by those organizations. The list of exploited organizations includes Disney, Coca-Cola, IBM, Nike, Best Buy, and many others. Using this exploit, hackers sent over at…
Read more
Potential Risks in Endpoint Security

The recent worldwide outages due to a CrowdStrike update raised the unavoidable question: Do the benefits of endpoint security outweigh the risks, and what are the alternatives?

What Happened As we’ve seen, a bug in a CrowdStrike update caused worldwide havoc. Approximately 8 million Windows computers crashed at many companies, from airlines to broadcast news to hospitals. Desperate users took to forums, some entire organizations ground to a halt, and some problems persisted for days and longer. While CrowdStrike was able to…
Read more
Story of a Cyberattack

How can a day with the potential to be the worst in your career turn out positive or even pretty good? This fictional story describes realistic events from a day of a breach when things happened right. See what it takes to make it happen.

The Attack Begins The blip of a new email flashed on Cora’s screen. It was yet another alert from Core Audit, and it wasn’t the first one of the day. But a quick glance at the SQLs and adrenaline jolted her awake. It felt like caffeine was pumping directly into her brain. That is not…
Read more
Risk/Control Matrix Using Overlapping Controls

Overlapping serial defenses can significantly reduce the chance of a successful attack. That’s a critical step to avoid a data breach.

We previously discussed data-centric security and the need for airtight defenses. Using IDS and IPS is a first step in that direction, but let’s take things further by creating overlapping controls that will tighten security much more. The risk-control matrix is at the core of security planning. The matrix maps our risks to the controls…
Read more
IDS & IPS – Toward Airtight Security

Combining IPS and IDS significantly reduces false negatives. That’s the key to better security since false negatives are how we get breached.

We previously discussed data-centric defenses as the critical last line of defense. As such, one of our requirements is to try and make it as airtight as possible. That’s not a minor or trivial requirement. In this article, we’ll discuss how we can get there. There are two concepts we’ll need to discuss: False negatives…
Read more
Data-centric security – Designing modern security

Balancing security isn’t simple. How can you identify the areas that require attention and invest the “right amount” of resources?

We often think of cybersecurity as made up of silos. There’s network security, training, physical security, email security, etc. Each silo usually includes multiple solutions. For example, network security includes firewalls, routers, VLANs, and similar measures that are not necessarily directly related. The problem with any issue comprised of many unrelated components is that it’s…
Read more