Blog Articles - Blue Core Research

Enter a query to search using AI. You can explain what you’re looking for or copy paragraphs relevant to your search:

Latest posts:

Potential Risks in Endpoint Security

The recent worldwide outages due to a CrowdStrike update raised the unavoidable question: Do the benefits of endpoint security outweigh the risks, and what are the alternatives?

What Happened As we’ve seen, a bug in a CrowdStrike update caused worldwide havoc. Approximately 8 million Windows computers crashed at many companies, from airlines to broadcast news to hospitals. Desperate users took to forums, some entire organizations ground to a halt, and some problems persisted for days and longer. While CrowdStrike was able to…
Read more
Story of a Cyberattack

How can a day with the potential to be the worst in your career turn out positive or even pretty good? This fictional story describes realistic events from a day of a breach when things happened right. See what it takes to make it happen.

The Attack Begins The blip of a new email flashed on Cora’s screen. It was yet another alert from Core Audit, and it wasn’t the first one of the day. But a quick glance at the SQLs and adrenaline jolted her awake. It felt like caffeine was pumping directly into her brain. That is not…
Read more
Risk/Control Matrix Using Overlapping Controls

Overlapping serial defenses can significantly reduce the chance of a successful attack. That’s a critical step to avoid a data breach.

We previously discussed data-centric security and the need for airtight defenses. Using IDS and IPS is a first step in that direction, but let’s take things further by creating overlapping controls that will tighten security much more. The risk-control matrix is at the core of security planning. The matrix maps our risks to the controls…
Read more
IDS & IPS – Toward Airtight Security

Combining IPS and IDS significantly reduces false negatives. That’s the key to better security since false negatives are how we get breached.

We previously discussed data-centric defenses as the critical last line of defense. As such, one of our requirements is to try and make it as airtight as possible. That’s not a minor or trivial requirement. In this article, we’ll discuss how we can get there. There are two concepts we’ll need to discuss: False negatives…
Read more
Data-centric security – Designing modern security

Balancing security isn’t simple. How can you identify the areas that require attention and invest the “right amount” of resources?

We often think of cybersecurity as made up of silos. There’s network security, training, physical security, email security, etc. Each silo usually includes multiple solutions. For example, network security includes firewalls, routers, VLANs, and similar measures that are not necessarily directly related. The problem with any issue comprised of many unrelated components is that it’s…
Read more
Common Data Masking Questions: What people ask, and you should know

Do you copy data out of production? Static data masking is a simple, easy, and effective way to protect it and prevent a breach.

1. Why mask? Because we can’t protect the data outside of production: Imagine copying customer data for testing. How could you protect it after copying it? Without data masking, you will expose all names, addresses, phone numbers, emails, financial information, and more. Static masking replaces these values with good fakes so you can test without jeopardizing…
Read more
Database Visibility:

What Everyone Is Missing

Recent polls of cybersecurity professionals show most respondents (82%) have partial or no visibility into their databases and need it. Few said they have good visibility (7%) or don’t need it (11%). The surveys were conducted in various LinkedIn groups in English and Spanish, asking: “Do you have visibility into what’s happening within your database?”.…
Read more
Anomaly Analysis

How can you control activity in busy systems like databases? How will you know there’s a malicious SQL inside billions of those? Read to learn more.

Anomaly analysis uses behavioral analysis, helping you save time while expanding your control to vast activity volumes. These capabilities are made possible by the unique security repository technology in Core Audit. The anomaly analysis engine dynamically creates behavioral profiles based on the activity captured by the security repository, allowing you to compare the present with…
Read more
Proactive Forensics

Visibility is the first step in any security effort. You can’t secure what you can’t see. Learn more about the value of visibility and how to achieve it.

One of the popular myths about security is that you can get it out of the box. Just install something, and voila! You’re magically secured. But that never works. Regardless of what you’re trying to secure, your first step should always be understanding the activity. You should know how the system is used, by whom,…
Read more
Fitted Security

Avoiding the pitfalls of the security trends to design a security strategy that fits your environment and optimizes your posture given the available resources.

Many organizations design their cybersecurity strategy and decide what solutions to purchase based on industry trends and best practices. The outcome is often imbalanced and inappropriate to the organization’s risk profile and security needs. Best-practice implementations are usually one-size-fits-all and not tailored to the specific environment. Being predictable, there are usually tools and guides on…
Read more
SQL Injection Attack Detection

This is a true story of a SQL injection attack on our website. Learn about the attack and why the Core Audit anomaly analysis database defense is the most effective way to combat this type of threat.

This is a true story of a SQL injection attack on our website. Learn about the attack and why the Core Audit anomaly analysis database defense is the most effective way to combat this type of threat. Introduction We got an alert two days before New Year’s. It was shortly after midnight on December 30,…
Read more
WordPress Attack Detection

WordPress is a common application for managing websites. But this story is about how we detected an attack on a generic application.

On Sunday morning, we got an anomaly alert. It was March 19, 2023. This story is about what happened. Background The Blue Core Research website uses WordPress (a free and open-source content management system). WordPress usually uses MySQL as a backend database, and our installation is no different. While our WordPress doesn’t contain sensitive data,…
Read more
Lessons from the Costa Rica government breach

Introduction When I first heard the news, my first thought was – how can a hacker group breach so many systems across so many government agencies so quickly? My answer was simple: they cannot. The inevitable conclusion is that they have infiltrated the government systems for months, if not years, waiting for the time they…
Read more
SQL Injection

SQL Injection is one of the most well-known attack vectors and it poses a significant security challenge. Learn more about how SQL injection works, and the different approaches to solving it.

Introduction SQL Injection is one of the most well-known attack vectors, and that’s largely because it poses a significant security challenge. The only way to understand the benefits and deficiencies of different solutions is by understanding the problem and the approach each solution has to solving it. The Problem The best way to understand the…
Read more