Tips and Tricks: Troubleshooting Snort

Whether you’re tuning an existing Snort instance or just finished a new installation, there’s a common question that may soon follow: “Why I aren’t I seeing any events?

If this is the case with your Snort instance, there are a few basics to check.

Starting Snort
In many cases Snort is started with a script as opposed to a manual command that includes “-D” to start it in daemon mode, but such scripts don’t help in the troubleshooting process. 

1. Check if Snort is running or if the script has been executed with a simple grep command:

ps aux | grep snort

2. If Snort is running, take note of the command displayed that was either executed manually or by a script, and then stop or kill the process.

3. Enter that long-hand command to start Snort (snort -c /etc/snort/snort.conf -i eth1, for example) in the foreground or continuous mode, making sure to omit the -D so the process is not started in daemon mode.

If there are any issues with Snort, they will be specifically noted and generally Snort will fail to start because of a fatal error. 

If Snort successfully starts, you’ll see its final line stating “Commencing packet processing (pid=xxxxxxx).” If this is the case, kill the process and move on to Log Files. If you get an error, resolve it and start Snort again in the same manner until there are no errors. Errors generally revolve around signatures (bad or incompatible signatures that kill Snort), missing file or rules directories, or something related to the snort.conf. Once your error is resolved and Snort starts successfully, kill the process and move on to Log Files.

Log Files
Every time Snort starts it will or should create a new log file. These files are generally named merged.log or snort.alert, and are located in /var/log/snort, but of course precise names and locations will differ depending on your setup.

You can confirm Snort successfully created its log file when you just started it in the last step, and also check for previous log files and their sizes with a simple list command:

ls -la /var/log/snort

You should see at least one log file, and more than likely its size (or at least the most recent log file) will be zero, and that’s fine since Snort only ran for a few moments. But checking this directory with that command is very helpful in first ensuring log files are being created, and secondly determining if those log files are growing in size. 

If log files are being created and not growing in size after Snort has been running in daemon mode for some time, there could be issues with the configuration file, the signatures, or the traffic feed.

Configuration File
While Snort can be a complex tool, we aim to keep things simple. With a new installation of Snort, we make the following changes to its configuration file:

Provide the paths to the rules:

var RULE_PATH /etc/snort/rules

var SO_RULE_PATH /etc/snort/so_rules

var PREPROC_RULE_PATH /etc/snort/preproc_rules

var WHITE_LIST_PATH /etc/snort/rules

var BLACK_LIST_PATH /etc/snort/rules

2. Uncomment the “output unified2” line and remove “nostamp”:

output unified2: filename merged.log, limit 128, mpls_event_types, vlan_event_types

3. In “Step #7” of the configuration file you’ll find a listing of rule categories that will be enabled when Snort starts:

###################################################
# Step #7: Customize your rule set
# For more information, see Snort Manual, Writing Snort Rules
#
# NOTE: All categories are enabled in this conf file
###################################################

# site specific rules

include $RULE_PATH/app-detect.rules
include $RULE_PATH/local.rules
include $RULE_PATH/browser-chrome.rules
include $RULE_PATH/browser-other.rules

These categories may be missing or commented out, in which case when Snort starts it will run with few or no signatures, resulting in few to no events and small to zero log file sizes. Make and save any necessary changes to the configuration file, and move on to Signatures.

Signatures
Being a signature-based IDS tool, Snort will require enabled and current signatures to generate events. While too few signatures may result in few to no events, too many signatures enabled can result in not only too many events but an overloaded Snort sensor, an overcrowded Aanval dashboard—consisting of largely informational/nuisance events—and perhaps overworked database and/or hardware running the sensor.

Investigate the various rule categories in your /rules directory and make sure standard and especially critical signatures are enabled. For testing purposes, you can enable the signatures found in the protocol-icmp.rules directory, start Snort in daemon mode, and then ping the Snort box from an alternate IP. Keep in mind that these ICMP signatures aren’t generally kept enabled in active or production environments, and once tests are concluded it’s recommended to disable these signatures.

Traffic Feed
It’s lastly critical that the interface Snort is monitoring is actually generating real traffic. Snort commonly monitors the span/mirror port of a switch. Confirming the interface to be monitored from the long-hand command to start Snort (snort -c /etc/snort/snort.conf -i eth1, for example) and that the interface is active (ifconfig), you can use tcpdump to scan the interface for traffic with a basic command:

tcpdump -nn -i eth1 (or the interface to be scanned)

If you aren’t seeing anything or simply ARP or basic traffic, you may need to check the feed and interface. But once confirmed that there is more happening than basics and ARP, the interface Snort is to monitor should be solid.

Having completed this list of basic steps and checks, and making any necessary changes, you should be good to start your Snort instance(s) in daemon mode and begin to see log files created and growing, and events flowing into Aanval.

Aanval Support Q&A: Expired Console and I Can’t Log In

Q: I tried opening Aanval on my browser, but I received a message saying the license has expired and my console is locked. I know the license is still valid. What’s happening?

A: If you’re having this or any login issue, the root of it generally stems from the connection to MySQL, since Aanval retrieves login and license information from the Aanval MySQL database.

Remedy: Make sure MySQL is up and running and the connection is solid. What we sometimes see is that MySQL is down because the disk is full. You may try connecting via another host or method to ensure MySQL is accessible. 

Once MySQL is back online, navigate to Aanval as you normally would and log in.

If you’re still receiving an Expired message, enter the address to Aanval in the browser and add the following to the end of the URL:

/?op=pub_login

This will take you directly to the login screen. In some cases the license really has expired. If that is the case, not a problem; all the data is intact and the console simply needs an updated license key. This login method will allow you to log in and navigate to License Management and update the license. If you’re still having issues, there may be further issues with the disk or database or login credentials. For further questions or issues, check out our Troubleshooting Guide at our Aanval Wiki, or contact Support. 

Aanval Support Q&A: Aanval Installation Issue: Missing Modules?

Q: I downloaded and untarred Aanval according to the guide provided (http://wiki.aanval.com/wiki/Aanval:V7_Installation_Guide) and installed all prerequisites, but after I point my browser to the Aanval location and accept the EULA, I get an error noting that MySQL is missing. I show that MySQL is installed and running. Can you help? I’m using CentOS 6 on a VM.

A: That step is an Environmental Test in which all necessary PHP modules and directory structures and permissions are searched and tested. Your results show that not MySQL but the PHP MySQL module is missing. It’s a very simple fix.

First, install that module:

yum install php-mysql

Second, restart Apache:

apachectl restart

Third, while on the browser, click the Retest option at the bottom of the page showing the Environmental Test results (you can also completely restart the web-based portion of the install by directing a new browser window to the Aanval location). The test will now confirm that module is installed and you can continue to the next step of pointing Aanval to the location of the aanval database so that Aanval can automatically build its structure and tables, and then log in.

Aanval 8: Coming Soon!

Aanval 8 Sneak Peak
Aanval 8 is almost here, with a brand new look, and loaded with new and improved features and performance!

Nearly a year in the making, Aanval 8 boasts dozens of new features and a complete re-write of nearly the entire code-base to make it our most stable and advanced version of Aanval yet.

Featuring: HTML5, IPv6 Support, Direct Unified2 Support, Threat Levels Displays, Heat Maps, Syslog Updates, New Automation System, and more.

Aanval v8

Check out other screenshots and details at https://www.aanval.com/aanval8

Aanval 8 will be publicly released in the coming weeks, and will be a free upgrade to all current Aanval SMB, SAS, and SAS Enterprise customers.

Aanval SAS FAQ

In the past few weeks, we’ve had people ask specific questions about our new trial offerings and the types of commercial licenses available. We decided to write a blog to answer those questions.

#1. What is the difference between a 30-day trial and 30-day unlimited trial?
#2. Free vs commercial? What does an annual subscription provide?
#3. What are the types of Aanval SAS licenses offered? How can I determine the right license package for my environment?

Aanval is available to download and evaluate for free. Without a commercial license, Aanval operates in a free single-sensor mode, allowing 1 Snort or 1 Suricata and 1 syslog device. Your download automatically includes most of the features in our latest release, Aanval SAS (Situational Awareness System), for 30 days and allows you to process up to 1 million events. After 30 days, you can purchase an annual commercial license and take advantage of all the powerful and automated features designed to provide organizations complete end-to-end network visibility and situational awareness. You also have the option to convert to an unlimited 30-day trial license. We’ve re-introduced trial licenses for organizations who need to test Aanval in their environments without limitations on sensor capacity or event processing. Installation assistance and full support will also be available during your trial period.

All versions of Aanval are available as a downloadable solution that can be installed on existing hardware and requires only a current variant of Linux, Unix, or Mac OS X.

Visit our Download Page https://www.aanval.com/download and get your 30-day trial or 30-day unlimited trial.

What does the Aanval SAS annual subscription offer you?

» An annual unlimited sensor-capacity license for Snort and/or Suricata, and Syslog
» Telephone and remote support
» Console maintenance: bug fixes, minor and major upgrades
» An enterprise-grade SIEM and IDS solution at a fraction of the cost of other providers

Aanval SAS annual package includes the following features and tools:

» Situational Awareness™
» Offensive Reconnaissance™ and Rogue Host Detection
» Network Host Scanning
» False Positive Protection
» Live GeoLocation Display
» Event Correlation
» Billions of Events
» Event Tagging, Syslog Mirroring, and More

Aanval is designed to specifically scale from small single-sensor installations to global enterprise deployments. Aanval’s primary functions are to correlate data from multiple sources, bring together billions of events, and present users with a holistic view of false positive free, network security situational awareness.

We offer three types of annual subscriptions:

Aanval SMB

Our most cost efficient solution, designed specifically for the small business market, Aanval SMB includes every base feature of Aanval SAS as well as a few select SAS-only options like our powerful Situational Awareness engine, Rogue Host Detection, and the ever critical False Positive Protection module.

View Aanval SMB Details: https://www.aanval.com/aanval

Aanval SAS

Our completely unlimited middle market offering, Aanval SAS (Situational Awareness System), developed and focused specifically for organizations up to 250 hosts in size. Aanval SAS includes all basic and advanced SAS features like Offensive Reconnaissance and Network Host Scanning.

View Aanval SAS Details: https://www.aanval.com/aanval

Aanval SAS Enterprise

Aanval SAS Enterprise scales beautifully to organizations of all sizes. Designed with large-scale network infrastructures in mind, SAS Enterprise provides superior functionality for networks that exceed 250 hosts and support services are readily available 24/7.

View Aanval Enterprise Details: https://www.aanval.com/aanval

Need assistance determining the right license package for your environment? Contact our Sales Dept. at 800-921-2584 or email sales.group @ tacticalflex.com

We invite you to also explore our Product License Comparison at https://www.aanval.com/aanval

View pricing or purchase Aanval products and services securely online https://www.aanval.com/purchase

See Why Customers Choose Aanval SAS (Situational Awareness System)

More than 6,000 customers worldwide including Fortune 500 and SMEs trust Aanval as their Snort, Suricata, and Syslog Intrusion Detection, Correlation, and Threat Management solution. Read the latest customer success story from the retail industry to learn more about the business benefits of Aanval SAS.

Customer Snapshot: A Leading Online Retailer

Industry: A publicly-traded home improvement retailer with 201-500 employees. Company primarily conducts business through e-commerce. All security initiatives are managed in-house.

Customer Need: IT department was searching for a robust IDS utilizing Snort to manage and monitor their growing business and network infrastructure. Initially the company was using a standard Snort interface.

Customer Evaluation of Aanval SAS: Aanval was the primary product evaluated during the solution search process. The company’s Information Security Manager evaluated Aanval for the following security use cases:

1. Log Monitoring and Network Traffic Analysis
2. Packet Management
3. Anomaly Detection
4. PCI Compliance

Aanval SAS met all of the evaluation criteria and found Aanval easy to use, configure, and install. Company has purchased the Aanval SAS commercial license is now using Aanval as their stand alone IDS.

Aanval SAS Has Helped with the Following:

1. Improve Operational Efficiency. Helped streamline the IT process of monitoring activities, analyzing and correlating event data, delivering security alerts, and investigating security incidents.
2. Meet PCI Compliance Initiatives. The Payment Card Industry Data Security Standard (PCI DSS) requires that all retailers and e-commerce sites that process, store, or transmit credit card information maintain a secure environment.
3. Reduce False Positives
4. Provide Needed Situational Awareness
5. Improve Security by Accelerating Detection of Anomalies

The Top Business Benefits of Aanval SAS: 

1. Event Management/Collection
2. False Positive Protection
3. PCI Compliance
4. Affordable Pricing
5. Built-in Automated Offensive Tools That Utilize Nmap. Includes Network Host Scanning, Rogue Host Detection, and Offensive Reconnaissance

New Aanval Features: Syslog Mirroring and Email Reports

New to Aanval SAS in build 70153 are two new features: Syslog Mirroring and Email Reports

Syslog Mirroring
This feature allows the Aanval console to easily and automatically output a stream of Aanval-imported events as user-defined UDP packets to a specific device and port, allowing users to monitor Aanval activity and/or duplicate or store Aanval log data.

Getting Started
Enabling this feature is as simple as detailing where the packets go and what event details are to be sent. Visit our Support wiki for complete and simple instructions: Syslog Mirroring

Email Reports
Aanval has a powerful reporting feature, allowing users to easily and quickly create extremely detailed reports. Reports are viewable in HTML, XML, and Text formats. Those reports can now be emailed in Text format directly from the console Reporting feature.

Getting Started
Visit our Support wiki for complete and simple instructions to first create reports and get them sent: Reports

Don’t have these features yet?
Aanval SAS commercial packages provide users with console maintenance, so they’ll always have the latest build and features. Aanval alerts users of new versions with User Messages that show at the top of the console event feed. Click the information icon to be directed to the Update page, or navigate your console to Console Configuration > Console > Version Management > Update. Once downloaded and installed, accept the EULA and begin enjoying and benefitting from these features, and watch for more to come.

So what else is new?
Read our Release Notes to know the details of each new build. Sign up for our newsletter at Aanval.com to keep apprised of all our upcoming developments and promotions.

Cybercrime in Healthcare Sector Evolving: Point-of-Sale (POS) Breaches Now an Alarming Concern

As technology is continually being used to drive efficiencies into the healthcare system, the potential for data breaches increases exponentially. Healthcare is among the top industries frequently victimized by data breaches with billing records and medical files overwhelmingly the most frequently stolen patient data. According to Navigant’s Information Security & Data Breach Report, healthcare organizations accounted for the highest percentage of data breaches, more than one-third of all data breaches in the United States. In addition, HITRUST’s Analysis of U.S. Healthcare Breach Data revealed that the total number of breaches of over 500 individuals posted to HHS since September 2009 is 495. The total number of records breached is 21.2 million and the average breach size is 42,659.1 at a cost of $8,275,865.40. The study also reported that hospitals and physician practices were responsible for 32% and 25% of total breaches in the healthcare industry. Government institutions experienced the greatest loss of records.

Despite repeated warnings from the Department of Health and Human Services, the healthcare sector is still lagging behind other industries regarding implementing security precautions when it comes to protecting sensitive PHI. The Ponemon Institute’s Cost of Cyber Crime Study reported that fewer than half of healthcare providers surveyed performed an annual security risk assessment. In fact, 52% of organizations that conduct one of these crucial IT audits discover a security breach as a result.

Cyber Criminals Targeting Point of Sale Terminals (POS) Not EHR

According to the article “Cybercrime and the Healthcare Industry,” “healthcare providers have a tough challenge at hand. As administrative technologies like Electronic Health Records (EHR) and online health portals begin to become standard issue, the access to financial data and information so strongly demanded by providers, patients, payers, and employees is also fast becoming a new target for hackers.” According to the Verizon 2013 Data Breach Investigations Report, hackers in healthcare are now more interested in attacking payment point-of-sale systems than actual EHR records. POS terminals accounted for 64% of compromised health care assets compared with 38% of desktops or workstations. The Verizon Risk Team further elaborated in an eWeek article that the “the healthcare area is very used to the patient-privacy aspect of securing the data and may not be paying too much attention to their payment systems. In addition to payments for care, security breaches also involve transactions to hospital gift shops and cafeterias. With the final omnibus rule for the Health Insurance Portability and Accountability Act (HIPAA) requiring risk assessments, health care organizations need to determine their level of preparation for financial attacks.”

A key lesson offered by the Verizon Data Breach Investigation Report is that smaller practices including dental offices and outpatient care facilities are also at a high risk of cyber attacks. Therefore, no healthcare organization is immune to being breached.

Where Should Healthcare IT Departments Target Their Security Efforts?

1. Point of Sales (POS) Terminals and Servers 
Most hackers are not after EHRs; they want financial and insurance information that can be used to steal money and conduct medical and insurance fraud.

2. Desktops and Workstations
93% of healthcare breaches involved hacking and malware. Attacks in the healthcare industry often start by tricking an organization’s employees to install malware on the network.

3. Storage Systems
Storage systems contain financial as well as clinical data that are gold mine for hackers.

About Tactical FLEX, Inc.
Tactical FLEX, Inc. is a privately owned software development firm based in Seattle, specializing in information security research, engineering, technology design, and production. With the technological development of Aanval®, Tactical FLEX, Inc. has become a global provider of information security vulnerability and risk management software solutions that protect businesses of all sizes. Aanval® is the industry’s leading Snort, Suricata, and Syslog Intrusion Detection, Correlation, and Threat Management console on the market. Aanval® currently has over 6,000 customers worldwide including government security, defense organizations, technology corporations, financial services organizations, energy companies, educational institutions, healthcare organizations, biotechnology manufacturers, pharmaceutical companies, law firms, utility providers, and many others. Learn more about Aanval® by visiting http://www.aanval.com. Aanval® may be downloaded for testing and evaluation at http://www.aanval.com/download.

Debunking Common Myths Regarding Security Information and Event Management (SIEM)

In a recent study conducted by Infosecurity Europe, it was revealed that 93% of large organizations have experienced at least one security breach in the previous year. The study also reported that the number of breaches is growing at an alarming rate as organizations experienced, on average, 50% more breaches in the previous year. While security threats continue to escalate, many organizations have deployed or have considered security information and event management (SIEM) solutions in order to obtain a holistic view of their information technology security. The beauty of a SIEM is that it takes all the information gathered from events across the network and tailors it to inform IT departments exactly what is happening and when. SIEM technology is also essential for helping security analysts detect internal and external threats and to perform crucial network forensic analysis. According to Gartner, the demand for SIEM technology is growing at an annual rate of 21% and is the fastest growing areas of the security sector.

Although research shows that SIEM product visibility in the U.S. has improved with higher adoption, proper understanding of the technology is still lacking. Frost & Sullivan, an industry research firm, reported that there is a low level of awareness associated with SIEM solutions and further stated that “it is imperative for SIEM vendors to reach out to enterprise end users to enhance their technological awareness and correct any underlying misconceptions or assumptions which may exist toward the technology.” In this blog, we will review some common myths surrounding SIEM technology to help IT Security Professionals separate truth from fiction.

Myth #1: SIEM Solutions are Resource-Intensive and Require Substantial Financial Investment to Deploy

Answer: In light of the benefits of capitalizing in SIEM technology, the high costs of investing in some SIEM platforms have been holding small- and mid-market enterprises back. It is true that most SIEM solutions require a significant investment up front to get it started and also require an ongoing investment in humans to keep it running. This is what can put some SIEM solutions beyond the reach of SMBs or under-funded enterprises. However, not all SIEM solutions come with hefty price tag. If you’re an SMB or an enterprise-class organization with limited budgets, enterprise-grade SIEM platforms that are affordable and easy to use do exist in the marketplace. These are the hidden gems in the seemingly crowded SIEM market category. However, selecting the right SIEM product is almost entirely based on the use cases an organization is trying to fulfill. For example, if you’re an SMB with a shortage of security analysts, your needs and cost sensitivity will vary widely from that of a large organization. You will most likely require a healthy amount of automated functionality while heavy customization is probably not on the agenda.

Myth #2: SIEM Solutions are Equal in Features and Benefits

Answer: Today’s SIEM should be a powerhouse of data capture, correlation analysis, and reporting. Although SIEMs are pre-packaged with a set of security features, it is important to note that the advanced feature sets vary from vendor to vendor as SIEM vendors specifically market to potential and existing clients based on specific-use cases. In order to fully understand SIEM technology, the common core functions and advanced features sets must be explored. To view the essential features and capabilities of a SIEM technology, please read http://wiki.aanval.com/wiki/Library:The_Essential_Features_and_Capabilities_of_a_SIEM_Technology. As SIEM products mature in the marketplace, vendors will introduce new and advanced features to bring to the table for product differentiation as well as market it for specific use cases to solve a particular security need. Overall, it is important to understand that SIEM vendors are not all equal in capabilities and the product features are only valuable if it meets your business and security needs. For example, Tactical FLEX, Inc. is among SIEM-leading suppliers that provides a very strong focus on intrusion detection for effective threat management. Aanval SIEM commercial solution comes tightly integrated with effective Snort and Suricata open source security tools and can also support any device with syslog capabilities to deliver complete data management. Aanval should be considered by organizations that want a scalable commercially supported SIEM solution utilizing the most widely deployed and trusted intrusion detection system on the market for enhanced security and improved situational awareness and protection. If automation and network visibility are key factors for your network organization, you will benefit immensely with an Aanval SIEM solution. In today’s rapidly changing security environment where network environments are growing ever more distributed and complex to manage, IT departments truly need a flexible SIEM that is designed to scale. To view our SIEM comparison table, please read the following article: How to Find the Right SIEM Solution. A Step-by-Step Guide and SIEM Features Comparison.

Myth #3: SIEM Technology is Only Useful for Log Reporting and Compliance

Answer: Over the years, SIEM has almost become synonymous with log reporting and compliance management. Yet, SIEM technology has far more advanced capabilities than simply helping organizations make sense of log data to meet security and audit regulations. Dr. Anton Chuvakin, a security expert on SIEM technology, finds that “too often, organizations purchase SIEM and log management solutions to check a compliance checkbox. These organizations miss a huge opportunity to improve security.” Fortunately, many organizations are increasingly realizing the value and benefits of SIEM in improving their security posture.

According a recent RSA Survey, these are additional widely used functions and tools of SIEM solutions:
1. Alert anomalies
2. Identify threats and potential high-risk incidents
3. Monitor network traffic
4. Streamline remediation efforts
5. Advance other security operations functions in general

About Tactical FLEX, Inc.
For nearly a decade, Tactical FLEX, Inc. has taken great pride in providing best-of-breed security solutions to every type of organization around the world. Our wide spectrum of customers demonstrates our sincere commitment to an industry that remains at the forefront of the digital evolution of the world. Information security is our business, and our customers are our greatest asset. Tactical FLEX, Inc. is a trusted security vendor protecting more than 6,000 organizations within every industry in more than 100 countries. Our product Aanval® is the industry’s most comprehensive end-to-end Snort and syslog intrusion detection, correlation, and threat management solution, built with a unique Situational Awareness engine, distinct false-positive protection technology, and a fully-integrated event management and attack data correlation engine. Learn more about Aanval SAS™ by visiting http://www.aanval.com

Aanval® is also available for download as a free Community edition for testing and evaluation at http://www.aanval.com/download. Let Aanval SAS™ turn your security event data into actionable and comprehensive insights.

Tactical FLEX, Inc. Now Offering IT Audit and Vulnerability Assessment to Community Financial Institutions to Fend Off Cyber Attacks

“Experienced information security vendor providing information technology services to community banks and credit unions to uncover weak points within their networks.”

SEATTLE, Sept. 24, 2013 — Tactical FLEX, Inc., a global provider of information security, vulnerability, and risk management software solutions, recently announced that it will provide IT audit and vulnerability assessment services to community financial institutions to help fend off cyber attacks. The assessments are performed by Tactical FLEX, Inc.’s information security analysts to pinpoint vulnerabilities in a company’s security and IT infrastructure. Cyber criminals often exploit these vulnerabilities to attack networks and siphon sensitive company and customer data.

According to Washington Street Journal, “U.S. regulators are stepping up calls for banks to better-arm themselves against the growing online threat hackers and criminal organizations pose to individual institutions and the financial system as a whole.” A proper network vulnerability assessment is the first step toward forming a comprehensive security plan to proactively block the attacks of persistent and malicious hackers. Network security audits are critical to understanding how well an organization is protected against evolving security threats. Tactical FLEX, Inc. encourages smaller community lenders to do everything they can to bolster their network strength and protect their confidential data. Tactical FLEX, Inc. also urges banks and credit unions to perform testing for DDoS (Distributed Denial-of-Service attack) vulnerability and to invest more resources in understanding how DDoS attacks work and how they can better defend their organization. An alarming report provided by Ponemon Institute states that 65% of organizations experienced three DDoS attacks in a 12-month period. DDoS cannot be categorized as simply a network issue. It has become an additional aspect of other advanced targeted attacks or orchestrated campaigns coordinated by well-funded cyber criminals intent to steal confidential data from financial institutions.

Tactical FLEX, Inc. has been performing security audits and vulnerability assessments since 2003 and has identified a wide scope of critical vulnerabilities that expose organizations to external and internal breaches. Our network security auditing and vulnerability assessment services allow community financial institutions to identify critical security vulnerabilities that attackers could exploit. We have developed a unique system of public and proprietary tools to perform as many as 25,000 security tests on targeted systems. These attacks are performed by our advanced scanning engine that tests and re-tests each exploit to ensure minimal false positives are reported and maximum assessment accuracy is achieved. Manual techniques are employed when necessary to ensure full real-word focus.

By offering IT audit and security assessment services, we hope to help community financial institutions with smaller IT budgets shore up their cyber security defenses and avoid security breaches altogether. Community banks often rely on outside providers for information technology services and may lack the resources or expertise to guard against security threats. With our industry knowledge, technical expertise, and in-depth understanding of today’s security threats, we can assist small community lenders obtain an accurate understanding of their organization’s security and risk posture while ensuring compliance with industry regulations and information security best practices. When you partner with Tactical FLEX, Inc. we will help you identify gaps in your security infrastructure and remediate issues before your network and customers are affected.

For more information about Tactical FLEX, Inc. visit the company’s website at https://www.aanval.com

About Tactical FLEX, Inc.
Tactical FLEX, Inc. is a privately owned software development firm based in Seattle, specializing in information security research, engineering, technology design, and production. With the technological development of Aanval®, Tactical FLEX, Inc. has become a global provider of information security vulnerability and risk management software solutions that protect businesses of all sizes. Aanval® is the industry’s leading Snort, Suricata, and Syslog Intrusion Detection, Correlation, and Threat Management console on the market. Aanval® currently has over 6,000 customers worldwide including government security, defense organizations, technology corporations, financial services organizations, energy companies, educational institutions, healthcare organizations, biotechnology manufacturers, pharmaceutical companies, law firms, utility providers, and many others. Learn more about Aanval® by visiting http://www.aanval.com. Aanval® may be downloaded for testing and evaluation at http://www.aanval.com/download.