TAP Into Technology | Blog

Jim Curtin

Jim Curtin is the Co-Founder and CEO of CapStar Forensics, based in Austin, Texas. Jim has spent most of his career in the high-tech field, initially in finance and then in management. After his apprenticeship at Digital Equipment Corporation,he jumped into start-ups and small companies to introduce new infrastructure offerings and take them to larger companies and their established distribution infrastructures. Jim's goals are to keep the evolution of IT moving towards openness and efficiency, helping to drive the value-add higher and higher in the software stack while providing measurable success for customers, shareholders and employees.
Find me on:

Recent Posts

Detecting Fake SSL Sessions as Part of C&C Activity

Posted by Jim Curtin on 12/13/16 8:00 AM

One of the best ways to learn how to protect against malware is to learn how to detect malware traffic. Towards this end, we are constantly searching the Internet for as many types of malware pcaps as we can find.

This blog focuses on the use of a fake SSL session where the TCP session starts with an SSL handshake but doesn’t actually do the handshake – it is a fake.

We will also show in this blog how to detect this type of fake SSL using the powerful yet flexible pcap analytics.

Join me in this deep dive...

Read More

Topics: Network Security, Technology Partners

IDS vs. IPS: It’s More Than a Character Difference

Posted by Jim Curtin on 6/2/16 8:00 AM

In modern cybersecurity, there are two major types of devices for protecting the edge: intrusion detection systems (IDS) and intrusion prevention systems (IPS).  

An IPS sits in-line, in a network, and touches on each packet to and from the Internet. It provides protection by inspecting packets and forwarding or dropping the packets based on pre-configured, static rules (i.e. signature matching). An IDS, on the other hand, will not be able to touch any packets, it only sniffs the packet for detection, based on signatures as well, and then generates an alert for the administrator to investigate.

Given this difference in defensive capability, an IPS sounds like a better tool than an IDS. If that is the actual case, then why isn’t it deployed as widely, or more widely, than an IDS?

Read More

Topics: Network Security, Network Visibility/Monitoring, Technology Partners