Thursday, June 8, 2023

How to Build a Future-Ready IT Security Strategy

Despite all the preventative steps being taken by organisations around the world, cybercrime is continuing to grow at an alarming rate.

Industry research shows that, during 2022, there was a ransomware attack launched every 11 seconds and the global annual cost of cyberattacks to business reached $20 billion. Most leaders realise it now a case of ‘when’ rather than ‘if’ their organisations will fall victim.

Interestingly, 94% of cyberattacks use email as their attack vector. An employee clicking on a link or opening a malicious attachment can grant an attacker access to an organisation’s entire IT infrastructure.

The post How to Build a Future-Ready IT Security Strategy appeared first on LogRhythm.

from LogRhythm

Virtual Machine Storage in Windows Server Hyper-V. File vs Block: SMB3 vs iSCSI vs NVMe-oF [PART1] 

File vs Block Storage: SMB3 vs iSCSI vs NVMe-oF

Virtual machine storage is one of the key components of the virtualized infrastructure with block and file storage being the most used storage types. Choosing either will impact the performance of VMs, apps and services you run. That is why it’s particularly important to ensure your VM storage is well-matched to their requirements. So, in this article, we will highlight the difference between block and file storage and describe most notable protocols.

File Storage

In file storage, data is stored in files in a hierarchical structure, organized into directories and sub-directories. To retrieve a file from storage system, you need access permissions and the file path. File protocols enable NAS scenarios where multiple clients connect to a server, allowing for easy file sharing and collaboration.

Most popular file (NAS) protocols are NFS (Network File System) and SMB (Server Message Block). Virtualization-wise, the NFS-based storage is commonly used with VMware, KVM and Xen, while SMB is the preferred option for Hyper-V environments.

Overall, file storage works best for small to medium-sized unstructured data sets, such as text documents, pictures, media, and other popular content types. However, latest file storage protocol implementations are also good for serving as a virtual machine storage, which is quite useful for those Admins who don’t want to add block storage (SAN) into the mix.

Block Storage

On the other hand, Block storage is commonly used for storing virtual machine files and large structured data sets such as databases. In block storage, the file is divided into multiple blocks, and each block has a unique ID. Blocks can be stored on different disk drives or even different systems connected by network. When that data is requested, the blocks are retrieved by their ID and reassembled.

Block storage is commonly used with SAN (Storage Area Network) where the most popular protocols are Fibre Channel, iSCSI, and recently NVMe-oF (NVMe over Fabrics).

Comparing SMB, NFS, iSCSI and NVMe-oF 

Now, let us look at the differences and similarities between four popular file- and block-level protocols available in most virtualized environments:

File protocols


SMB or Server Message Block is a file-level storage protocol. It allows the client to read and write data from a file server in a network. SMB is known for its simplicity and ease of use. It’s also highly compatible, working well with various operating systems. Windows Server services, such as Microsoft Hyper-V or even Microsoft SQL Server, can use SMB to store their data. The SMB 3.0 version available from Windows Server 2012 came with new features such as SMB Multichannel and SMB Direct that significantly enhanced the protocol performance and expanded its use cases.

Performance wise the SMB is tuned for large sequential reads/writes, which is what “casual” users do most of the time. It is also great for storing unstructured data and even virtual machines in Windows-based environments with native SMB 3.0 and its advanced features. That is why small businesses prefer it for virtualization and file sharing. However, SMB is not a great fit for large enterprises and high-performance environments due to bandwidth limitations. And it is not preferable when transferring lots of small, kilobyte-sized files. Here, it is better to use block-level storage such as iSCSI.


Network File System (NFS) is a distributed file system protocol that enables file sharing and remote access to files over a network. It also operates on a client-server model, allowing users to access files stored on remote servers as if they were kept in a local folder.

Similar to SMB, NFS provides users with transparent access and file locking mechanisms, coming in handy when collaboration within a company is needed. Like SMB, NFS is also faster and more efficient for large sequential reads/writes and is less effective for small-sized I/O. The performance of NFS 4 can be further improved with advanced features such as RDMA and Multipathing. However, achieved with either session trunking or via pNFS extension, the implementation of multipathing in NFS is not as reliable and easy to use as in SMB.

Block protocols


Internet Small Computer System Interface or commonly known as iSCSI, is a block protocol that works over TCP. ISCSI allows to set up a shared storage network which makes it possible for multiple clients and services to access central storage.

Because iSCSI is a block protocol, the initiator transports block-level data from the server to the target on the storage device. It assembles the data in the form of packets for the TCP/IP layer by encapsulating SCSI commands. Once the packets arrive at their destination, they are separated into the various iSCSI commands for the OS to read the data as if the physical storage device was locally connected to the computer. The main problem with this is that iSCSI does not allow multiple servers to access the same volume simultaneously. However, this can be achieved with file systems that permit multiple simultaneous access, such as clustered file systems (CSV, VMFS, etc).

The iSCSI protocol is supported by most hypervisors and operating systems, and you can use your existing Ethernet equipment to deploy the iSCSI SAN infrastructure. Because there is no need to learn complicated fibre channel SAN topology, specialized hardware, or staff to deploy and maintain an iSCSI storage network are not required. Since iSCSI uses TCP/IP protocol, it technically supports up to 400Gbps Ethernet. This makes it a desirable choice over SMB for intensive workloads in enterprise environments.

As for drawbacks, iSCSI generates a tremendous amount of network traffic by its nature. This can be worked around by segregating iSCSI into a separate LAN segment while further improving speed through RDMA and various offloads. However, if it isn’t fine-tuned properly, there can be issues.


Non-Volatile Memory Express Over Fabrics, also well-known as NVMe-oF, is a modern high-speed storage protocol used to ensure fast and efficient data transfer between initiators and solid-state storage devices over Ethernet, Fibre Channel and InfiniBand. Much like NVMe, NVMe-oF can fully exploit the performance potential of flash storage, typically hindered by traditional protocols and interfaces.

Even though NVMe-oF is just emerging, it is already a widely adopted network architecture. It helps enterprises to handle a wide variety of workloads that require the lowest network latency and the highest throughput. However, it comes with some downsides such as increased hardware costs, limited hypervisor support and additional configuration complexity, especially for clustered environments.

Making the Right Choice

In conclusion, the choice between file and block storage, and specifically between their respective protocols, depends on your specific needs and requirements.

  • SMB serves as a user-friendly file-level protocol best suited for small to medium businesses running Windows with requirements mostly centred around file sharing and collaboration. Though, it is also a viable option for storing virtual machines, in a high-intensity clustered environment, block-level protocols are usually a more popular choice.
  • NFS is widely used for collaborative file sharing and virtualization in Linux environments. Like SMB its mostly tuned for large sequential reads/writes and less suited for more demanding scenarios such as high-performance VM storage and high availability clustering.
  • Conversely, iSCSI offers block-level storage with the flexibility to integrate with existing Ethernet equipment, making it a better choice for data-intensive applications in large virtualized environments. iSCSI is a perfect choice for most virtual machine storage use cases providing a great balance between implementation cost and complexity and the resulting performance.
  • NVMe-oF, the newest of the trio, leverages the latest technology for high-speed data transfer in all-flash storage environments, ideal for latency-sensitive applications that demand the highest access speeds. High-frequency trading, real-time analytics, and high-performance computing are among the sectors where NVMe-oF can shine.

Overall, understanding the “quirks and features” of each protocol is important for choosing the right one for your virtual machine storage. The choice itself, however, depends on your unique requirements, available resources, and the specific workloads your infrastructure needs to support.

In the forthcoming Part 2, we will delve deeper into each storage protocol and discuss its implementation across vSphere, Hyper-V and KVM hypervisors to help you make the best choice for your IT infrastructure.


Related materials:

from StarWind Blog

Kimsuky Targets Think Tanks and News Media with Social Engineering Attacks

Jun 08, 2023Ravie LakshmananCyber Threat / Hacking

The North Korean nation-state threat actor known as Kimsuky has been linked to a social engineering campaign targeting experts in North Korean affairs with the goal of stealing Google credentials and delivering reconnaissance malware.

"Further, Kimsuky's objective extends to the theft of subscription credentials from NK News," cybersecurity firm SentinelOne said in a report shared with The Hacker News.

"To achieve this, the group distributes emails that lure targeted individuals to log in on the malicious website nknews[.]pro, which masquerades as the authentic NK News site. The login form that is presented to the target is designed to capture entered credentials."

NK News, established in 2011, is an American subscription-based news website that provides stories and analysis about North Korea.

The disclosure comes days after U.S. and South Korean intelligence agencies issued an alert warning of Kimsuky's use of social engineering tactics to strike think tanks, academia, and news media sectors. Last week, the threat group was sanctioned by South Korea's Ministry of Foreign Affairs.

Active since at least 2012, Kimsuky is known for its spear-phishing tactics and its attempts to establish trust and rapport with intended targets prior to delivering malware, a reconnaissance tool called ReconShark.

The ultimate goal of the campaigns is to gather strategic intelligence, geopolitical insights, and access sensitive information that are of value to North Korea.

"Their approach highlights the group's commitment to creating a sense of rapport with the individuals they target, potentially increasing the success rate of their subsequent malicious activities," security researcher Aleksandar Milenkoski said.

The findings also follow new revelations from the South Korean government that more than 130 North Korean watchers have been singled out as part of a phishing campaign orchestrated by the government-backed hacking group.

What's more, with North Korea earning a significant chunk of its foreign-currency income from cyber attacks and cryptocurrency heists, threat actors operating on behalf of the regime's interests have been observed spoofing financial institutions and venture capital firms in Japan, the U.S., and Vietnam.

Cybersecurity company Recorded Future connected the activity to a group tracked as TAG-71, a subgroup of Lazarus which is also known as APT38, BlueNoroff, Nickel Gladstone, Sapphire Sleet, Stardust Chollima, and TA444.


๐Ÿ” Mastering API Security: Understanding Your True Attack Surface

Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!

Join the Session

The adversarial collective has an established track record of mounting financially motivated intrusion campaigns targeting cryptocurrency exchanges, commercial banks, and e-commerce payment systems across the world to illegally extract funds for the sanctions-hit country.

"The compromise of financial and investment firms and their customers may expose sensitive or confidential information, which may result in legal or regulatory action, jeopardize pending business negotiations or agreements, or expose information damaging to a company's strategic investment portfolio," the company noted.

The chain of evidence so far suggests that Lazarus Group's motives are both espionage and financially driven, what with the threat actor blamed for the recent Atomic Wallet hack that led to the theft of crypto assets worth $35 million, making it the latest in a long list of crypto companies to be stung by hacks over the past few years.

"The laundering of the stolen crypto assets follows a series of steps that exactly match those employed to launder the proceeds of past hacks perpetrated by Lazarus Group," the blockchain analytics company said.

"The stolen assets are being laundered using specific services, including the Sinbad mixer, which have also been used to launder the proceeds of past hacks perpetrated by the Lazarus Group."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

from The Hacker News

Wednesday, June 7, 2023

How SIEM Helps With Cyber Insurance

To gain proper coverage, organizations have to evaluate their needs, and demonstrate appropriate levels of security monitoring to obtain a policy. For many companies, that means investing in security information and event management (SIEM). Is it the only answer to obtaining insurance policies or reducing costs? Definitely not. That said, organizations leveraging SIEM successfully can validate proper visibility across the environment and better detect and respond to a variety of threats — and this can help prove effective risk management for cyber insurance coverage and costs.  

Before diving deeper into how SIEM can help with cyber insurance, let’s discuss the current state of the cyber insurance industry and why organizations invest in coverage.  

The Current State of the Cybersecurity Insurance Industry 

According to the Marsh “State of Cyber Resilience” survey, 63% of executives see insurance as a key piece of cyber risk management. Additionally, Marsh is seeing increasing growth year over year in the purchasing of cyber insurance.  

Why Organizations Invest in Cyber Insurance  

One of the major drivers of cyber insurance and likely the growth of the market is the continued prevalence of ransomware. The 2022 Verizon DBIR shows an upward trend of ransomware attacks, increasing about 13% last year, which is nearly as much as the prior five years combined! In an ironic discovery, the Microsoft’s Digital Defense Report 2022 found that 60% of those organizations that had experienced a ransomware event had not invested in security information and event management technology.

Not only are the frequency of these attacks increasing, but the value of the ransoms themselves is staggering. In IBM’s “Cost of Data Breach” 2022 report, they found that the average cost of a ransomware attack in their research data to be 4.54 million USD, not including the cost of the ransom itself.  

How SIEM Can Help with Cyber Insurance  

SIEM is a security tool that helps small security teams and large enterprises detect against a variety of cyberthreats, including reducing the risk of successful ransomware attacks. By collecting, aggregating, and analyzing volumes of data in a centralized location, security professionals can accurately pinpoint threats and respond to cyberattacks in real time. SIEM technology helps with log management, event correlation, incident monitoring and response, and reporting and auditing for compliance requirements.  

These kinds of security capabilities validate to insurance agencies that effective risk management processes and technology are in place, and therefore, may help organizations obtain insurance or lower their premiums and coverage costs. 

Testimonials of Cyber Insurance Success — Thanks to SIEM

It’s very important to note that not all organizations are the same and everyone’s coverage looks different based on the business, technology stack, and the insurers’ policies. You may not need a SIEM solution to obtain coverage or lower costs, but again, it can help!  

We’ve seen success in the insurance realm regarding several of our SIEM clients. According to the Total Economic Impact™ of the LogRhythm SIEM, Forrester Consulting found LogRhythm customers “improved access to and lowered the cost of cybersecurity insurance” by using SIEM. In this report, you can find statements from two security professionals that have personal experience with this: 

“The IS security director of a healthcare organization said, “I would expect that if we didn’t have that SIEM box checked, our cyberinsurance costs would be higher.” The VP of information security for a healthcare organization said, “We have several client requirements to have a SIEM, so if we didn’t have one, we probably would not have been able to get insured.”

What to Expect When Obtaining Cyber Insurance Coverage  

Given the increasing difficulty and cost of getting cyber insurance, it’s important that people start to look at how security monitoring and other key factors will impact their ability to obtain cyber insurance. A common starting point when shopping cyber insurance policies is responding to questionnaires that will give insurers an idea of what coverage you are seeking and what risk profile your organization fits into based on the security capabilities at your organization.  

7 Common Questions Cyber Insurers Ask   

1. Describe your organization. 

To kick things off, cyber insurance companies will ask you basic questions, such as:  

  • What products and services does your organization offer?  
  • How many employees do you have?  
  • What is your annual revenue? 
  • Do you foresee any potential mergers or questions in the future? 

These ground questions are all about building your profile as a company and starting the framework of your overall risk profile. 

2. Does your organization use multi-factor authentication (MFA)? 

This is a common question when mitigating cyberattacks, as one of the most common vectors is using stolen credentials. Mutli-factor authentication adds an extra layer of protection against hackers trying to gain access to your systems and this step can greatly reduce the risk of successful attempts to using those stolen credentials. 

3. Does your organization use e-mail filtering, cybersecurity awareness training, or phishing assessments? 

Like MFA above, insurers want to know what activities an organization takes regarding the risk of stolen credentials. One of the most common causes of stolen credentials is through business e-mail compromise (BEC).  

Filtering will prevent some phishing e-mails to make it to your users. When that does not work, organizations must rely on training their users to be aware of these risks and prevent them from disclosing their credentials. Phishing assessments can give your users further exposure to phishing beyond theoretical training and help your organization assess its susceptibility to phishing.   

 4. Does your organization have a vulnerability management program?   

Having a vulnerability management program shows insurers that your organization has defined measures in place to evaluate and mitigate potential vulnerabilities in your environment that could allow bad actors to compromise your systems. 

Insurers will often look for details here regarding the cadence of assessment, timeliness of remediation, and environments covered. 

5. Does your organization have an EDR, NDR, SIEM, or other monitoring tool? 

Insurers want to know that you can quickly detect and respond to cyberattacks. Timely detection is critical in preventing loss and mitigating exposure. Tools such as endpoint detection and response (EDR), network detection and response (NDR), and SIEM can help you show insurers that you have capabilities to monitor and properly defend your organization against a variety of threats and advanced attacks such as ransomware.  

6. Does your organization have an incident response plan, and does it include playbooks for various attack scenarios? 

Not only do insurers want to know that you can monitor and detect cyberattacks, but they also want to know how you are set up to respond and triage those events to prevent and or minimize losses.  

7. Does your organization have backup and disaster recovery programs? 

Depending on the coverage being sought after, an organization may want to recoup ransom losses or make up for any business disruptions that may have occurred during and after an attack. 

Information about an organization’s backup policy, frequency, test schedule, and location can help insurers determine how well they may be able to recover from an event like ransomware. Likewise, a robust disaster recovery program that is well-tested can help insurers determine a company’s ability to recover and get back to business.  

How LogRhythm SIEM Can Help with Cyber Insurance 

Just like cybersecurity, there is no silver bullet to obtaining a policy or obtaining one at an affordable price. Every organization’s cybersecurity insurance looks different based on the business, risk profile, and their insurers’ policies. The key in this process is demonstrating through a combination of tools and processes that an organization can effectively identify potential threats and showcase proactive intervention and mitigation. 

At LogRhythm, we specialize in helping our customers to better detect, response, investigate, and respond to cyberthreats. If you are interested in learning more about how LogRhythm SIEM can help you demonstrate these security operations capabilities, schedule a one-on-one consultation with an expert.

The post How SIEM Helps With Cyber Insurance appeared first on LogRhythm.

from LogRhythm

The Best Laptops for Kali Linux in 2023: Your Ultimate Guide

Are you having difficulty finding the best laptop for Kali Linux? With many different models and options, it can be overwhelming. Don’t worry, we’re here to help!

Recognizing the difficulty in finding the perfect laptop tailored to your specific needs and budget, we’ve crafted this comprehensive guide. We aim to simplify your decision-making process and help you make an informed choice easily.

But this isn’t just a list of laptops; it’s a deep-dive into the best options available, broken down into five key categories: Best Budget, Most Portable, Best Battery Life, Best Mac, and the luxurious ‘Money is No Object’ category. 

Ready to see the best laptops for Kali Linux? Let’s dive in and start exploring!

Our Quick List

In the charts below, you will find our top five picks for bare metal installation and our top five picks for installing Kali in a VM. 

You can easily jump to that section if you’re interested in reading about a certain laptop. 

Bare Metal

Best Budget Acer Aspire 5
Most Portable Microsoft Surface Go 2
Best Battery Life HP Elite Dragonfly G3
Best Linux Pre-Installed Purism Librem 14
Money is No Object Lenovo Thinkpad X1 Carbon


Best Budget Dell Inspiron 15
Most Portable Dell XPS 13
Best Battery Life Microsoft Surface Laptop 5
Best Mac MacBook Pro 13
Money Is No Object PC MSI Raider GE78 HX
Money Is No Object Mac MacBook Pro 16

Before We Begin

Before we dive into our list, it’s important to clarify that our focus is on laptops that are good for running Kali Linux, not necessarily for intensive tasks like password cracking or home lab builds. We’ve divided our list into two sections for clarity.

Laptops that run Kali Linux on bare metal and for running Kali Linux in a Virtual Machine (VM).

If you plan to install Kali Linux either bare metal or via virtualization and will perform any type of wireless testing, we recommend purchasing a wireless adapter. We have a great post on the best wireless adapters for Kali.

Minimum and Recommended System Requirements

Kali Linux is compatible with amd64 (x86_64/64-bit) and i386 (x86/32-bit) platforms. However, we recommend utilizing the amd64 images wherever feasible. 

The hardware prerequisites for running Kali Linux are relatively low, as detailed in the following section, but remember that superior hardware will undoubtedly deliver enhanced performance. 

Kali Linux is versatile enough to run on newer devices that support UEFI and older BIOS systems.

Bare Metal

For installing Kali Linux directly on your laptop (bare metal), the minimum system requirements include the following:

20 GB of hard disk space


1 GHz processor

Keep in mind that these are merely the basic requirements. For a smoother experience, it’s recommended to have higher specifications, such as.

80 GB of hard disk space

4GB Ram or higher

2 GHz processor


If you’re planning on using VMware or Virtualbox as your hypervisor to run Kali Linux, here are the minimum requirements you need to run Kali as a virtual machine in your OS:

20 GB of hard disk space

2 GB RAM minimum 

1 GHz processor 

As above, these are the bare minimums. We recommend the following.

40 GB of hard disk space


2 GHz processor

We have two great resources available on installing Kali on either Virtualbox or VMware

Key Considerations

While Kali Linux is relatively resource-light and doesn’t require high-end specifications, you must consider other factors like build quality, battery life, weight, and portability. 

These features can significantly enhance your user experience, especially if you plan to use your laptop for extended periods or on the go.

Top Bare Metal Laptops

Top Bare Metal Laptops

We’ve carefully selected the best laptops for kali linux based on their compatibility and performance. Each is well-suited to run Kali Linux directly, ensuring an efficient and smooth Linux experience.

Here are our top 5 picks for laptops that run Kali Linux directly

Best Budget – Acer Aspire 5 Laptop 

Best Budget - Acer Aspire 5 Laptop
Processor Intel Core i5-1135G7 Processor  
GPU Intel Iris Xe Graphics
Storage 256 GB SSD
Battery Life Up to 8 Hours
Screen Size 14 in
Weight 3.28 lbs
Price $535.00
Where to Buy Amazon

Why it’s a good choice?

The Acer Aspire 5 is our top pick for a budget laptop to install Kali Linux bare metal, particularly when considering performance and cost. For its price range, this model’s i5 processor and 8GB RAM ensure a smooth and efficient operation of Kali Linux, even when executing resource-demanding tasks. 

Its speedy SSD sets the Aspire 5 apart, guaranteeing quick boot-up times and rapid application loading, significantly enhancing your overall experience when working with Kali Linux. 

Furthermore, Acer laptops, including the Aspire 5, have a solid reputation for compatibility with various Linux distributions, including Kali Linux. 

This compatibility makes the Aspire 5 an excellent choice for a bare metal installation. So, when you consider performance, compatibility, and cost, it’s easy to see why the Acer Aspire 5 is our top budget-friendly pick.

Most Portable – Microsoft Surface Go 2

Most Portable - Microsoft Surface Go 2
Processor Intel Core i5-1135G7
GPU Intel Iris Xแต‰ Graphics
Storage 256 GB SSD
Battery Life Up to 12 Hours
Screen Size 12.4 inch
Weight ‎2.48 lbs
Price $586.99
Where to Buy Amazon

Why it’s a good choice?

The Surface Go 2 is a great choice for installing Kali Linux bare metal due to its blend of performance, portability, and affordability. While not the lightest laptop on our list, it stands out as one of the most portable, with dimensions of 10.95” x 8.12” x 0.62” (WxDxH), making a great fit for on-the-go use. 

This laptop is powered by an Intel i5 processor with 8GB of Ram and a 256GB SSD, ensuring the smooth operation of Kali. The Surface Go’s battery life is a plus for when you’re running security tests, ensuring your work isn’t interrupted by a dying battery.

When installing Kali on the Surface Go, the support provided by the Linux Surface project on GitHub is invaluable. This project is a great resource to help you get up and running on the Surface Go.  

Best Battery Life –  HP Elite Dragonfly G3

Best Battery Life - HP Elite Dragonfly G3
Processor Intel Core i5-1235U processor
GPU Intel Iris Xe Graphics
Storage ‎256 GB SSD
Battery Life Up to 14 Hours
Screen Size 13.5 inches
Weight 2.40 lbs
Price $1,533.95
Where to Buy Amazon

Why it’s a good choice?

We love the HP Elite Dragonfly G3 due to its impressive battery life. With up to 14 hours of use on a single charge, this laptop can handle your long sessions of code compiling, network scanning, and penetration testing without needing to be plugged in. 

This is particularly useful for security professionals who need to work on the go or in areas with limited access to power outlets. 

The Elite Dragonfly G3’s powerful hardware, including an Intel Core i5 processor, 16GB of RAM, and a 256GB SSD, ensures that Kali Linux runs smoothly and efficiently. 

Best Linux Pre-Installed – Purism Librem 14

Best Linux Pre-Installed - Purism Librem 14
Processor Intel Core i7-10710U
GPU Intel UHD Graphics 620
Storage 2 TB 
Battery Life Up to 9 Hours
Screen Size 14 inch
Weight 3.09 lbs 
Price $1,370.00
Where to Buy Purism

Why it’s a good choice?

The Librem 14, crafted by Linux-specialized manufacturer Purism, ships with PureOS – a user-friendly, privacy-focused Linux distribution. This makes the transition to Kali Linux notably seamless. 

Beyond compatibility, the Librem 14 is committed to security and privacy. It comes with hardware kill switches for the microphone, camera, and wireless devices, providing an added layer of physical security.

The laptop’s hardware is a perfect blend of power and efficiency, with a high-performance Intel i7 processor, 64GB of RAM for multitasking, and a sturdy, lightweight design that enhances portability. 

The Librem 14 is a well-rounded choice for Kali Linux enthusiasts who value convenience, performance, and privacy.

Money Is No Object – Lenovo ThinkPad X1 Carbon Gen 11

Money Is No Object - Lenovo ThinkPad X1 Carbon Gen 11
Processor Intel Core i7-1365U
GPU Integrated Intel Iris Xe
Storage 1 TB SSD
Battery Life Up to 8 Hours
Screen Size 14 inch
Weight 2.49 lbs
Price $2,508.35
Where to Buy Lenovo

Why it’s a good choice?

Choosing the Lenovo ThinkPad X1 Carbon Gen 11 for installing Kali Linux is an excellent decision due to its outstanding performance, exceptional Linux compatibility, portability, and durability.

You can expect smooth operation with the Intel Core i7 processor, 32GB RAM, and a 1TB SSD.

Despite these robust specifications, the laptop remains lightweight and easily portable. The X1 Carbon is recognized for its sturdy construction, designed to endure daily usage, making it a reliable choice. 

While it may be pricier, the blend of these features solidly justifies the investment, providing great value for your money.

Top Hypervisor Laptops

Top Hypervisor Laptops

Transitioning from bare metal, we’ve curated a list of the best laptops for Kali Linux specifically designed to efficiently run Kali Linux on a virtual machine.

These machines stand out in their ability to handle virtualization efficiently, ensuring a smooth and seamless Kali Linux experience even in a virtual environment.

Here are our top 5 picks.

Best Budget – Dell Inspiron 15

Best Budget - Dell Inspiron 15
Processor AMD Ryzen 7 5825U 8-core
GPU AMD Radeon Graphics
Storage 512 GB SSD
Battery Life Up to 8 Hours
Screen Size 15.6 inches
Weight 3.71 lbs
Price $649.99
Where to Buy Dell

Why it’s a good choice?

If you plan to install Kali Linux in a Virtual Machine (VM) on the Inspiron 15, it’s a very good choice as a budget laptop. The AMD Ryzen 7 processor and 16GB of RAM would be capable of running both your primary OS and Kali Linux simultaneously. 

A solid-state drive (SSD) ensures quick data access, allowing your VM to run smoothly. With a 15.6″ Full HD display, you’ll have ample screen real estate to manage your VM alongside any other tasks. 

You should face minimal issues setting up your Kali Linux VM. The Inspiron 15 offers excellent value for its price, making it a smart choice for your virtualized Kali Linux environment.

Most Portable – Dell XPS 13

Most Portable - Dell XPS 13
Processor Intel® Core i7-1250U
GPU Intel Iris Xe Graphics
Storage 512 GB SSD
Battery Life Up to 12 Hours
Screen Size 13.4
Weight 2.59 lbs
Price $1,099.00
Where to Buy Dell

Why it’s a good choice?

The Dell XPS 13 Laptop is optimal for installing Kali Linux in a virtual machine, making it one of the most reliable and portable options. This laptop stands out with its robust configuration, featuring a high-speed processor and 16GB of RAM, allowing seamless VM operations. 

The high-resolution display also benefits you, providing an exceptional visual when running penetration tests. You’ll appreciate the Dell XPS 13’s impressive battery life, letting you work for extended periods without worrying about finding a power outlet.

Despite all these powerful features, the Dell XPS 13 Laptop weighs less than 3 pounds and has dimensions of 11.97″x7.88”x0.60″ (WxDxH), making it incredibly portable. 

So whether you’re at a cafe or sitting in a van on an engagement trying to hack the wifi, you can carry on your pentesting work without worry.

Best Battery Life – Microsoft Surface Laptop 5

Best Battery Life - Microsoft Surface Laptop 5
Processor Intel® Core i7-1255U
GPU Intel Iris Xe Graphics
Storage 512 GB SSD
Battery Life Up to 17 Hours
Screen Size 15 inch
Weight 3.44 lbs
Price $1,099.00
Where to Buy Microsoft and Amazon

Why it’s a good choice?

When achieving the best battery life while running Kali Linux in a VM, the Surface Laptop 5 emerges as a top choice. This laptop boasts one of the most long-lasting batteries in its category, allowing you to run Kali Linux for prolonged periods without needing a power source. 

Its powerful processor and 16GB of RAM contribute to smooth VM operations, ensuring your Kali Linux experience is seamless and energy efficient. 

Moreover, the Surface Laptop supports various virtualization technologies crucial for optimally running a VM and extending your battery life. The high-resolution PixelSense display is designed to consume less power without compromising the quality of your visual experience.

The Surface Laptop’s intelligent power management system adjusts according to your workload, maximizing your battery’s longevity. As a result, you can continue your pentesting work for extended periods, making the Surface Laptop an ideal companion for your demanding tasks.

Best Mac – MacBook Pro 13” with M2 Chip

Best Mac - MacBook Pro 13” with M2 Chip
Processor 8-core 
GPU 10-core
RAM 8 GB unified memory
Storage 256 GB SSD
Battery Life Up to 22 Hours
Screen Size 13 inch
Weight 3 lbs
Price $1,299.00
Where to Buy Apple

Why it’s a good choice?

You might be curious why we’ve selected the MacBook Pro 13-inch with the Apple M2 chip as the optimal choice for running Kali Linux in a VM, striking a balance between performance and price. The M2 chip, with its 8-core CPU and 10-core GPU, lays a strong foundation for smooth VM operations, even during high-demand tasks. 

The standard 8GB of unified memory, which can be expanded to 24GB if needed, can handle most Kali Linux applications.

From a cost perspective, this MacBook Pro 13-inch model is more affordable than its higher-end counterparts, despite providing impressive performance. 

Remember, to run Kali Linux, you’ll need VM software compatible with the M2 chip, like VMware Fusion or UTM. Please check the current compatibility of your virtualization software with the M2 chip.

Money Is No Object – MSI Raider GE78 HX (13VH-080US)

Money Is No Object - MSI Raider GE78 HX (13VH-080US)
Processor Intel Core i9-13980HX 2.2 – 5.6 GHz
Storage 2 TB SSD
Battery Life Up to 6 Hours
Screen Size 17.3 inch
Weight 6.83 lbs
Price $3,599.99
Where to Buy Amazon and MSI

Why it’s a good choice?

If budget is not an issue and you’re after a premium laptop for running Kali Linux in a VM, the MSI Raider with its Intel Core i9-13980HX processor, NVIDIA GeForce RTX 4090 GPU, and 64GB of RAM is an extraordinary choice. 

This powerhouse laptop is incredibly capable of setting up a virtual hacking lab. You can comfortably run multiple VMs simultaneously, mimicking real-world network environments to practice penetration testing and ethical hacking techniques.

The high-end GPU provides significant computational power, making it well-suited for GPU-intensive tasks like password cracking.

Money Is No Object Mac – MacBook Pro with M2 Max

Money Is No Object Mac - MacBook Pro with M2 Max
Processor 12-core
GPU 38-core
RAM 64 GB unified memory
Storage 1 TB SSD
Battery Life Up to 22 Hours
Screen Size 16.2 inch
Weight 4.70 lbs
Price $3,899.00
Where to Buy Apple

Why it’s a good choice?

If you prefer Mac’s over PC’s and money is no object for you, then we recommend the 16” MacBook Pro.

The MacBook Pro with the M2 Max chip is a monster of a machine, easily capable of running Kali Linux in a VM. The M2 chip provides you with exceptional processing power and energy efficiency. This will give you seamless multitasking and enhanced operation of your VMs.

With its 64GB RAM, you can easily run many VMs simultaneously. Creating your own hacking lab should be a breeze.

The MacBook Pro boasts high-quality displays and solid build quality, making it resilient and a joy to use. And its impressive battery life won’t leave you running for an outlet. 


Ultimately, the best laptops for Kali Linux depend on your specific needs and circumstances. From budget-friendly options to high-performance machines, there’s a laptop suited for every user. 

Considering these recommendations and your requirements, you can find a laptop that will make using Kali Linux a smooth, efficient experience. Whether you’re a penetration tester, a tech enthusiast, or a beginner, the right laptop can make all the difference in your Kali Linux journey.

You can find the perfect laptop by understanding your needs and balancing them with your budget. Whether running it on bare metal or a VM, there’s a laptop for you.

Are you ready to learn ethical hacking with Kali Linux? Check out these great courses

Frequently Asked Questions

What is the laptop requirement for Kali Linux?

The laptop requirements for Kali Linux are relatively modest. For a bare minimum setup, you’ll need a device with at least 20GB of disk space, 1GB RAM, and a 1GHz CPU. However, for a smoother experience, we recommend a laptop with at least 2GHz CPU speed, 2GB or more RAM, and 40GB of disk space.

Which CPU is best for Kali Linux?

Kali Linux can run smoothly on both Intel and AMD processors. While the specific “best” CPU may depend on your individual needs and the tasks you plan to run, a modern multi-core processor like the Intel Core i5 or AMD Ryzen 5 should provide more than enough performance for most Kali Linux tasks.

Is 16GB RAM enough for Kali Linux?

Yes, 16GB RAM is more than sufficient for Kali Linux. The minimum RAM requirement for Kali Linux is 2 GB, and the recommended is 4 GB. However, having more RAM, like 16GB, can be beneficial if you run multiple virtual machines or heavy applications simultaneously.

Does Kali Linux need a graphics card?

No, Kali Linux does not require a dedicated graphics card. Kali Linux is mainly used for penetration testing and ethical hacking, which are tasks that rely more on CPU and network performance than GPU power. However, a powerful graphics card might be beneficial if you use Kali Linux for GPU-intensive tasks like password cracking.

from StationX

Winning the Mind Game: The Role of the Ransomware Negotiator

Get exclusive insights from a real ransomware negotiator who shares authentic stories from network hostage situations and how he managed them.

The Ransomware Industry

Ransomware is an industry. As such, it has its own business logic: organizations pay money, in crypto-currency, in order to regain control over their systems and data.

This industry's landscape is made up of approximately 10-20 core threat actors who originally developed the ransomware's malware. To distribute the malware, they work with affiliates and distributors who utilize widespread phishing attacks to breach organizations. Profits are distributed with approximately 70% allocated to the affiliates and 10%-30% to these developers. The use of phishing renders online-based industries, like gaming, finance and insurance, especially vulnerable.

In addition to its financial motivations, the ransomware industry is also influenced by geo-political politics. For example, in June 2021, following the ransomware attacks on the Colonial Pipeline and JBS, the Byden administration announced that ransomware was a threat to National Security. The administration then listed critical infrastructures that were "off limits" to attackers.

Following these steps, a number of threat actors decided to change course: declaring they would not attack essential and fundamental organizations like hospitals, power plants and educational institutions. A few months later, the FBI reported they had attacked prominent ransomware group REvil:

The attack garnered a response from the Conti group, which reflected their ideological motives:

Ransomware Vaccinations

Managing a ransomware event is similar to managing a hostage situation. Therefore, to prepare for a ransomware incident, it is recommended for organizations to employ a similar crisis management structure. This structure is based on the following functions:

1. A crisis manager:

  • Coordinates the technological, business and legal tracks.
    • The technological track includes forensic, investigation, containment, remediation and recovery, as well as professional dialogue. At this stage, the organization and the incident response teams assess the scope of the event. For example, how deep the attackers are in the system, how much data was exfiltrated, etc.
    • The business track covers business continuity plans and media and PR. These are usually executed once the scope of the event is clear. It is recommended to be as transparent and accurate as possible when issuing public statements.
    • The legal track includes legal, regulatory and compliance considerations. They track what guidelines need to be complied and in which time frames. Sometimes, they will also be the crisis managers.
  • The crisis manager cannot be the decision-maker.

2. A decision making group:

  • The group or person that makes informed decisions based on the data from the crisis manager.

3. Law enforcement:

  • It is recommended to define this relationship in advance. The extent could be as minimal as just informing them and as deep as allowing them to manage the entire crisis.

4. Insurance:

According to Etay Maor, Senior Director Security Strategy at Cato Networks, "We're seeing more and more companies offering bundles of these ransomware services. However, it is recommended to separate these roles to ensure the most professional response."

The Role of the Professional Negotiator

Professional negotiation is the act of taking advantage of the professional communication with the hacker in various extortion situations. The role comprises four key elements:

1. Identifying the scope of the event - Takes place within the first 24-48 hours. Includes understanding what was compromised, how deep the attackers are in the system, whether the act is a single, double or triple ransomware, if the attack was financially motivated or if it was a political or personal attack, etc.

In 90% of cases, the attack is financially motivated. If it is politically motivated, the information may not be recovered, even after paying the ransom.

2. Profiling the threat actor - Includes understanding whether the group is known or unknown, their behavioral patterns and their organizational structure. Understanding who the attacker is influences communication.

For example, by finding out what the local time is for the attacker, the negotiator can identify where they came from. This can be used for improving negotiation terms, like leveraging public holidays to ask for a discount.

3. Assessing the "cost-of-no-deal" - Reflecting to the decision makers and the crisis managers what will happen if they don't pay the ransom.

4. Defining negotiation goals - The question is not whether to pay or not. That is a business decision. The goals of the negotiations are to negotiate for information, for time and for better terms. Sometimes, this can result in a lower payment, or even allowing the company to recover on its own.

For example, one company was able to buy 13 days through negotiations, allowing them to recover their information and relinquish paying the ransom altogether.

To Pay or Not to Pay?

Etay Maor comments, "Ransomware is not an IT issue, it's a business issue. "The decision whether to pay or not is a business decision, influenced by many factors. While the official FBI policy is not to pay, they enable companies to do so, if the CEO decides.

For example, in one case an online gaming company was losing more money than the ransom request every hour their operations were down, influencing their decision to pay the ransom as quickly as possible while minimizing negotiation time. US lawmakers have not banned ransomware payment either. This shows how complicated the issue is.

Tips for Protecting Against Ransomware Attacks

Ransomware is becoming more prominent, but organizations can protect against it. Ransomware relies on phishing attacks and unpatched services. Therefore, it is recommended that CEOs meet their IT team regularly to ensure software and infrastructure are patched and up-to-date and that all important information is backed up. This will significantly reduce the chance of ransomware being able to exploit vulnerabilities and penetrate systems.

To learn more about ransomware attacks and how they are managed in real-time, watch the entire masterclass here.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.

from The Hacker News

LogRhythm Holds its First UK Cybersecurity Summit to Share Expertise and Insights About Elevating Cybersecurity Efficiency

Register now for the inaugural event to maximize the efficiency of your security operations and combat the ever-growing threat landscape 


London, UK, 6 June 2023 — LogRhythm, the company helping security teams stop breaches by turning disconnected data and signals into trustworthy insights, is holding its first cybersecurity summit in the UK, SecureRhythm. The summit will bring together organizations across all industries to elevate their knowledge of the cybersecurity landscape and enhance Security Operations Centre (SOC) efficiency with confidence. SecureRhythm will take place on 29th June 2023, at Tobacco Dock, London. 

SecureRhythm attendees gain access to best practices, connections to technical LogRhythm experts, and engage in interactive peer-to-peer learning. They ultimately gain comprehensive knowledge to achieve the optimal level of effectiveness and performance within their SOC.  

 “As cyberthreats continue to outnumber the skilled professionals qualified to combat them, it’s time to take action. Efficiency is a crucial part of defending against advanced threats and SecureRhythm is all about helping overburdened security teams to achieve the best outcomes,” said Andrew Hollister, Chief Information Security Officer (CISO) at LogRhythm. 

“The value in coming together to overcome these challenges has never been greater. I am looking forward to sharing my insights at the summit and helping more organizations to safely secure their network against digital weaponization.” 

The event will be attended by other LogRhythm high-level executives including VP of Product, Jonathan Zulberg, VP Sales UK & Europe. Also joining them will be industry speaker and author Geoff White who will be talking for LogRhythm during keynote sessions. His work has been featured by the BBC, Sky News and the Sunday Times. Other speakers include: 

  • Cloud-Native Security – Introducing LogRhythm Axon 
  • Cybersecurity Landscape – A Day in the Life of a Security Analyst 
  • LogRhythm Platform – Ready to Defend 
  • Ensuring the Best of Your Security Platform Investment

“We are always looking to help businesses bolster their defenses against malicious attacks. SecureRhythm provides a collaborative experience where organizations can come together with industry peers and LogRhythm’s team of experts to strengthen their security operations,” said Hollister. “Together, we will explore current security trends and learn best practices to detect and neutralize threats.” 

LogRhythm strives to empower busy and lean security teams to proactively detect threats, effectively investigate incidents and keep their organizations safe, day after day. For more information and to register for SecureRhythm, please visit  


About LogRhythm 

LogRhythm helps security teams stop breaches by turning disconnected data and signals into trustworthy insights. From connecting the dots across diverse log and threat intelligence sources to using sophisticated machine learning that spots suspicious anomalies in network traffic and user behavior, LogRhythm accurately pinpoints cyberthreats and empowers professionals to respond with speed and efficiency. 

 With cloud-native and self-hosted deployment flexibility, out-of-the-box integrations, and advisory services, LogRhythm makes it easy to realize value quickly and adapt to an ever-evolving threat landscape. Together, LogRhythm and our customers confidently monitor, detect, investigate, and respond to cyberattacks. Learn more at 




The post LogRhythm Holds its First UK Cybersecurity Summit to Share Expertise and Insights About Elevating Cybersecurity Efficiency appeared first on LogRhythm.

from LogRhythm

Elevate Your SOC Efficiency: 3 Reasons to Attend SecureRhythm Summit

Cyber efficiency has never been more important for security teams. The cyberthreat landscape is growing rapidly, with approximately 2.39 million instances of cybercrime occurring in the last 12 months in UK businesses alone. 

As part of our commitment to empowering security teams to fight threats with confidence, we are hosting our first-ever UK cybersecurity summit, SecureRhythm on the 29th June, at Tobacco Dock, London.  

The summit will explore the theme of “Elevating your SOC efficiency”. While defending against threats requires the latest technology solutions, operational efficiency is the key to an organization’s security success. 

Our experts will be diving into the biggest modern cybersecurity challenges and how your organization can overcome these, even when faced with limited budgets and resources. 


Why Attend? 

Organizations of all sizes are turning towards digitalization, and it has never been more crucial to defend against cyber threats. Yet, the current growing cyber skills gap is making it harder for security teams to stay ahead.  

The SecureRhythm schedule is packed with motivating discussions and insightful thought leadership from the LogRhythm team. Attendees will gain access to best practices, have the chance to create connections with technical LogRhythm experts and engage in interactive peer-to-peer learning.  

Here are 3 reasons why you should attend: 

  1. Discover Security Trends and Best Practices The security landscape is constantly changing and growing to keep up with companies moving their systems online. Building a cybersecurity strategy can be costly and our goal is to make sure organizations aren’t left behind. During SecureRhythm, we will be sharing the latest trends, so you can build a truly effective security operations center (SOC) that aligns with modern security needs. Summit attendees will learn best practices to invest budgets in the right places and know exactly how to face threats from any angle. 
  2. Gain New Skills and Participate in Interactive Sessions – One of the biggest challenges facing companies today is the cybersecurity skills gap. Cyberthreats are outnumbering the professionals with the skills to combat them. To efficiently tackle the multitude of threats present, it is important that employees have the skills to detect and prevent them. Attendees will gain the necessary skills to boost SOC efficiency through interactive sessions with peers. You will bring key insights back to your organization and have fun along the way. 
  3.  Learn from LogRhythm and Industry Experts SecureRhythm provides an opportunity to discover the latest LogRhythm capabilities and solutions designed to strengthen your security operations. With LogRhythm’s dedicated practitioners and experts, attendees will be in the right hands to learn how to protect their companies.  Our experts know exactly how to build and elevate SOCs to run as efficiently as possible. They will be leading sessions on topics such as Cloud-Native Security, The Cybersecurity Landscape, and Ensuring the Best of Your Investment. 

Speakers at the event will include LogRhythm’s own:

Also joining them will be industry speaker and author Geoff White who will be talking for LogRhythm during keynote sessions. His work has been featured by the BBC, Sky News and the Sunday Times. In addition, SecureRhythm offers a unique opportunity to network with industry peers. Attendees can build new relationships with like-minded security professionals while expanding their cybersecurity knowledge.

Save Your Spot Today 

At LogRhythm we are dedicated to enabling security teams to protect critical data and infrastructure from emerging cybersecurity threats. Our SecureRhythm summit is the perfect place to gain knowledge and skills to drive efficiency, navigate the ever-changing threat landscape, and secure your environment with ease.  

For more information and to register for SecureRhythm, please visit 

We hope to see you there! 


The post Elevate Your SOC Efficiency: 3 Reasons to Attend SecureRhythm Summit appeared first on LogRhythm.

from LogRhythm