Reverse engineering & forensics for incident response

Responder Pro

Behavior-based malware detection and analysis

Active Defense

Endpoint Detection & Response for the enterprise

Sentinel
Ponemon Nation State Attacks Report CTA
Blue Coat Joint Solution

Don’t “Piece” Together your Cybersecurity Solution

Posted by Phil March    Dec 28, 2015 7:00:00 AM

These days it appears the concept of a single point solution that protects your endpoints and your network is a dead dream. AV software is being replaced by more complex detection software, while whitelists and IOCs only do a fraction of the work. Keeping the bad stuff out at the perimeter has been replaced by the concept of quickly detecting and responding. 

Read More

Topics: EDR

Active Defense: Hash Sets

Posted by Michael Wood    Dec 22, 2015 11:27:35 AM

We know that SOC/IR teams suffer from alert overload on a daily basis.  Too many tools resulting in too much data being passed to the teams.  In reviewing those alerts, these folks need to review tons of data to confirm or disprove the alert validity.  SOC and IR pros look for ways to limit the data that they have to review.

Read More

Topics: Next-gen endpoint security, Hash Sets, Active Defense

Why Protection Alone Won’t Work Today

Posted by Rajendra Dodhiawala    Dec 14, 2015 9:00:00 AM

Much like the paperless office, which we talked about for years but then just seemed to happen one fine day, our recent chant that antivirus is dead will also just seem to happen one fine day. But we are not quite there yet. Reason: we are looking for the next generation endpoint protection technology to replace the once trusty AV but comprehensive protection is a long, long ways away.

Read More

Topics: cybersecurity, Next-gen endpoint security

Holiday Phishing

Posted by Michael Vien    Dec 7, 2015 7:01:10 PM

The North Pole has announced a breach exposing billions of children’s information from both past and present. Most importantly the naughty list was also exposed and may be for sale on the Dark Web.

Obviously, this is just a joke but it seems as if we hear of a new breach every week. Last week's Vtech breach using wireless toys as the vector is just one sad example. The holiday season is the time of the year when we think of family and a time to be generous and kind to others. Unfortunately, not everyone thinks this way. There are those for whom this is the most profitable time of year, and I am not just talking about the retailers on Black Friday. The cyber-criminals of the world are lurking and trying to take advantage of the good will and deal seekers during this season.

Read More

Topics: Cyber Security, Email Security, Email Phishing

A Case for Security Prioritization in Retail

Posted by Tom Bain    Nov 20, 2015 4:54:41 PM


I was shoppping with my daughter the other night for indoor soccer socks at a major sporting goods retailer here in Massachusetts. As we rolled up to the register with bright pink and purple options, I noticed something at checkout - the retailer was not ready for chip and pin credit cards. 

As I swiped my chip and pin credit card, I got to thinking...there are cyber risks everywhere, during every transaction, before and after every transaction, at any store, any company, coffee shop, airplane, airport, organization you visit...but back to the example here. 

Read More

Topics: Cyber Security, APT, CounterTack, Breaches, Breach, retail data breach, data breach, EDR, chip and pin, retail security

The Students Have Become the Masters

Posted by Nate Buell    Nov 9, 2015 11:30:00 AM

Computer hacking has long been considered a young person’s game.  Since the first hackers really got started in the early 1980’s, the vision most people have in their head is a guy in his parent’s dingy basement, wearing some type of Marvel Super Hero tee shirt, surrounded by monitors and video game systems. 

There is no doubt that this particular stereotype exists for a reason.  On numerous occasions, attacks have been conducted by basement those dwellers.  Movies like “War Games” and “Hackers” perpetuated the teen hacker mantra, possibly even inspiring the next-generation of cyber attackers as computers and the internet began to hit its stride for personal and corporate use throughout the world.  With so many different avenues to take now between social media, smart phones and susceptible corporations, teenage cyber criminals are thriving. 

Read More

Topics: data breach, talktalk, hackers, teen hackers

Data Quality in Incident Response

Posted by Phil March    Nov 2, 2015 5:59:05 PM

One of the key elements contributing to the success of IR operation is the quality of data IR team has access to. It is of no surprise that organizations today already collect vast amounts of data. However, a high quantity does not always ensure success.  In fact, sometimes the quality of the information is inversely proportional to the raw quantity of the data. 

Just like the journalist chasing a news story, the IR analyst has to be able to answer the essential questions of “Who, What, When, Where, How and Why”. With the endpoint being the primary field of battle operation today, an organization that has prepared itself for a response to an attack should be able to help Incident Responders answer those essential questions.

Read More

Topics: data breach, endpoint security solutions, Incident Response

The Tall Tale of Endpoint Security: How Do We get from Nice-to-Have to Need-to-Have

Posted by Tom Bain    Jun 11, 2015 3:01:00 PM

After spending two days at the Gartner Security & Risk Summit in DC this week, a few very interesting topics stood out. (I’ll post more on specific talks from the events later)

First, as if RSA and InfoSec Europe weren’t enough to prove this, its clear that easily 50% of cybersecurity vendors are starting to tell an endpoint story - whether they can actually collect valuable, actionable system-level data or not – they are saying they can.

Read More

Topics: endpoint security, Gartner Security and Risk Management Summit 2015, threat detection and response

Attacker Lateral Movement: Visualize Infiltration and Treat as Behaviors

Posted by Nenad Kreculj    Jun 8, 2015 4:45:54 PM

In the game of whack-a-mole, the player’s objective is to hit a target that keeps popping up in different places. It’s a fun game that exercises one’s reflexes and motor skills.

Unfortunately, similar games are played every day in security operation centers across many organizations, irrespective of their size (which is not fun). What makes it hard for the incident responders is the movement of the adversary – hopping from one endpoint to another, from one workstation to another. This is called lateral movement. There are many reasons why attackers move laterally – they do so to establish another persistence point in the network (the so-called “beachhead”), to steal data from a server, and sometimes to prepare the workstation for the next phase of attack (network enumeration or credentials stealing, for example).

Read More

Topics: endpoint security, endpoint security solutions

Five Hard Truths About Critical Infrastructure Protection: Truth 5

Posted by Tom Bain    Jun 1, 2015 10:13:00 AM

In last week’s blog, we walked through the various reasons why it’s important for critical infrastructure providers to develop and implement cybersecurity countermeasures tailored to the specific needs of physical and digital infrastructure. 

Truth #5: Most critical infrastructure providers lack the tools, skills and mindset to deal with cyberattacks and APTs 

Read More

Topics: Critical Infrastructure

Blog covers topics related to detecting and monitoring in-progress cyber attacks for IT security operations teams.

Subscribe to Email Updates

2014 Gartner Cool Vendor Report

Ponemon Nation State Attacks Report CTA

Posts by Topic

see all