endpoint security: amplified

Final-Connect-Image.jpg

Data Quality in Incident Response

One of the key elements contributing to the success of IR operation is the quality of data IR team has access to. It is of no surprise that organizations today already collect vast amounts of data. However, a high quantity does not always ensure success.  In fact, sometimes the quality of the information is inversely proportional to the raw quantity of the data. 

Just like the journalist chasing a news story, the IR analyst has to be able to answer the essential questions of “Who, What, When, Where, How and Why”. With the endpoint being the primary field of battle operation today, an organization that has prepared itself for a response to an attack should be able to help Incident Responders answer those essential questions.

Read More

Topics: data breach, endpoint security solutions, Incident Response

Attacker Lateral Movement: Visualize Infiltration and Treat as Behaviors

In the game of whack-a-mole, the player’s objective is to hit a target that keeps popping up in different places. It’s a fun game that exercises one’s reflexes and motor skills.

Unfortunately, similar games are played every day in security operation centers across many organizations, irrespective of their size (which is not fun). What makes it hard for the incident responders is the movement of the adversary – hopping from one endpoint to another, from one workstation to another. This is called lateral movement. There are many reasons why attackers move laterally – they do so to establish another persistence point in the network (the so-called “beachhead”), to steal data from a server, and sometimes to prepare the workstation for the next phase of attack (network enumeration or credentials stealing, for example).

Read More

Topics: endpoint security, endpoint security solutions

Subscribe to Email Updates

Recent Posts

Posts by Topic

see all