Threat Intelligence means a lot different things to a lot of different people, but for most vendors it means curated IOC lists. I have a serious problem with this approach. We can do better.The objective of a threat Intelligence program should be to...
Below is a framework that I have found exceptional powerful for getting my teams focused on making decisions and taking action when a security alert fires. The core ethos is “Take Action and Protect” and to do that you need a process that:* improves...
Feature, Bug, or IOC — Investigating Chrome’s DNS AssistDuring a Threat Hunting exercise my team and I were looking over HTTP logs in the SIEM in order to see if there was any beaconing or other strange network behavior… and we found some. What we fo...
Executive Briefing — The Future of the Incident Response MarketPhoto by Jake Espedido on UnsplashExecutive Briefing — The Future of the Incident Response MarketIn the wake of the volume, frequency, and impact of high-profile security breaches, the em...
Paying The Ransom Is Not The Plan — The True Cost of CompromiseRansomware has become the top cause for cyber insurance claims over the past few years as more and more organizations have been targeted by ransomware attacks. While the number of attacke...
