Attacking a POS Supply Chain: Part 1

Among FirstWatch’s regular threat seeking tasks is hunting for incidents of specific targeting. Recently, we came across an email exploit attempt, aimed at a European Point of Sales (POS) vendor.  In this post we will show links to a recently publicized PoS malware campaign, and describe possible threat motivations behind this or other POS vendor…

Using Transaction Monitoring to Combat Fraud

Fraud impacts organizations in a wide range of ways, from financial and operational losses to damaged reputations and loss of customer goodwill. Fraud—as well as erroneous acts such as accidental double invoicing—can be perpetrated from within an organization or by an external constituent, such as a business partner. Given the negative and sometimes far-reaching consequences,…

Threat Intelligence Helps You Understand the Big Picture

There is a fundamental flaw with the established model of network and computer security: It’s reactive. Employing threat intelligence to assess and analyze suspicious activity can help you understand the big picture and take action proactively to stay a step ahead of attackers. Imagine if all security worked reactively. How effective would it be if…

The Evolution is Here: Moving Beyond Log Centric SIEM

Evolution is a powerful thing. Change in our external surroundings affects our genetic makeup over time. Humans have adapted over millions of years by dropping our tails, standing upright and acquiring language. Nature’s way of making sure only the strongest traits, functions and cells survive dictate how we interact and sustain ourselves every single day.…

RSA SecurID Customers Take Note: RSA Via Access is for You, Too!

Today, RSA announced a milestone – the upcoming 2015 release of RSA Via that includes RSA Via Access  – a new hosted cloud-based authentication service for single sign-on to SaaS and on-premise web applications. This news not only is exciting, it’s game-changing. And it demonstrates that RSA is meeting customer needs for a unified approach to…

Cybercrime 2015: An Inside Look at the Changing Threat Landscape

RSA Research has recently published a research paper on expected trends in Cybercrime in 2015. The paper is based on RSA’s insight into cybercriminal activity, recovery of over a million actionable findings in 2014 and analysis of around 400,000 unique malware variants each week. Among the findings – cybercrime-as-a-service offerings will continue to both proliferate…

Fear Nothing: The Gamers Approach To Building a SOC

“You say the hill’s too steep to climb. Chiding! You say you’d like to see me try, Climbing! You pick the place and I’ll choose the time. And I’ll climb the hill in my own way” – from Fearless by Pink Floyd   Cliché alert! There is no silver bullet for security (I warned you).…

RSA Conference: Born as an APT, Dies as our IOC

During the RSA Conference the RSA IR Team will discuss several arguments. Mine is “Born as an APT, Dies as our IOC” and will talk about the selection of “actionable IOCs” through the adoption of a specific IR methodology that speed up the IR investigation and triage processes: APT actors present a growing threat in…

Snow Blind: Visibility in the Whitespace

Boston is just beginning to recover from the snowiest winter on record.  The snowman my son and I made in December was completely covered by the second blizzard in January.  Just last weekend we found his hat, scarf, nose (carrot) and buttons (pebbles) all piled on the front yard.  The poor guy had a hard…

Managing Risk by Prioritizing Assets

The ability to correlate the severity of a threat and its business impact is essential for effective security. Prioritizing assets according to their criticality is key to determining where to take action first. Every organization today has IT assets that need to be protected, and a large enterprise might have thousands of assets. But not…