Automate Detection and Detect Early with Leading Indicators

The ultimate goal of any security monitoring program or Security Operations Center (SOC) team is to automate threat detection, to detect earlier in the attack lifecycle and to stop the threat actors from achieving their desired objectives of disrupting their business or stealing their IP or money. “Automating Threat Detection”, sounds simple enough, but how…

First principles of a Cyber Threat Intelligence Program

Recently, as part of the scope in establishing a Security Operation Center for a European telecommunications company, I have been asked to develop a cyber threat intelligence (CTI) program. The goal is to better understand the motives, capabilities and objectives of threat actors that might seek to target the organization so that adequate countermeasures could…

Who to Trust? Effectively Assessing Third-Party and Vendor Risk

In many organizations, cybersecurity is maturing from a purely technical discipline into a component of enterprise risk. That means companies should assess infosec risks against the same broad framework used for other enterprise risks. This is a great development. But there’s a catch. Just because businesses need to assess all risks against a common framework…

E5 – The Flies and the Hornet – Holes in the Screen Door

The Hunter sat in the shadows cast by the immense castle tower. Beneath his right hand purred his intrepid companion, The Cat. Together they languished in the relatively coolness of the shade waiting patiently. Their position gave them an excellent view of the gate leading into the inner realm of the castle. Staring across the…

Cybersecurity Insurance Companies Look to Raise the Bar in 2016

Cybersecurity insurance is a direct product of a growing dependence on digital data. Enterprises are investing more in their data gathering and analytics to drive competitive advantage, so it’s only logical that cybersecurity would be a top priority for IT-driven organizations. However, those who insure cybersecurity are not convinced enterprises are doing enough to protect…

Compensating for Control Issues

Whoa wait a minute…is this a psychology lesson? Well if so hopefully it’s no less comfortable than your favorite chair! Last week we kicked off a new blog series on Issues Management. Read Steve’s initial volley here which neatly frames up the problem of the “Issues Pit”. This week we’ll discuss the process of compensating for control…

Behavior Analytics: The Key to Rapid Detection and Response?

The use of detective analytics is now a central piece of security architectures, as security professionals are increasingly encountering a needle-in-a-haystack problem.  Security tools – especially rule based ones – as well as systems, applications, and infrastructure, create so much data that it’s tough to uncover the signal of a real attack. Analytic tools help…

Part 3: Fundamentals of the Game – People, Process and Technology Alignment

The first post in the Fundamentals of the Game series listed a set of skills that characterize successful SOCs, just like the excellence in offensive and defensive fundamental skills characterizes the greatest players in basketball or any other sport. The second article provided details on one of these fundamental skills (established alignment between SOC and business…

Threat Intelligence Cooperation: Creating Shared Value

The principle of synergy, or the whole being greater than the sum of its parts, dates back to Aristotle and has been reincarnated numerous times throughout history. One of its most famous iterations was recently articulated in a 2006 Harvard Business Review article by business scholar and executive Michael E. Porter as “creating shared value.”…

E4 – Storms on the Horizon – Technical Dialogue

On the surface, the Kingdom appears generally calm and safe in Episode #4 of Defend the Kingdom “Storms on the Horizon”.  The massive siege from Episode #3 “Hordes at the Gate” has been survived, the alliance with the new trade partner is showing real promise and the Hunter is focused on the mundane task of…