Mastering the implementation of a Threat Pattern

In previous posts we have discussed two of the most critical phases in the “The Lifecycle of a Threat Pattern”: analysis and design. In the analysis phase the objective is to fully understand the asset in scope by getting deeper into the context to formulate a set of residual risks to which the asset might be…

Multi-layered Analysis of a Threat Pattern

If you do not fully know the asset, how can you protect it? This is the first challenge security practitioners face during any activity, whether it is a penetration test, code review, risk assessment, or design of a threat pattern. In a previous post, author Davide Veneziano provided an overview of the building-block required to design a consistent…

Context in Risk-Based Threat Patterns

Risks come from various sources that are not always possible to identify and subsequently prevent and mitigate in advance. With the growth in cloud, social, mobile and “bring your own device” computing, the size of the attack surface is greater than ever. Many attack scenarios are possible mainly due the complexity of the network’s topology and…

Measure your Readiness – Threat Intelligence Program

In the first part of this series we talked about the journey to undertake building a security monitoring and incident response program based on five dimensions: analytics, governance, measurement, operational and organizational. The third main program, also considered a primary capability of an effective Security Operations Center, is the development of tactical, operational and strategic…

Measure your Readiness – Security Monitoring Program

In the previous post of this series “Measure your Readiness”, I depicted a framework to assess, shape and accelerate a Threat-Driven Incident Response program useful for all kind of organizations to enhance their response capabilities and be ready to deal with unforeseen incidents. The second post in the series aims to look at the “security…

Measure your Readiness – Incident Response Program

In today’s threat landscape it is a challenge to prevent the entire spectrum of attack vectors from impacting an organization. This is especially true with the increased adoption of new disruptive technologies and services such as cloud computing, mobility, BYOD and an increase in collaboration with third-parties who have access to the corporate’s network. On…

First principles of a Cyber Threat Intelligence Program

Recently, as part of the scope in establishing a Security Operation Center for a European telecommunications company, I have been asked to develop a cyber threat intelligence (CTI) program. The goal is to better understand the motives, capabilities and objectives of threat actors that might seek to target the organization so that adequate countermeasures could…

The Genesis of an Asset

When we look back at data breaches that have plagued most industries over the past few years we see that the adversaries, threat actors or cyber criminals are able to capitalize on weaknesses and flaws in computing by exploiting design and implementation flaws within technologies. Many organizations respond on a whim to mitigate these challenges…

Observe what Matters

Recently, I spoke at the RSA EMEA Advanced Cyber Defense Summit in Rome where I gave a presentation on Cyber Threat Intelligence (CTI) and Incident Response (IR). It was a great event, well attended by over 300 security professionals who brought a lot of interest,  positive energy and meaningful discussion. Last year brought forth a…

There is nothing like first-hand evidence

It’s a matter of fact that when a security incident occurs, it creates artifacts and traces either in a system or network. (Locard’s Exchange Principle). The exponential growth of end-user devices and the Internet of Things has led to an unprecedented expansion of the attack surface available. As result, security incidents have moved well beyond…