advanced threats

E5 – The Flies and the Hornet – Swatting Flies

“How’s it coming?”  Marty entered Erin’s office unannounced.  They had spent so much time shuttling back and forth between his desk and her office that they dropped all formalities and decorum. Erin looked up from her screen.  “Swatting flies,” she said wearily. ‘Swatting flies’ had become their slogan as they tracked down compromised accounts and…

E5 – The Flies and the Hornet – Insect Bites

A cool breeze whisked through the window causing the scrolls on the Wizard’s desk to rattle and tremor.  The wise man shifted a large scroll to weigh down some loose papers.  He reallocated a heavy paper weight to secure some more papers.  The weather had turned cold but the Wizard enjoyed the brisk air flowing…

E5 – The Flies and the Hornet – Holes in the Screen Door

The Hunter sat in the shadows cast by the immense castle tower. Beneath his right hand purred his intrepid companion, The Cat. Together they languished in the relatively coolness of the shade waiting patiently. Their position gave them an excellent view of the gate leading into the inner realm of the castle. Staring across the…

E4 – Storms on the Horizon – Technical Dialogue

On the surface, the Kingdom appears generally calm and safe in Episode #4 of Defend the Kingdom “Storms on the Horizon”.  The massive siege from Episode #3 “Hordes at the Gate” has been survived, the alliance with the new trade partner is showing real promise and the Hunter is focused on the mundane task of…

E4 – Storms on the Horizon – Gathering Forces

Marty was getting use to his spot in the executive conference room.   He awaited the arrival of the host of the meeting – Howard Mentinger, the Chief Risk Officer of MagnaCorp.  The CRO had been with the company for many years and had held multiple roles in the business.  His analytical mind reduced business problems…

E4 – Storms on the Horizon – The Weather Turns Cold

Marty went through packet captures once more to make sure he wasn’t missing anything important.  He had pulled traffic logs and netflow data for the last few weeks specifically looking for anomalous activity.  His sixth sense was piqued by the vNextGen’s security team mentioning increased commotion on their network.  As he drilled deeper into the…

Cascading Risk: Lloyd’s “Blackout Report”

(image from Lloyd’s “Business Blackout” report) In early July, Lloyds published “Business Blackout: The insurance implications of an cyber attack on the US power grid,” a study of the financial impact of a hypothetical electric grid failure scenario in the US. Developed jointly with the University of Cambridge Center for Risk Studies, it is an…

Fear Nothing: The Gamers Approach To Building a SOC

“You say the hill’s too steep to climb. Chiding! You say you’d like to see me try, Climbing! You pick the place and I’ll choose the time. And I’ll climb the hill in my own way” – from Fearless by Pink Floyd   Cliché alert! There is no silver bullet for security (I warned you).…

Teaching Analysts to Fish; How to Become Better at Detection and Response – RSAC 2015

Daily the media replays stories of yet another company that is the victim of an intrusion or breach. With all this attention, and sometimes hyperbole, are we as practitioners improving at detecting malicious activity inside our networks? Regardless of the size of your company and its vertical or horizontal markets, your network may become the…

The Kitchen Sink-Big Data Security Analytics

On a recent visit to a number of companies with an increasing focus on IT security, a sense of common frustration was beginning to develop.  The levels and number of security issues were a concern, and keeping ahead of the security risks has a lot of CIOs scrambling to show they are on top of…