Building a Lean Forward Approach to Offense as a Defense

Last weekend information security professionals from around the globe gathered in a conference forum for the 2013 Suits and Spooks Conference in Washington, DC. The focus was on offense as a defensive tactic, often referred to as “active defense”. I was both an attendee and a speaker / panel moderator at the conference. The event was awesome. It featured collaboration and intellectually driven discourse on matters of extreme importance to our industry. Heated discussions seemed to be taking place everywhere –hallways, foyers and of course in the session rooms.

Applying Security Intelligence to Your Enterprise Threat Mitigation Program – Introduction

Intelligence is no longer solely relegated to the world of the clandestine. It is no longer the exclusive domain of roguish characters featured in heart pounding novels nor is it the sole dominion of the prototypical ‘geek’ pounding away on a keyboard at a secret government facility (or van) near you. No. Threat Intelligence is part of our lives and we experience it daily at work, at home and on the go. This is true for you and me and for enterprise organizations.

James Bond… Scrambled not Stirred

One of the most exciting players in the movie is Javier Bardem, the quintessential “bad guy” in a Bond movie. Bardem is especially creepy, and he is particularly talented at cyber warfare. In one scene, Q and the rest of MI6 are attempting to crack an algorithm of Bardem’s. Usually this would be seen as a relatively easy task for the gifted Q, but he keeps encountering a problem: every time he tries to break it, it changes. It morphs into something new.

Keep Calm, Analyze On: The Role of the Analyst in Detecting and Monitoring for Advanced Attacks

I was quoted recently in a piece that was featured in Dark Reading that discussed the idea of monitoring environments to detect persistent adversaries. It was a solid article and I stand behind my contribution especially my comments on the importance that the analyst (not the tools they have or are using – though those are important in their own right) plays in the full lifecycle of triaging these types of threats.

Understanding Indicators of Compromise (IOC) Part III

The IODEF is a standing IETF RFC that is designed to address and define a data representation that provides a framework for sharing information commonly exchanged by Computer Security Incident Response Teams (CSIRTs) about computer security incidents. The basic premise is that organizations need help from third parties to mitigate malicious or nefarious activity targeting their hosts and networks. They need to gain additional (presumably absent) insight into these new and exotic threats. The coordination element of this communication seems to be less obvious and natural than one might think hence, the need for a standards-driven framework for coordinating this process.

Intense Defense: Building a Robust Active Defense Ethos

War and Peace One of my favorite Latin sayings was one that was considered common during the height of the Roman Empire.   In pace, ut sapiens, aptarit idonea bello or for those of you who do not speak Latin: In peace, like a wise man, he appropriately prepares for war.  Many information security professionals laugh…

Stalking the Kill Chain: Tying it All Together

Historically, security technologies tend to be focused in a single place, or at most, two places on the kill chain, but lack the entire context behind an event that a complete analysis system imparts. When using the phrase “stalking the kill chain”, we are focusing on the ability to use a structured approach to watching the network with the idea of identifying kill chain events in progress, across the entire kill chain.

Dark Side of Shamoon

Recently, there has been some media noise generated by a new malware reportedly attacking targets in the Middle East such as Saudi Aramco. But what exactly does this attack look like once the malware compromised the system? Check out our visual examples of Shamoon, including a video showing its destructive payload in action.