incident response

5 Must-Read Articles on Advanced Detection and Incident Response Speed

In his 2016 RSA Conference keynote, RSA President Amit Yoran explained that modern security is moving away from the traditional focus on prevention toward a mindset that includes monitoring and response as key security components. In particular, Yoran stressed that accelerating incident response speed is crucial for overcoming current known security threats and future attacks.…

Incident Response Roundup: 5 Facets of Top Performers

An Aberdeen Group analysis of current enterprise practices for managing privileged access provides a powerful illustration of how better visibility and operational forensics can not only help with more effective incident response (IR), but also point the way to high-impact improvements in specific security practices and technical controls. The Importance of Qualitative, Risk-Based Analysis In…

Improving Your Incident Detection & Response Maturity

Just having come back from the most recent RSA Conference in San Francisco, I think I can say with confidence that the security industry has moved beyond, at least at the level of strategic planning, security strategies which are purely based on prevention. Security professionals generally agree that what is needed is a better balance…

The Importance of Context in an Incident Response Plan

Effective incident response is essential to minimizing the impact of a security incident and allowing the organization to return to normal operations as soon as possible. To this end, an incident response plan will ensure actions can be taken in a coordinated, controlled manner. However, a one-size-fits-all incident response plan is unlikely to be effective.…

Threat Detection Techniques – ATM Malware

There once was a time when stealing money from a bank ATM required actual physical manipulation of the terminal itself.  Many criminal schemes have been repeated throughout the years, ranging from physical destruction of the terminal (ramming it with a vehicle) to the use of ‘skimmers’ to steal customer credentials.  Successful ATM capers were not…

Measure your Readiness – Incident Response Program

In today’s threat landscape it is a challenge to prevent the entire spectrum of attack vectors from impacting an organization. This is especially true with the increased adoption of new disruptive technologies and services such as cloud computing, mobility, BYOD and an increase in collaboration with third-parties who have access to the corporate’s network. On…

Operationalizing Monitoring and Response

There are constant attacks against every network, and security practitioners need to be prepared to defend their organization’s assets. However, while many organizations have technology to detect at least some of these threats, they do not have the resources to effectively follow up or act on what they may find. Over the past few years,…

E5 – The Flies and the Hornet – The Hornet’s Sting

The Ghost waited patiently on a hill overlooking the castle and contemplated his last few days.  His journey from the Frontier had been eventful.  Hiding from shadow to shadow, he had traversed the miles with deliberation and an overabundance of caution from his first entry into the Kingdom.  Abandoned hunting shacks, ancient caves, run down…

Improving Speed of Investigation with Automation and Enrichment

It is important for security analysts to have all the details of the incident when investigating. By having the details, a security analyst can improve the speed of investigation but most importantly the investigation is effective to put in place a response plan. How can the security analyst get these details?  The first step is…

E5 – The Flies and the Hornet – Swatting Flies

“How’s it coming?”  Marty entered Erin’s office unannounced.  They had spent so much time shuttling back and forth between his desk and her office that they dropped all formalities and decorum. Erin looked up from her screen.  “Swatting flies,” she said wearily. ‘Swatting flies’ had become their slogan as they tracked down compromised accounts and…