incident response

Improving Speed of Investigation with Automation and Enrichment

It is important for security analysts to have all the details of the incident when investigating. By having the details, a security analyst can improve the speed of investigation but most importantly the investigation is effective to put in place a response plan. How can the security analyst get these details?  The first step is…

E5 – The Flies and the Hornet – Swatting Flies

“How’s it coming?”  Marty entered Erin’s office unannounced.  They had spent so much time shuttling back and forth between his desk and her office that they dropped all formalities and decorum. Erin looked up from her screen.  “Swatting flies,” she said wearily. ‘Swatting flies’ had become their slogan as they tracked down compromised accounts and…

E5 – The Flies and the Hornet – Insect Bites

A cool breeze whisked through the window causing the scrolls on the Wizard’s desk to rattle and tremor.  The wise man shifted a large scroll to weigh down some loose papers.  He reallocated a heavy paper weight to secure some more papers.  The weather had turned cold but the Wizard enjoyed the brisk air flowing…

E5 – The Flies and the Hornet – Holes in the Screen Door

The Hunter sat in the shadows cast by the immense castle tower. Beneath his right hand purred his intrepid companion, The Cat. Together they languished in the relatively coolness of the shade waiting patiently. Their position gave them an excellent view of the gate leading into the inner realm of the castle. Staring across the…

Incident Response: Implement a Communications Plan

We all know what it’s like to uncover the first signs of a security incident: the huddled conference to confirm a plan of action, the sigh of relief when it appears the hack hasn’t reached vital systems, and then the sinking feeling in the pit of your stomach when you realize it has. Most mature…

How to Improve the Effectiveness of Incident Response

According to the SANS Institute, although 21 percent of respondents to a recent survey were unable to determine whether they had suffered a security incident in the past two years, 61 percent could confirm they had been a victim of a breach, unauthorized access, denial-of-service attack, or malware infection. Efficient incident response is vital when…

David vs. Goliath

Yes. Yes. You are very good at what you do (even the best!). You have skills, techniques, speed and strength. But is that enough? Just being the best at what you do doesn’t mean you will win against any opponent. Have you ever thought what will happen to a boxer entering the Octagon with an MMA fighter? If…

What Would You Call the Market for Today’s Threat Detection and Response Solutions?

What would you call the market for security monitoring solutions that help organizations better detect investigate, and respond to advanced security threats? Five or ten years ago you could certainly be excused if you referred to this market as “SIEM”.  However, today what the right answer is is not clear, other than it certainly isn’t…

Hunting for Sharks’ Teeth (and Other IOCs)

Sometimes new lessons about our information security world can arrive from unexpected places. A couple of weeks ago, following the remarkable twenty-fifth (!) iteration of RSA’s TechFest technical training week for RSA presales staff & partners, I took a few extra days to drive out to Florida’s Atlantic coast to unwind and enjoy some beach…

E2 – The Maestro’s Score – Technical Dialogue

In Episode 2 “The Maestro’s Score”, the Hunter digs deeper into the nefarious plot being composed by the Maestro.  After identifying a shadowy band of men stalking key locations in the Kingdom, the Hunter launches an investigation that leads him and his intrepid companion the Cat from the meagre, dusty abode of his trusted guru,…