The Incompleteness Theorem: Why Every Organization Needs an Incident Response Capability

Some cybersecurity experts may already be familiar with the Incompleteness Theorem, which Stanford University counts among the most important results of modern logic. What you may not have considered is the interesting implications it has on the ubiquitous need for incident response. Published in 1931 by mathematician Kurt Gödel, the Incompleteness Theorem established that in…

Read More
Angel Grant 2_BTS2

The Case of Threat Intelligence in ETDR

It seems like every day we’re hearing about a new major security breach that’s affecting thousands, if not millions. Cybercriminals have many motives, and no organization should consider itself invulnerable. These attackers are advanced and have been able to penetrate deep layers of defenses. Years ago, organizations thought that technologies like Antivirus(AV), firewalls, Host Intrusion…

Read More

The Targeted Forensics Series: Examination of Command Line RAR and 7-ZIP Prefetch Files (Part 2)

As an Advisory Consultant for RSA’s Advanced Cyber Defense practice, one of my objectives is show our clients how to focus on incident investigation and not just resolution. This is a holistic solution, made of many components, one of which I always recommend, is performing live response/targeted forensics. This series is focused on establishing procedures…

Read More

Can businesses be resilient on their own?

Can businesses and organizations be resilient on their own? By this I mean is it enough for a business organization to build resilient internal processes, IT infrastructure, facilities, and even third party relationships and rest assured they’re prepared for the next big event that comes along. To answer this question, I think we have to…

Read More

Observe what Matters

Recently, I spoke at the RSA EMEA Advanced Cyber Defense Summit in Rome where I gave a presentation on Cyber Threat Intelligence (CTI) and Incident Response (IR). It was a great event, well attended by over 300 security professionals who brought a lot of interest,  positive energy and meaningful discussion. Last year brought forth a…

Read More
Media Provided by :

Wolves Among Us: Abusing Trusted Providers for Malware Operations

Within the past year the RSA Incident Response (IR) team has worked multiple APT engagements where they’ve identified the adversary’s malware using a unique method of determining its Command and Control (C2) server. By leveraging trusted content providers, such as popular shopping sites and discussion forums, adversaries can perform operations within a network in plain…

Read More

Stop Them in their Tracks: A Cyber Kill Chain Approach

I first heard this concept at a cyber risk conference in New York…  A hacker entity has 1 shot to infiltrate your network, but you have 7 opportunities to stop them. Those seven opportunities refer to the Cyber Kill Chain. Patented by Lockheed Martin, the Cyber Kill Chain® is an intelligence-driven computer network defense framework…

Read More

RSA Conference: Born as an APT, Dies as our IOC

During the RSA Conference the RSA IR Team will discuss several arguments. Mine is “Born as an APT, Dies as our IOC” and will talk about the selection of “actionable IOCs” through the adoption of a specific IR methodology that speed up the IR investigation and triage processes: APT actors present a growing threat in…

Read More