Intelligence-driven security

Multi-layered Analysis of a Threat Pattern

If you do not fully know the asset, how can you protect it? This is the first challenge security practitioners face during any activity, whether it is a penetration test, code review, risk assessment, or design of a threat pattern. In a previous post, author Davide Veneziano provided an overview of the building-block required to design a consistent…

The Life Cycle of a Threat Pattern

Applying a structured approach to developing and maintaining significant threat patterns is absolutely key to successfully hunting for the advanced TTPs used by many motivated threat actors. In the post, Context in Risk-Based Threat Patterns, author Demetrio Milea suggested a simple and effective method borrowed from the Software Development Life Cycle (SDLC) to design and maintain threat patterns…

Faster Threat Detection through Shared Intelligence: RSA NetWitness Endpoint Now Supports RSA Live Connect

In a previous life, I remember spending time at a company’s co-location facility where many organizations hosted their production and testing environments.  There was a shared workspace, and I remember having quite a few conversations with industry peers about various topics.  Not surprisingly, the one topic that came up more frequently than others was security…

Reducing The Noise

Today, enterprise infrastructures are borderless and are generating more data than ever. Coupled with the fact that more and more breaches are happening every year, it’s not a matter of “if we get breached”, it’s “when we get breached.” Organizations not only require a team of skilled security professionals, but also advanced security controls to detect and respond…

Securing eCommerce Transactions without Losing Customers Part 1 – Risk-Based Authentication

Yesterday afternoon I received one of the calls we all dread – my credit card company phoned to ask if my husband had purchased airline tickets within the last five minutes. Alas he wasn’t planning to whisk me away – a fraudster was using his credit card number to book a flight. Within twelve hours…

The Targeted Forensics Series: Examination of Command Line RAR and 7-ZIP Prefetch Files (Part 2)

As an Advisory Consultant for RSA’s Advanced Cyber Defense practice, one of my objectives is show our clients how to focus on incident investigation and not just resolution. This is a holistic solution, made of many components, one of which I always recommend, is performing live response/targeted forensics. This series is focused on establishing procedures…

The Targeted Forensics Series: Examination of Command Line RAR and 7-ZIP Prefetch Files (Part 1)

As an Advisory Consultant for RSA’s Advanced Cyber Defense practice, one of my objectives is to show our clients how to focus on incident investigation and not just resolution. This is a holistic approach, made of many components, one of which I always recommend, is performing live response/targeted forensics. This series is focused on establishing…

Intelligence-Driven IAM: The Perfect Recipe

Another day, another breach, right? It’s almost like we’ve started to become desensitized to them. But, as a security professional, I want to implore upon you the importance of every single breach – no matter how large or small. They all can cause negative consequences – on the corporation whose share price plummets, or on…

The On-going Threat of Social Engineering

I spoke recently at a meeting of the Dublin, Ireland chapter of ISACA about the continued (and increasing) use of social engineering in cyberattacks discussed in several recent reports, including the joint report by ISACA and RSA that documents the results of a survey of cybersecurity professionals, conducted in the first quarter of 2015. Those…

Stop Them in their Tracks: A Cyber Kill Chain Approach

I first heard this concept at a cyber risk conference in New York…  A hacker entity has 1 shot to infiltrate your network, but you have 7 opportunities to stop them. Those seven opportunities refer to the Cyber Kill Chain. Patented by Lockheed Martin, the Cyber Kill Chain® is an intelligence-driven computer network defense framework…