RSA Security Analytics

RSA NetWitness® Suite named a leader in The Forrester Wave™: Security Analytics Platforms

We are excited to announce the RSA NetWitness® Suite has been named by Forrester® Research as a leader in The Forrester Wave™: Security Analytics Platforms, Q1 2017. RSA NetWitness Suite earned perfect marks in the Forrester Wave report for scalability, detection technologies, user behavior analytics, endpoints, integrated network analysis and visibility, and threat intelligence. According…

Tales from the Black Hat NOC: The Stages of Security Adolescence (Part 2)

In Part 1 of “Tales of the Black Hat NOC: The Stages of Security Adolescence,” I discussed the maturation process of the Black Hat NOC, and security strategies in general.  In the blog post below – you can see the adjustments we made and additional steps we took towards optimizing our NOC at Black Hat. …

Tales from the Black Hat NOC: The Stages of Security Adolescence (Part 1)

Maturity is often spoken of in the security community as a binary value – “Customer X is mature,” “Customer Y is immature…” This notion was not dispelled at Black Hat where one vendor after another claimed, “Evolve your security. Buy our product and stop breaches today!” But we know that maturity is not binary, and neither is…

Building rockstars in SOC

What makes detection most effective? I know you are thinking technology. However, if you have been in the security operations domain for long, you know the answer. It’s the “people” who use the technology. As a infosec leader/member for your organisation, you should continuously look for methods and tools that make your teams better and…

Detecting and Investigating Webshells – Another Reason for Deepening Your Security Visibility

What would you call a piece of code or a script that runs on a server and enables remote server administration?  If you answered – “Webshell” – you would be correct.  While often used for legitimate administrative purposes, it is also a favored technology used by attackers for illegitimate purposes.  Attackers often infiltrate externally accessible…

The Malicious Insider: Hiding in Plain Sight

Insider attacks are different from external attacks because insiders already have a foothold in the organization.  As defined by  CERT, “a malicious insider threat to an organization is a current or former employee, contractor, or other business partner who has or had authorized access to an organization’s network, system, or data and intentionally exceeded or…