Security Operations

Testing a Threat Pattern: Quality is Never an Accident

John Ruskin, one of the great visionaries of the 19th century, said “Quality is never an accident; it is always the result of intelligent effort”, in our continuing journey through the lifecycle of a threat pattern, we are now at the testing phase. After analyzing  requirements, asset and threats, designing a general and reusable model for the threat pattern and implementing the…

Defining Business-Driven Security™ for the Modern Enterprise

As I travel around the world and meet with CISOs and security teams, I continue to be amazed at the organizational disconnects around managing cyber risk. Security Operations and Identity & Access Management teams operate their own business processes with very few connection points. Security and Risk & Compliance teams have different world views of…

Mastering the implementation of a Threat Pattern

In previous posts we have discussed two of the most critical phases in the “The Lifecycle of a Threat Pattern”: analysis and design. In the analysis phase the objective is to fully understand the asset in scope by getting deeper into the context to formulate a set of residual risks to which the asset might be…

Engineering The Design Of A Threat Pattern

In our journey of developing and maintaining threat patterns, we have now arrived at a critical phase: the design. While the need of an implementation phase is immediate as well as the evaluation of the background analysis in order to build something meaningful (as explained by my colleague, Demetrio Milea) – the intermediate design phase is the…

The Life Cycle of a Threat Pattern

Applying a structured approach to developing and maintaining significant threat patterns is absolutely key to successfully hunting for the advanced TTPs used by many motivated threat actors. In the post, Context in Risk-Based Threat Patterns, author Demetrio Milea suggested a simple and effective method borrowed from the Software Development Life Cycle (SDLC) to design and maintain threat patterns…

Tales from the Black Hat NOC: Attendee Attacks, Loud and Proud

We are approaching the end of Black Hat‘s training days. It’s an interesting time when the expo floor still sits quiet, but the Black Hat network is as noisy as ever – as seen by the RSA volunteers working inside the Black Hat NOC. The majority of this noise is being generated by teachers and students, demonstrating…

Part 4: Fundamentals of the Game – There is no intelligence without data

After having identified the set of fundamental skills needed to set up a successful SOC, highlighted the importance of the alignment between SOC and business goals, and  understood how people, processes, and technology must work together for a SOC to be successful, we now investigate the next SOC fundamental skill: focus on data through visibility…

Part 3: Fundamentals of the Game – People, Process and Technology Alignment

The first post in the Fundamentals of the Game series listed a set of skills that characterize successful SOCs, just like the excellence in offensive and defensive fundamental skills characterizes the greatest players in basketball or any other sport. The second article provided details on one of these fundamental skills (established alignment between SOC and business…

Part 2: Fundamentals of the Game – Where Business and Security Goals Meet

In the previous article of this series, a sports analogy helped me in highlighting what I consider to be the fundamental skills needed to build an effective Security Operations program. I now want to go through each one of the fundamentals in more detail, providing real-world examples of how Security Operations Centers in global organizations…

SOC Orchestration is the Key to Success

A well orchestrated concert is priceless!  We are spoiled in Boston as we probably have one of the best orchestrated music venues –  the Boston Symphony Orchestra.   Not just a music concert, a well orchestrated sports team, a well orchestrated vacation or a well orchestrated plan is a thing of beauty and it keeps everyone happy…