When you enlist a hunt team to run compromise assessments, it’s important to determine which solutions and processes they’re using to actively hunt down threats. After all, compromise assessments (time-bound or more focused projects) are proactive efforts to detect persistent threats that have evaded existing security controls. You must adopt the mindset that your existing controls have already… Read More
Author: Andrew Cook
Predicting the Future of Ransomware and Crypto Mining in the Cloud
Ransomware is today’s menace. It’s profitable, simple to pull off, and can hit organizations of any size. In this blog post, we look at the future of ransomware and related attacks and speculate about what the migration to cloud environments might mean for the threat landscape.
Threat Hunting Best Practices: Be Ready to Hunt When Cyber Criminals Strike
When the term “threat hunting” is brought up in the cyber security community, it can come across as more of a buzzwordthan a viable and important strategy for organizations to adopt. While there is plenty of discussion about what threat hunting means and why having a hunt program is important, the mindset, methods, and key steps… Read More
Incident Response Strategy: Determining Where to Invest
It can be hard to plan for a security incident if you’ve never experienced one first hand. Incidents involve unauthorized access, denial of service, presence of malicious logic, and improper usage. As an incident responder, I’ve seen plenty of these situations play out. I was fortunate to share some of my experiences and lessons with… Read More
Avoid These Common Incident Response Assumptions and Planning Mistakes
Last week, I took part in one of SecureWorld Seattle’s panels, “Manage the Damage – The Current Threat Landscape.” This panel focused on the topic of developing, fine-tuning, and practicing incident response plans to be better prepared for a breach. The moderator, Jean Pawluk, and the crowd in attendance, asked some thought-provoking questions about common incident response challenges that businesses face…. Read More
Incident Response Best Practices: What You Can Expect During the First Call
Imagine this scenario: you’ve just discovered your network has been breached. You need to get a handle on the situation quickly but you’re still trying to figure out what happened. What are the incident response best practices you should follow? As cyber security consultants, we know the first few moments of an incident can be highly… Read More