Blog

  • WannaCry? How Security Operations Platforms Help Get SOCs Past the Panic

    As over 100 countries worldwide reel from what is being described as one of the largest cyberattacks in history, it’s important to understand that while the attack could not have been completely prevented, its disruptive impact could have been lessened substantially if targeted enterprises were......

  • Why Cybersecurity Programs Must Begin with an Effective Process

    In our experiences here at Syncurity, we have identified two pitfalls that could prevent organizations from building a strong cybersecurity program: First, the incorrect conclusion that – if they meet compliance standards year after year by “checking every box correctly” – their systems and devices......

  • DOES IR HAVE A HIERARCHY OF NEEDS? (Version 2)

    Version 2.0 – Thank you to all of you that submitted suggestions and comments on our first version of this blog. Many of us had a great discussion about this during and after ArchC0n. We were hoping this would kick-start some discussion and have since......

  • GUEST BLOG: Ransomware Investigations for Impacted Healthcare Entities

    by: Jason Rebholz, Director at The Crypsis Group In July of 2016, the HHS Office for Civil Rights (“OCR”) released updated guidance[1] on how healthcare entities should respond to ransomware infections. The updated guidance introduced a presumption of a breach unless the entity can show......

  • Blue Team Analysts Assemble

    There Are Superheroes Among Us On Our Blue Teams Our superheroes are Incident Response experts who wield their knowledge skillfully. Ferreting out the villains who hide in the shadows. Fending off a steady stream of attackers who would penetrate our fortresses (aka server rooms and......

  • Does IR have a Hierarchy of Needs?

    Based on feedback from everyone – we have updated this and published a version 2 of this post.    After seeing in the past few years David Bianco’s Pyramid of Pain and Rick Holland’s Threat Intel Targeted Attack Hierarchy of Needs, I started thinking… can......

  • Reap the Payoffs of Successful IR Automation

    Do you remember when Salesforce.com came out? While CRM (customer relationship management) was hardly a new concept, users across the organization loved it for its ease of use, visibility it provided, and the boost of speed its workflows delivered. An enterprise could easily get behind......

  • See you at the SANS SOC Summit #socsummit

    Looking forward to 2016 SANS SOC Summit this week It’s late May, so it must be time for the annual SANS SOC Summit, https://www.sans.org/event/security-operations-center-summit-2016, held this Wednesday and Thursday at the Hilton Doubletree Crystal City just inside the DC Beltway.  If there was any doubt that......

  • Improving Incident Response Investigations

    Improving Incident Response Investigations Investigating cybersecurity incidents requires balancing investigation depth with analyst capacity.  Using robust triage checklists and threat management platforms can reduce investigative time.  Larger SOCs/CSIRTs use a tiered system to allow skilled investigators to focus on high risk events while maintaining coverage across......

  • Incident Response Management Process – Triage

    Incident Response – Triage Triage is the first post-detection incident response process any responder will execute to open an incident or false positive. Structuring an efficient and accurate triage process will reduce Analyst Fatigue and ensure that only valid alerts are promoted to “investigation or......

 

CONTACT US FOR A DEMO