Blog

  • DOES IR HAVE A HIERARCHY OF NEEDS? (Version 2)

    Version 2.0 – Thank you to all of you that submitted suggestions and comments on our first version of this blog. Many of us had a great discussion about this during and after ArchC0n. We were hoping this would kick-start some discussion and have since......

  • GUEST BLOG: Ransomware Investigations for Impacted Healthcare Entities

    by: Jason Rebholz, Director at The Crypsis Group In July of 2016, the HHS Office for Civil Rights (“OCR”) released updated guidance[1] on how healthcare entities should respond to ransomware infections. The updated guidance introduced a presumption of a breach unless the entity can show......

  • Blue Team Analysts Assemble

    There Are Superheroes Among Us On Our Blue Teams Our superheroes are Incident Response experts who wield their knowledge skillfully. Ferreting out the villains who hide in the shadows. Fending off a steady stream of attackers who would penetrate our fortresses (aka server rooms and......

  • Does IR have a Hierarchy of Needs?

    Based on feedback from everyone – we have updated this and published a version 2 of this post.    After seeing in the past few years David Bianco’s Pyramid of Pain and Rick Holland’s Threat Intel Targeted Attack Hierarchy of Needs, I started thinking… can......

  • Reap the Payoffs of Successful IR Automation

    Do you remember when Salesforce.com came out? While CRM (customer relationship management) was hardly a new concept, users across the organization loved it for its ease of use, visibility it provided, and the boost of speed its workflows delivered. An enterprise could easily get behind......

  • See you at the SANS SOC Summit #socsummit

    Looking forward to 2016 SANS SOC Summit this week It’s late May, so it must be time for the annual SANS SOC Summit, https://www.sans.org/event/security-operations-center-summit-2016, held this Wednesday and Thursday at the Hilton Doubletree Crystal City just inside the DC Beltway.  If there was any doubt that......

  • Improving Incident Response Investigations

    Improving Incident Response Investigations Investigating cybersecurity incidents requires balancing investigation depth with analyst capacity.  Using robust triage checklists and threat management platforms can reduce investigative time.  Larger SOCs/CSIRTs use a tiered system to allow skilled investigators to focus on high risk events while maintaining coverage across......

  • Incident Response Management Process – Triage

    Incident Response – Triage Triage is the first post-detection incident response process any responder will execute to open an incident or false positive. Structuring an efficient and accurate triage process will reduce Analyst Fatigue and ensure that only valid alerts are promoted to “investigation or......

  • Incident Response Process Importance

    The Value and Importance of Incident Response Process Processes to manage incidents are part of the pre-event phase: initial development of these processes represent the end of the preparation phase for an Incident Management Program.  These processes should come together once a policy is in......

  • Incident Response – How do you deal with analyst fatigue?

    As I talk with people I know who are either Security Managers, CISOs or friends, a topic has come up that I haven’t read much about: analyst fatigue. Fatigue Symptoms Below, I have brainstormed some indicators on how to recognize analyst fatigue: High false positive......

 

CONTACT US FOR A DEMO