Blog Posts

30 Aug Blue Team Analysts Assemble

There Are Superheroes Among Us On Our Blue Teams Our superheroes are Incident Response experts who wield their knowledge skillfully. Ferreting out the villains who hide in the shadows. Fending off a steady stream of attackers who would penetrate our fortresses (aka server rooms and...

Read More

18 Aug Does IR have a Hierarchy of Needs?

Based on feedback from everyone - we have updated this and published a version 2 of this post.    After seeing in the past few years David Bianco’s Pyramid of Pain and Rick Holland’s Threat Intel Targeted Attack Hierarchy of Needs, I started thinking… can we apply...

Read More

24 May See you at the SANS SOC Summit #socsummit

Looking forward to 2016 SANS SOC Summit this week It's late May, so it must be time for the annual SANS SOC Summit,, held this Wednesday and Thursday at the Hilton Doubletree Crystal City just inside the DC Beltway.  If there was any doubt that the...

Read More

31 Mar Improving Incident Response Investigations

Improving Incident Response Investigations Investigating cybersecurity incidents requires balancing investigation depth with analyst capacity.  Using robust triage checklists and threat management platforms can reduce investigative time.  Larger SOCs/CSIRTs use a tiered system to allow skilled investigators to focus on high risk events while maintaining coverage across all...

Read More