WHAT IS A SIEM, AND WHY SHOULD YOU HAVE ONE?

SIEM (pronounced like “sim” from “simulation”), which stands for Security Information and Event Management, was conceived of as primarily a log aggregation device. However, a SIEM’s primary capabilities are to provide threat detection, better enable in… Continue reading WHAT IS A SIEM, AND WHY SHOULD YOU HAVE ONE?

Spot the Ball & Security Detection Games

When I was younger, and printed newspapers were a more common household purchase, I remember fondly watching my mother play a game called “Spot the Ball.” For those of you not familiar with this, it consisted of a photograph of a recent football (socce… Continue reading Spot the Ball & Security Detection Games

Survey: Nearly Half of Manufacturers Suffered a Digital Attack in the Last Year

Confidence isn’t new when it comes to cybersecurity. All the way back in 2015, for example, 86% of security professionals working in the energy sector told Tripwire that they were confident they could detect a breach in a week. Just less than half (49%… Continue reading Survey: Nearly Half of Manufacturers Suffered a Digital Attack in the Last Year

What Is a Security Operations Center (SOC)?

Data breaches are costing organizations millions of dollars on average. In its 2020 Cost of a Data Breach Report, IBM found that a data breach cost the average organization $3.86 million. This price tag was even greater for organizations located in the… Continue reading What Is a Security Operations Center (SOC)?

Hunting injected processes by the modules they keep

A relatively recent post showed how Metasploit’s Meterpreter module made some noise on endpoints when the migrate command was used to move the agent code into a legitimate process, spoolsv.exe in our example.

One of the things we saw in that post was … Continue reading Hunting injected processes by the modules they keep

SANS 2019 Incident Response Survey: Successful IR Relies on Visibility

During the past year, we have witnessed significant data breaches that have impacted industries ranging from hospitality to legal to social media. We have seen a continuation of financially motivated threats, such as business email compromise (BEC), wh… Continue reading SANS 2019 Incident Response Survey: Successful IR Relies on Visibility

How to Get Started in Digital Forensics

If you want to become a digital forensic expert, be aware that when entering the field, you will be presented with an abundance of information that you will not know. It is a wonderfully challenging career path. Some believe that having the title of a … Continue reading How to Get Started in Digital Forensics

Crisis Management Automation for the Entire Organization with Dispatch – BSidesSF Preview

Managing security incidents can be a stressful job. You are dealing with many questions all at once. What’s the scope? Who do I need to engage? How do I manage all of this? As an Incident Commander (IC), you have many responsibilities. You’… Continue reading Crisis Management Automation for the Entire Organization with Dispatch – BSidesSF Preview

All I Want for Christmas… Is a New SSL Certificate

On Thursday 6th December, 2018, I realized how dependent I was on my mobile phone having an internet connection. That particular day, I was out and about away from Wi-Fi networks. The first time I noticed I had no connectivity was when I used my phone … Continue reading All I Want for Christmas… Is a New SSL Certificate