incident management – Page 4

[SANS ISC] Dissecting Malicious Office Documents with Linux

Posted on October 26, 2018 by Xavier

I published the following diary on isc.sans.edu: “Dissecting Malicious Office Documents with Linux”: A few months ago, Rob wrote a nice diary to explain how to dissect a (malicious) Office document (.docx). The approach was to use the OpenXML SDK with Powershell. This is nice but how to achieve the

[The post [SANS ISC] Dissecting Malicious Office Documents with Linux has been first published on /dev/random]

Continue reading [SANS ISC] Dissecting Malicious Office Documents with Linux→

[SANS ISC] “OG” Tools Remain Valuable

Posted on October 10, 2018 by Xavier

I published the following diary on isc.sans.edu: “‘OG’ Tools Remain Valuable“: For vendors, the cybersecurity landscape is a nice place to make a very lucrative business. New solutions and tools are released every day and promise you to easily detect malicious activities on your networks. And it’s a recurring story.

[The post [SANS ISC] “OG” Tools Remain Valuable has been first published on /dev/random]

Continue reading [SANS ISC] “OG” Tools Remain Valuable→

What Metrics Do You Need to Measure the Success of Your SOC?

Posted on September 24, 2018 by Koen Van Impe

Your SOC collects mounds of data every day, but not all of it will contribute to a useful, relevant analysis of its performance. What metrics do you need to measure the success of your SOC?

The post What Metrics Do You Need to Measure the Success of Your SOC? appeared first on Security Intelligence.

Continue reading What Metrics Do You Need to Measure the Success of Your SOC?→

Training Announce: “Hunting with OSSEC”

Posted on August 20, 2018 by Xavier

I’m proud to have been selected to give a training at DeepSec (Vienna, Austria) in November: “Hunting with OSSEC“. This training is intended for Blue Team members and system/security engineers who would like to take advantage of the OSSEC integration capabilities with other tools and increase the visibility of their infrastructure behaviour.

[The post Training Announce: “Hunting with OSSEC” has been first published on /dev/random]

Continue reading Training Announce: “Hunting with OSSEC”→

How John Clarke Shifted Gears From Driving Vans to Gamifying Incident Response

Posted on August 14, 2018 by Security Intelligence Staff

Ten years ago, John Clarke was driving a van in Ireland for a living. Today, he develops games at IBM to help train security professionals on incident response and cyber situational awareness.

The post How John Clarke Shifted Gears From Driving Vans to Gamifying Incident Response appeared first on Security Intelligence.

Continue reading How John Clarke Shifted Gears From Driving Vans to Gamifying Incident Response→

How Mike Barcomb’s Military Mindset Enhances Incident Response

Posted on August 14, 2018 by Security Intelligence Staff

IBMer Mike Barcomb draws upon his experience in the U.S. Army Reserve to lead a team of incident response experts through careful planning, regular rehearsals and quick decision-making.

The post How Mike Barcomb’s Military Mindset Enhances Incident Response appeared first on Security Intelligence.

Continue reading How Mike Barcomb’s Military Mindset Enhances Incident Response→

How a Cyberattack Framework Can Help Reduce Risk at All Levels, Part 4

Posted on August 9, 2018 by Alexandrea Berninger

Even after a successful attack, security teams can still minimize the financial and reputational damage associated with a breach by following the IBM X-Force cyberattack framework.

The post How a Cyberattack Framework Can Help Reduce Risk at All Levels, Part 4 appeared first on Security Intelligence.

Continue reading How a Cyberattack Framework Can Help Reduce Risk at All Levels, Part 4→

How a Cyberattack Framework Can Help Reduce Risk at All Levels, Part 3

Posted on August 1, 2018 by Alexandrea Berninger

An attacker who gains access won’t necessarily walk away with an organization’s proprietary data. Here’s how a cyberattack framework can help you subvert an attacker already in a network.

The post How a Cyberattack Framework Can Help Reduce Risk at All Levels, Part 3 appeared first on Security Intelligence.

Continue reading How a Cyberattack Framework Can Help Reduce Risk at All Levels, Part 3→

How a Cyberattack Framework Can Help Reduce Risk at All Levels, Part 2

Posted on July 25, 2018 by Alexandrea Berninger

In the external reconnaissance and launch attack phases of the X-Force IRIS cyberattack preparation framework, threat actors look for vulnerabilities and tailor their attacks to exploit them.

The post How a Cyberattack Framework Can Help Reduce Risk at All Levels, Part 2 appeared first on Security Intelligence.

Continue reading How a Cyberattack Framework Can Help Reduce Risk at All Levels, Part 2→

[SANS ISC] Searching for Geographically Improbable Login Attempts

Posted on July 17, 2018 by Xavier

I published the following diary on isc.sans.org: “Searching for Geographically Improbable Login Attempts“: For the human brain, an IP address is not the best IOC because, like phone numbers, we are bad to remember them. That’s why DNS was created. But, in many log management applications, there are features to

[The post [SANS ISC] Searching for Geographically Improbable Login Attempts has been first published on /dev/random]

Continue reading [SANS ISC] Searching for Geographically Improbable Login Attempts→