incidentresponse – WindowsTechs.com

SOC Visibility and SIEM Tools – Jeff Costlow – BSW #145

Posted on October 1, 2019 by Security Weekly Productions

SOC Visibility and SIEM Tools
The post SOC Visibility and SIEM Tools – Jeff Costlow – BSW #145 appeared first on Security Weekly. Continue reading SOC Visibility and SIEM Tools – Jeff Costlow – BSW #145→

Threat Hunting, Viavi – ESW #147

Posted on July 31, 2019 by Security Weekly Productions

Threat Hunting
The post Threat Hunting, Viavi – ESW #147 appeared first on Security Weekly. Continue reading Threat Hunting, Viavi – ESW #147→

Security Orchestration and Incident Response

Posted on March 29, 2017 by Bruce Schneier

Last month at the RSA Conference, I saw a lot of companies selling security incident response automation. Their promise was to replace people with computers – sometimes with the addition of machine learning or other artificial intelligence techniques – and to respond to attacks at computer speeds. While this is a laudable goal, there’s a fundamental problem with doing this… Continue reading Security Orchestration and Incident Response→

New Presidential Directive on Incident Response

Posted on August 2, 2016 by Bruce Schneier

Last week, President Obama issued a policy directive (PPD-41) on cyber-incident response coordination. The FBI is in charge, which is no surprise. Actually, there’s not much surprising in the document. I suppose it’s important to formalize this stuff, but I think it’s what happens now. News article. Brief analysis. The FBI’s perspective…. Continue reading New Presidential Directive on Incident Response→

Credential Stealing as an Attack Vector

Posted on May 4, 2016 by Bruce Schneier

Traditional computer security concerns itself with vulnerabilities. We employ antivirus software to detect malware that exploits vulnerabilities. We have automatic patching systems to fix vulnerabilities. We debate whether the FBI should be permitted to introduce vulnerabilities in our software so it can get access to systems with a warrant. This is all important, but what’s missing is a recognition that… Continue reading Credential Stealing as an Attack Vector→

Resilient Systems News: IBM to Buy Resilient Systems

Posted on February 29, 2016 by Bruce Schneier

Today, IBM announced its intention to purchase my company, Resilient Systems. (Yes, the rumors were basically true.) I think this is a great development for Resilient Systems and its incident-response platform. (I know, but that’s what analysts are calling it.) IBM is an ideal partner for Resilient, and one that I have been quietly hoping would acquire it for over… Continue reading Resilient Systems News: IBM to Buy Resilient Systems→