Risk Management May 18, 2023

HEAT and EASM: What to Know About the Top Acronyms at RSA

4 min read - The cybersecurity industry is littered with acronyms. SIEM. EDR. APT. CISO. CISA. The list goes on and on. So it wasn’t surprising that there were a lot of acronyms in RSAC 2023’s sessions and keynotes, as well as in the…

Incident Response May 1, 2023

How Morris Worm Command and Control Changed Cybersecurity

4 min read - A successful cyberattack requires more than just gaining entry into a victim’s network. To truly reap the rewards, attackers must maintain a persistent presence within the system. After establishing communication with other compromised network devices, actors can stealthily extract valuable…

Incident Response March 14, 2023

Breaking Down a Cyberattack, One Kill Chain Step at a Time

4 min read - In today’s wildly unpredictable threat landscape, the modern enterprise should be familiar with the cyber kill chain concept. A cyber kill chain describes the various stages of a cyberattack pertaining to network security. Lockheed Martin developed the cyber kill chain…

Identity & Access December 21, 2022

Beware of What Is Lurking in the Shadows of Your IT

6 min read - This post was written with contributions from Joseph Lozowski. Comprehensive incident preparedness requires building out and testing response plans that consider the possibility that threats will bypass all security protections. An example of a threat vector that can bypass security…

News November 30, 2022

Abuse of Privilege Enabled Long-Term DIB Organization Hack

2 min read - From November 2021 through January 2022, the Cybersecurity and Infrastructure Security Agency (CISA) responded to an advanced cyberattack on a Defense Industrial Base (DIB) organization’s enterprise network. During that time frame, advanced persistent threat (APT) adversaries used an open-source toolkit…

Intelligence & Analytics March 16, 2022

IOCs vs. IOAs — How to Effectively Leverage Indicators

4 min read - Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs)…

Intelligence & Analytics May 13, 2021

What Is SIEM and How Does it Work? The Past, Present and Future

7 min read - Security information and event management (SIEM) solutions provide organizations centralized visibility into their IT and even sometimes OT environments. At a high level, a SIEM turns data into actionable insights by: Ingesting a vast amount of event data from across…

Intelligence & Analytics April 16, 2021

Combating Sleeper Threats With MTTD

6 min read - During the SolarWinds Orion supply chain compromise, threat actors lurked in the victim’s network for more than a year. Discovered by FireEye in December 2020, the earliest traces of a modified SolarWinds Orion go back as early as October 2019.…

Incident Response February 10, 2021

Smell the Attack? Sensory-Immersive Cyber Range Training for Industry 4.0

7 min read - Humanity has been through a number of industrial revolutions since the 1760s, and is now at its fourth cycle of sweeping industrial innovation, known as Industry 4.0. It is characterized by the ongoing automation of traditional manufacturing and industrial practices…

September 25, 2020

Mercenary Group Targets Real Estate and Architecture Firm

2 min read - A digital espionage attack against an international architectural and video production company fit the profile of advanced persistent threat (APT) mercenary groups, Bitdefender revealed on Thursday, August 20.   At the time of analysis, this company had offices in London,…