Threat Hunting for Dridex

Threat Hunting for Dridex Attacks: Top Questions from Security Teams

Joe Moles

I recently spoke on a threat hunting webinar with our partner Carbon Black in which we dove into Dridex attacks: how they work, why they’re so effective, and how security teams can detect them through a proactive threat hunting approach. For anyone who’s unfamiliar with Dridex, the malware evades signature-based detection and is built to harvest the banking credentials of … Read More

Want Better Security? Start With These 5 Proven IT Fundamentals

Adam Mathis

I recently had the opportunity to talk with a number of security decision makers at a security event in Chicago. As much as I enjoy discussing the impact Red Canary has on our customers’ security postures, it’s even more enjoyable for me to simply talk shop with other security folks. What kind of problems are they facing? What solutions are … Read More

Windows Technical Deep Dive

How to Use Windows API Knowledge to Be a Better Defender

Ben Downing

The Windows API is a large, complex topic with decades of development history and design behind it. Although it is far too vast to cover in a single article, even a cursory knowledge is enough to improve your event analysis and your basic malware analysis skills. Understanding how Windows works can help defenders to better understand and defend against threats, … Read More

How to Mitigate Phishing Risk

You Will Be Phished. Three Ways to Mitigate Your Phishing Risk.

Phil Hagen

Phishing remains one of the most common and effective means for an attacker to gain initial access to their victims’ environments. Verizon’s 2017 Data Breach Investigation Report (DBIR) indicated that for two years running, phishing was the top variety of social attack, used in more than 90% of incidents and breaches. A more focused variant is “spearfishing,” which differs in … Read More

Using Cb Response to Mitigate ETERNALBLUE

Keith McCammon, Chief Security Officer

In case you’ve been under a rock: There’s a wee problem with ransomware, fueled by the public release of a handful of high quality access (exploit) and persistence (backdoor) utilities. Most recently, these have manifested in the form of the WannaCry and Petya epidemics. While good intelligence on Petya infection vectors and lateral movement techniques are in a state of … Read More

Security Operations Program: How to Measure and Report Effectiveness

Five Guidelines for Measuring and Reporting on Your Security Operations Program

Joe Moles

Whether you have a well-established security operations program or are building it from the ground up, it’s important for security teams to constantly show value and identify opportunities for improvement. If you can’t answer questions like “How is our security program performing?” and “Where do we need to focus our time and attention?” — start with these five high-level guidelines. … Read More

investment firm information security

An Investment Firm’s Information Security Strategy: Layering Multiple Partners for a Robust Line of Defense

Suzanne Moore

Cybercriminals attacked the financial services sector more than any other industry last year. A recent research report found that 75% of the top 20 U.S. commercial banks (by revenue) are infected with malware. And another analysis on cyber risk management found that 69% of incidents went undetected by financial security teams for weeks to months. So what is the best line of … Read More