Threat Prevention Not Working

What to Do When Threat Prevention Fails (Hint: It Always Does)

Phil Hagen

Since the dawn of modern information security in the mid-1990s, the industry has been fixated on how to prevent bad things from happening. Yet even a cursory review of headlines shows we’ve not made much meaningful progress toward this goal since then. The bad guys continue to “get in” and cause damage to victims. However, security professionals realize this does … Read More

Automated Threat Hunting

Automated Threat Hunting: the Man vs Machine Debate

Frank McClain

There has been a fair amount of discussion (and disagreement) about the role of machines and automated threat hunting. It’s the endless debate of man vs machine—or, as I like to think of it, “AI vs AI.” You might wonder how man/machine is the same as AI/AI, but that’s pretty simple: one stands for “Artificial Intelligence” and the other is … Read More

Detecting Snake Malware

Detecting Snake Malware Using Cb Response

Keith McCammon, Chief Security Officer

Several days ago, researchers at Fox-IT announced the porting of the Snake malware framework from Windows to the Mac platform. Detecting Snake malware may be difficult as Snake is a relatively complex framework that includes persistence, information stealing, and communications modules among other capabilities. Given this information, we had a need to look retrospectively across our customer base to identify … Read More

Ransomware Epidemic

The Ransomware Epidemic: Why It’s Only Just Begun

Jamison Utter

Ransomware (or more accurately cybercrime) is a well-oiled, well-funded industry. I recently joined Michael Haag and Ben Johnson on a webinar to take a deep dive into the ransomware epidemic—discussing its origins, inner workings, and practical prevention techniques and tools. One of the top questions we received from attendees was “What can organizations expect in the future?” With changes in commoditization … Read More

How to Prevent Ransomware

How to Prevent Ransomware: 5 Practical Techniques and Countermeasures

Michael Haag

Just about every security vendor has researched, blogged, and webcasted about how their product can and will prevent ransomware. Additionally, in my conversations with the security community, people always ask me: “What is the best product to prevent ransomware?” If you have read my Security Architect Lessons post, you know by now that I am not a fan of a single … Read More

EDR Shopping List

EDR Shopping List: 4 Items to Budget and Scope

Chris Rothe

Once a security team recognizes the value of an Endpoint Detection and Response (EDR) capability and begins to scope the project, the list of requirements starts to add up—and the cost along with it. The EDR shopping list includes hardware and software, employees to hire and manage, processes to design and implement, plus custom software and integrations to develop. While … Read More

Detecting and Combating Advanced Threats

Detecting and Combating Advanced Attacks: a Global Not-for-Profit’s Defense Strategy

Cory Bowline

Everyone knows advanced threats are extremely difficult to defend against. Nothing earth-shattering there. They leverage sophisticated tactics, techniques, and procedures (TTPs) to covertly harvest sensitive data, and are characterized by their ability to avoid detection. Most organizations say they are concerned about advanced attackers, but also question if they would ever be a target. But what about the organizations that … Read More