Passive DNS Unsung Hero

Passive DNS Monitoring – Why It’s Important for Your IR Team

Phil Hagen

DNS is an unsung hero among protocols during a network investigation. It’s almost universally used by other protocols such as HTTP, SMTP, and the like. It’s also a plaintext protocol, which can benefit an incident responder who cannot otherwise examine the contents of an encrypted connection. However, passive DNS monitoring (also known as DNS logging) is still somewhat rare in … Read More

Information Security Analyst Job: Interview Questions and Answers

How to Get an Information Security Analyst Job: Interview Questions, Answers & Advice (Part Two)

Joe Moles

Job hunters who are searching for an information security analyst job have several factors working in their favor. First, it’s no secret there’s a shortage of talent in the information security industry; everyone’s pretty familiar with the stat that there were one million cybersecurity job openings in 2016. Second, information security analyst jobs consistently rank high amongst those opportunities, partially … Read More

A Guide to Evaluating EDR Security Products: 15 Critical Questions to Ask

Suzanne Moore

The EDR market is booming. A recent Gartner report found that the EDR market more than doubled in 2016, and another analysis predicts the number of organizations using EDR security products will triple over the next five years. However, growth does not come without challenges. Many security teams struggle to define the right questions to ask when looking to add EDR … Read More

PowerShell Empire

Detecting Post Exploitation with EDR: What Security Teams Need to Know

Joe Moles

I recently joined Rick McElroy from Carbon Black on a webinar to discuss techniques for detecting post exploitation with EDR. The steady stream of questions reminded me how many people are interested in the topic. I’m passionate about helping people detect post exploitation behaviors and am always excited to share what I have learned. I wanted to circle back and share some … Read More

Threat Detection

Attacking a Mac: Threat Detection #392

Frank McClain

Everyone, please take a deep breath and say it with me: “Macs are invulnerable to compromise.” Everyone knows that’s true, right? Attacking a Mac is impossible. Okay, well perhaps most of the population thinks that, but we are part of the uber-elite cyber-warriors that know better. All systems are vulnerable. Our Macs only get popped when we want them to, … Read More

3 Ways to Implement an EDR Capability in Your Security Program

Endpoint Detection and Response: 3 Ways to Implement an EDR Capability in Your Security Program

Suzanne Moore

As organizations look for better ways to defend against evolving cyber attacks, endpoint detection and response (EDR) is rapidly emerging as a solution. EDR promises to combine visibility, threat detection, and response across all of your endpoints. However, security teams often don’t realize that developing a true EDR capability can be challenging. It’s not something you simply buy off the … Read More