Threat Detection: Spearphishing Attack

Speared in a Click: Documents with Executables

Keya Horiuchi

Clicking on an attached document or link in an email can be the initial action that brings down a network. In the second it took you to read the first sentence, that click could have set off a chain of quiet, unseen commands. It could have executed PowerShell commands in the background, downloaded and executed additional payloads from an external … Read More

Red Canary and Endgame

Red Canary and Endgame Announce Partnership

Keith McCammon, Chief Security Officer

We are very excited to announce that Endgame and Red Canary have partnered to integrate Endgame’s endpoint telemetry into the Red Canary platform. Our teams have worked together for years on research, mapping adversary techniques to ATT&CK™, and most recently on designing Endgame’s streaming APIs for this integration. Endgame now supports the collection of not only process-level telemetry, but a … Read More

SANS endpoint survey

SANS Endpoint Survey: Too Many Tools and Alerts

Keith McCammon, Chief Security Officer

The SANS Institute recently published the results of its annual Endpoint Protection and Response survey through a report written by Lee Neely and advised by Alissa Torres. The report includes a number of statistics and a long list of takeaways, but the key findings it uncovered are: We have too many tools We have too many alerts Neither of these … Read More

MDR Buyer's Guidelines

3 Areas to Consider When Looking for a Managed Detection and Response Partner

Michael Haag

Gartner estimates that 15% of organizations will be using managed detection and response (MDR) services by 2020, up from less than 5% today. For many buyers (including myself), past bad experiences can make it difficult to consider outsourcing critical components of your security program. Whether the experience was caused by poor service, ineffective product, or a vendor who did not … Read More

Build vs Buy

Build vs. Buy: Not Mutually Exclusive

Keith McCammon, Chief Security Officer

The “build vs buy” debate in security technology has been argued so many times that there are few unique positions left to take. Builders prioritize flexibility and control, while buyers prioritize predictable performance, scale, cost, and results. The debate continues not because there are groundbreaking arguments in favor of one or the other. The build vs buy debate continues because … Read More

Cryptomining Native Windows Tools

Mining off the Land: Cryptomining Enabled by Native Windows Tools

Tony Lambert

A lesson I learned early in my career is that technology professionals often inherit older problems. This is especially true of administrators responsible for network services and security because they inherit the biggest snowball of problems: an enterprise network. Networks often grow in ways that make them harder to secure and maintain as they age, and admins often implement new … Read More