Hate the (Incident Response) Game

Red Canary

How much have you invested in computer security technology? How many vendor boxes are in your server rooms or data centers? How many bloated agents sit on your end-points? All that tech that promised to stop “advanced” threats and 0-days… …how much was that last bill from the incident response company? The invoice for that breach that ran roughshod over … Read More

Is cyberinsurance the answer? Don’t count on it

Red Canary

The issue of cyberattack insurance was recently covered in the New York Times. It’s a great read on a number of levels, not the least of which is what a disaster the market is going to be as long as people keep adhering to the status quo. Insurance works because premiums paid by the insured are always greater than payments … Read More

Slandering Andre Maginot

Red Canary

FireEye recently came out with a new report: Cybersecurity’s Maginot Line. It is an excellent report that documents findings from over 1,600 FireEye customers. Some key findings: Nearly all (97 percent) organizations had been breached, meaning at least one attacker had bypassed all layers of their defense-in-depth architecture. More than a fourth of all organizations experienced events known to be … Read More

Don’t let Brian Krebs be your IDS

Red Canary

If you are of a certain age – back when people got their visual electronic entertainment via broadcast TV – you remember watching a show called 60 Minutes. One of the most well-known TV journalists in the country at the time, Dan Rather, worked for 60 Minutes (among other duties at CBS), where he exposed wrong-doing or shady practices of … Read More

Detecting CVE-2014-1776: Internet Explorer Zero-Day

Red Canary

Red Canary is actively detecting CVE-2014-1776, the latest “Internet Explorer zero-day,” on the endpoint by leveraging our global network of managed Bit9+Carbon Black sensors. This post provides some insight into how you can do the same. We know this exploit targets Internet Explorer (iexplore.exe), requires VGX.dll be loaded by the targeted iexplore.exe process, and is triggered by a malicious Flash … Read More

The Age of Perpetual Pwnage

Red Canary

Prior to creating Red Canary we used to do a lot of incident response work. Most of those customers were repeat customers both because they were ripe targets for attack and – not to humble-brag too much – we provided a great service at a very good price. We also left behind a great product (Cb) which, we argued, would … Read More

Herd Immunity

Red Canary

There was a great security-related post today at Harvard Business Review titled Online Security as Herd Immunity. The gist goes like this: computer security is the most effective if everyone you’re connected to – which is everyone – is also contributing to security. Just like a herd of animals, businesses that are all at the same level of defensive capability … Read More