How to Mitigate Phishing Risk

You Will Be Phished. Three Ways to Mitigate Your Phishing Risk.

Phil Hagen

Phishing remains one of the most common and effective means for an attacker to gain initial access to their victims’ environments. Verizon’s 2017 Data Breach Investigation Report (DBIR) indicated that for two years running, phishing was the top variety of social attack, used in more than 90% of incidents and breaches. A more focused variant is “spearfishing,” which differs in … Read More

Using Carbon Black Response to Mitigate ETERNALBLUE

Keith McCammon, Chief Security Officer

In case you’ve been under a rock: There’s a wee problem with ransomware, fueled by the public release of a handful of high quality access (exploit) and persistence (backdoor) utilities. Most recently, these have manifested in the form of the WannaCry and Petya epidemics. While good intelligence on Petya infection vectors and lateral movement techniques are in a state of … Read More

Security Operations Program: How to Measure and Report Effectiveness

Five Guidelines for Measuring and Reporting on Your Security Operations Program

Joe Moles

Whether you have a well-established security operations program or are building it from the ground up, it’s important for security teams to constantly show value and identify opportunities for improvement. If you can’t answer questions like “How is our security program performing?” and “Where do we need to focus our time and attention?” — start with these five high-level guidelines. … Read More

investment firm information security

An Investment Firm’s Information Security Strategy: Layering Multiple Partners for a Robust Line of Defense

Suzanne Moore

Cybercriminals attacked the financial services sector more than any other industry last year. A recent research report found that 75% of the top 20 U.S. commercial banks (by revenue) are infected with malware. And another analysis on cyber risk management found that 69% of incidents went undetected by financial security teams for weeks to months. So what is the best line of … Read More

Incident Response Retainers

An Analyst’s Tale of Incident Response Retainers: “It’s All About the Benjamins”

Frank McClain

Once upon a time there lived a boy named Benjamin. Benjamin was very smart, and grew up with a passion for Information Security. As an adult he became part of the InfoSec team at “WidgetCo,” whose highly-prized widgets made their network and computing infrastructure a constant target. Benjamin was constantly making recommendations to help the organization defend against a barrage … Read More

Lack of visibility

Common Security Mistake #1: Lack of Visibility

Phil Hagen

Even mature security teams sometimes make mistakes. This series of blog posts will address common mistakes based on real-world engagements with teams of all sizes and maturity levels. The author, Phil Hagen, is a long-time information security strategist, digital forensics practitioner, and SANS Certified Instructor. Part of Phil’s role at Red Canary is to educate organizations about ways to solve problems … Read More

cost of endpoint detection and response

What’s the Cost of Endpoint Detection & Response?

Suzanne Moore

Every security team is constrained by staff and budget. It’s not surprising, then, that one of the most common questions we hear from security teams is around the cost and ROI of an Endpoint Detection & Response (EDR) investment. For every company considering EDR, it is important you know that it’s far from being a “set it and forget it” … Read More