Threat Intelligence

Common Security Mistake #3: Aimless Use of Threat Intelligence

Phil Hagen

“Threat Intelligence” is the latest security concept to undergo aggressive cyber-buzzwordification (this is a real word). This is common in the information security industry, and follows a very predictable cycle: Discovery A real and valuable concept starts to take hold, and high-functioning security teams leverage the concept with great success. Socialization In a genuine interest to improve the security game, … Read More

Alert Fatigue

Alert Fatigue: How to Tune Out the Noise and Reclaim Your Hours

Keshia LeVan

As an analyst, reviewing events generally takes up a pretty good chunk of your day. And as much as there is a lot of hype about moving away from “signature-based detection,” many detection solutions are at their core just based on a rule (or set of rules) with some Boolean logic and pattern matching. That’s not to say they aren’t … Read More

Perimeter-Based Security

Common Security Mistake #2: Focusing on the Perimeter

Phil Hagen

Historically, security programs have focused most heavily on the perimeter of the environment, likely in an effort to mirror physical security measures. While fences and surveillance cameras at the entry and exit points of a bank or manufacturing facility may provide sufficient visibility and controls for the threat models faced in those scenarios, they simply are not adequate for the … Read More

Threat Hunting for Dridex

Threat Hunting for Dridex Attacks: Top Questions from Security Teams

Joe Moles

I recently spoke on a threat hunting webinar with our partner Carbon Black in which we dove into Dridex attacks: how they work, why they’re so effective, and how security teams can detect them through a proactive threat hunting approach. For anyone who’s unfamiliar with Dridex, the malware evades signature-based detection and is built to harvest the banking credentials of … Read More

Want Better Security? Start With These 5 Proven IT Fundamentals

Adam Mathis

I recently had the opportunity to talk with a number of security decision makers at a security event in Chicago. As much as I enjoy discussing the impact Red Canary has on our customers’ security postures, it’s even more enjoyable for me to simply talk shop with other security folks. What kind of problems are they facing? What solutions are … Read More

Windows Technical Deep Dive

How to Use Windows API Knowledge to Be a Better Defender

Ben Downing

The Windows API is a large, complex topic with decades of development history and design behind it. Although it is far too vast to cover in a single article, even a cursory knowledge is enough to improve your event analysis and your basic malware analysis skills. Understanding how Windows works can help defenders to better understand and defend against threats, … Read More

How to Mitigate Phishing Risk

You Will Be Phished. Three Ways to Mitigate Your Phishing Risk.

Phil Hagen

Phishing remains one of the most common and effective means for an attacker to gain initial access to their victims’ environments. Verizon’s 2017 Data Breach Investigation Report (DBIR) indicated that for two years running, phishing was the top variety of social attack, used in more than 90% of incidents and breaches. A more focused variant is “spearfishing,” which differs in … Read More