Threat Intelligence

Common Security Mistake #3: Aimless Use of Threat Intelligence

Phil Hagen

“Threat Intelligence” is the latest security concept to undergo aggressive cyber-buzzwordification (this is a real word). This is common in the information security industry, and follows a very predictable cycle: Discovery A real and valuable concept starts to take hold, and high-functioning security teams leverage the concept with great success. Socialization In a genuine interest to improve the security game, … Read More

Threat Hunting for Dridex

Threat Hunting for Dridex Attacks: Top Questions from Security Teams

Joe Moles

I recently spoke on a threat hunting webinar with our partner Carbon Black in which we dove into Dridex attacks: how they work, why they’re so effective, and how security teams can detect them through a proactive threat hunting approach. For anyone who’s unfamiliar with Dridex, the malware evades signature-based detection and is built to harvest the banking credentials of … Read More

Automated Threat Hunting

Automated Threat Hunting: the Man vs Machine Debate

Frank McClain

There has been a fair amount of discussion (and disagreement) about the role of machines and automated threat hunting. It’s the endless debate of man vs machine—or, as I like to think of it, “AI vs AI.” You might wonder how man/machine is the same as AI/AI, but that’s pretty simple: one stands for “Artificial Intelligence” and the other is … Read More

Threat Hunting vs Threat Mining

There’s Gold in Those Endpoints: Threat Mining vs Threat Hunting

Joe Moles

In my last post I talked about what threat hunting is and is not. Between that and our recent webinar on threat hunting, I’ve gotten a lot of questions and wanted to follow up with a deeper dive into how Red Canary analysts use threat hunting to find threats on behalf of our customers. My team eats, sleeps, and breathes … Read More

Threat Hunting

Threat Hunting Is Not a Magical Unicorn

Joe Moles

Threat hunting, like most market buzz terms, started with a concept or an idea, and then got overused and misused by every vendor, blogger, and Twitter account with an opinion. This has led to a lot of confusion for security teams that want to build a threat hunting capability. So what is threat hunting and how do you do it? … Read More

PowerShell Empire

Detecting Post Exploitation with EDR: What Security Teams Need to Know

Joe Moles

I recently joined Rick McElroy from Carbon Black on a webinar to discuss techniques for detecting post exploitation with EDR. The steady stream of questions reminded me how many people are interested in the topic. I’m passionate about helping people detect post exploitation behaviors and am always excited to share what I have learned. I wanted to circle back and share some … Read More