Implementing ATT&CK™ into a security program is not without pitfalls, and we’ve encountered a handful of them over the past year-and-a-half as we’ve worked on operationalizing ATT&CK in our detection and response platform.
Everyone, please take a deep breath and say it with me: “Macs are invulnerable to compromise.” Everyone knows that’s true, right? Attacking a Mac is impossible. Okay, well perhaps most of the population thinks that, but we are part of the uber-elite cyber-warriors that know better. All systems are vulnerable. Our Macs only get popped when we want them to, … Read More
Search the internet on the subject of “InfoSec talent shortage” and you will get enough results to keep you busy for a long time. But if you’re in management or another leadership role, you don’t need the internet to prove there’s a problem. You feel the pain every time you search for a good candidate to fill an open position, … Read More
For much of the cybersecurity industry, purchasing new products every few years is the status quo to “staying ahead” of adversaries. We’ve built moats, extra high castle walls with barbed wire, added sharks with laser beams to the water, fortified the castle door—yet somehow, something evil still creeps its way in. The reality is, we need core cybersecurity products and … Read More
The “build vs buy” debate in security technology has been argued so many times that there are few unique positions left to take. Builders prioritize flexibility and control, while buyers prioritize predictable performance, scale, cost, and results. The debate continues not because there are groundbreaking arguments in favor of one or the other. The build vs buy debate continues because … Read More
This is Part 2 in a two-part series that examines actions taken by adversaries in a breach. In Part 1, we covered steps taken to establish persistence in the environment. This post will dive into steps the malware took to evade defenses as it disabled security tools, masqueraded as Windows binaries, accessed credential management libraries, and moved laterally across the network. A weaponized document … Read More