As I’ve written about in previous articles, security automation technology is creating impressive gains for security and incident response teams, by helping them improve operational effectiveness, increase speed and agility, and reduce risk. More and more security analysts and SOC managers are beginning to understand the potential of automation as they experience it firsthand or hear about it from their peers.
Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent email from what seemed to be your bank or even seen the hacking that took place during the 2016 US presidential election. But what do you know about phishing?
If you want to understand why you should be worried about the proliferation of cyberweapons and the lack of arms control treaties governing them, then read on.
Cybersecurity headlines in recent years have been dominated by companies losing money by being hacked and leaking the data of millions of customers.
But today, cybersecurity is moving beyond the financial impact to concerns over public safety, national security, and even cyberwarfare.
To understand the state of cyberwar and its potential impact, we should all keep in mind two things:
1. The proliferation of cyberweapons is already happening
2. Arms control of cyberweapons hasn’t caught up
1- Hypothesis Generation The first step when it comes to formulating an investigation is to create hypotheses. The aim of these hypotheses is to find evidence of threats before they are exploited, or even ones that are already being exploited.
2 – Validation of the hypotheses. Once a hypothesis has been defined, its validity needs to be verified. We then need to look for the existence of threats that fit this hypothesis. In this stage it is usual for some hypotheses to be discarded, while research into others is prioritized due to their likelihood or criticality.
3 – Finding evidence. From the results obtained in the previous search, we need to verify if a threat really exists. False positives and mistakes in configuration are set aside, and efforts are focused on the validated hypotheses.
4 – Discovery of new patterns. The attack is reconstructed to find any new patterns and tactics used to carry it out.
5 – Notification and enrichment. Using the knowledge generated during the Threat Hunting process, the automatic detection systems are enriched and improved. This way, the organization’s global security is improved thanks to the discoveries made during the investigation.
The Domain Name System (DNS) is one of the foundational components of the internet that malicious actors commonly exploit and use to deploy and control their attack framework. The internet relies on this system to translate domain names into numbers, known as Internet Protocol (IP) addresses. Giving each IP a unique identifier allows computers and devices to send and receive information across networks. However, DNS also opens the door for opportunistic cyberattackers to infiltrate networks and access sensitive information.
Knowing the True Value of Data Assets Will Improve Cyber Security and Promote Meaningful Cyber Insurance
Understanding the value of corporate assets is fundamental to cybersecurity risk management. Only when the true value is known can the correct level of security be applied.
Sponsored by DocAuthority and based on Gartner’s Infonomics Data Valuation Model, Ponemon Institute queried 2,827 professionals across the U.S. and UK to gauge how different business functions value different information assets. The business functions included in the research comprise IT security, product & manufacturing, legal, marketing & sales, IT, finance & accounting, and HR.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
558 Comments
Tomi Engdahl says:
Security Automation Can be a Game Changer for Any SOC or CSIRT, Including Yours
https://www.securityweek.com/business-outcomes-automated-phishing-response
As I’ve written about in previous articles, security automation technology is creating impressive gains for security and incident response teams, by helping them improve operational effectiveness, increase speed and agility, and reduce risk. More and more security analysts and SOC managers are beginning to understand the potential of automation as they experience it firsthand or hear about it from their peers.
https://www.securityweek.com/authors/stan-engelbrecht
Tomi Engdahl says:
Secure your privileged administrative accounts with a phased roadmap
https://cloudblogs.microsoft.com/microsoftsecure/2018/11/29/secure-your-privileged-administrative-accounts-with-a-phased-roadmap/
Tomi Engdahl says:
What is Phishing?
https://blog.sucuri.net/2018/11/what-is-phishing.html
Phishing is a serious threat to any industry. We have seen this topic appear in the news more each day. You might have already received a fraudulent email from what seemed to be your bank or even seen the hacking that took place during the 2016 US presidential election. But what do you know about phishing?
Tomi Engdahl says:
The state of cyberwarfare: 2 things you need to know
https://www.zdnet.com/article/the-state-of-cyberwarfare-2-things-you-need-to-know/#ftag=RSSbaffb68
If you want to understand why you should be worried about the proliferation of cyberweapons and the lack of arms control treaties governing them, then read on.
Cybersecurity headlines in recent years have been dominated by companies losing money by being hacked and leaking the data of millions of customers.
But today, cybersecurity is moving beyond the financial impact to concerns over public safety, national security, and even cyberwarfare.
To understand the state of cyberwar and its potential impact, we should all keep in mind two things:
1. The proliferation of cyberweapons is already happening
2. Arms control of cyberweapons hasn’t caught up
Tomi Engdahl says:
Hacked and Fake Accounts
https://www.facebook.com/help/1216349518398524/?helpref=hc_fnav
Tomi Engdahl says:
Getting to know the Threat Hunting process
https://www.pandasecurity.com/mediacenter/security/getting-to-know-the-threat-hunting-process/
these are the steps of the investigation:
1- Hypothesis Generation The first step when it comes to formulating an investigation is to create hypotheses. The aim of these hypotheses is to find evidence of threats before they are exploited, or even ones that are already being exploited.
2 – Validation of the hypotheses. Once a hypothesis has been defined, its validity needs to be verified. We then need to look for the existence of threats that fit this hypothesis. In this stage it is usual for some hypotheses to be discarded, while research into others is prioritized due to their likelihood or criticality.
3 – Finding evidence. From the results obtained in the previous search, we need to verify if a threat really exists. False positives and mistakes in configuration are set aside, and efforts are focused on the validated hypotheses.
4 – Discovery of new patterns. The attack is reconstructed to find any new patterns and tactics used to carry it out.
5 – Notification and enrichment. Using the knowledge generated during the Threat Hunting process, the automatic detection systems are enriched and improved. This way, the organization’s global security is improved thanks to the discoveries made during the investigation.
Tomi Engdahl says:
5 Tips for Uncovering Hidden Cyberthreats with DNS Analytics
https://securityintelligence.com/5-tips-for-uncovering-hidden-cyberthreats-with-dns-analytics/
How DNS Analytics Can Boost Your Defense
The Domain Name System (DNS) is one of the foundational components of the internet that malicious actors commonly exploit and use to deploy and control their attack framework. The internet relies on this system to translate domain names into numbers, known as Internet Protocol (IP) addresses. Giving each IP a unique identifier allows computers and devices to send and receive information across networks. However, DNS also opens the door for opportunistic cyberattackers to infiltrate networks and access sensitive information.
Tomi Engdahl says:
Knowing Value of Data Assets is Crucial to Cybersecurity Risk Management
https://www.securityweek.com/knowing-value-data-assets-crucial-cybersecurity-risk-management
Knowing the True Value of Data Assets Will Improve Cyber Security and Promote Meaningful Cyber Insurance
Understanding the value of corporate assets is fundamental to cybersecurity risk management. Only when the true value is known can the correct level of security be applied.
Sponsored by DocAuthority and based on Gartner’s Infonomics Data Valuation Model, Ponemon Institute queried 2,827 professionals across the U.S. and UK to gauge how different business functions value different information assets. The business functions included in the research comprise IT security, product & manufacturing, legal, marketing & sales, IT, finance & accounting, and HR.