Cybersecurity Blog: The Cyber Scene is evolving, are you?

Return to blog
Currently the manager and lead analyst for the Leidos Commercial Cyber Services Security Intelligence team, Mr. Lachesky has over 6 years of professional experience in the computer network defense and cyber threat intelligence domain. His background includes working as an analyst as part of the Lockheed Martin Computer Incident Response Team (LM-CIRT) (the group that defends the LM Network from Advanced Cyber Threats). He currently supports Leidos Cyber commercial clients through a variety of services, products, and engagements with a unique focus on cyber security and advanced threats. Mr. Lachesky leverages his expertise in industry leading technologies and methodologies to respond to these information security threats. He and his team conduct incident response and triage activities for commercial clients and provide remediation and mitigation strategies. This includes analyzing APT tactics and techniques, developing and implementing advanced detections and analysis capabilities for APT, and performing Incident Response and Forensics. Mr. Lachesky holds a Master of Information Systems Management degree from Carnegie Mellon University, and a Masters Certification in Systems Engineering from Johns Hopkins University.

Cyber attacks are rising faster than ever, resulting in malicious threats infiltrating corporate networks and just about anything technology based. This reality has brought about a shift in the cybersecurity landscape and for good reason.

Read more

An evolving threat landscape, persistent adversaries, and a shortage of talent and skills are some of the reasons security teams struggle to successfully defend their organizations. However, the biggest roadblock to a successful defense is often self-inflicted.

Read more

An adversary has successfully carried out a cyber-attack, the proverbial stuff has hit the fan, and it’s all hands on deck to figure out what happened. Unfortunately, it’s not until this type of incident response happens that organizations perform any type of analysis. The silver lining is that these situations can provide invaluable understanding of the threats facing an environment; however, they’re costly, both in terms of time and effort and impact to the business.

Unbeknownst to most organizations, just as much (and likely much more) insight can be gained from identifying and analyzing the attacks that fail. Analyzing what happened and what could have happened means defenders can gain a better understanding of how an adversary operates, and then use that knowledge to defend against that adversary and others like them.

So why aren’t more organizations doing this type of valuable analysis?

Read more

One of the most compelling questions asked today by security operations is, “Can we enable our analysts to make security decisions that will have a positive impact on the overall security posture of our organization?” The short answer is, “Yes. But it’s not easy.”

Read more

“You can’t buy the Cyber Kill Chain®, but you can buy into it.” 

After reviewing key findings from the NTT Group’s 2016 Global Threat Intelligence Report including an incident response case study in which a team effectively leveraged the Cyber Kill Chain analysis framework to better understand each phase of the attack and gain a comprehensive picture of the adversary’s tactics, techniques and procedures. The mid-size financial client, code named Peaceful Panda Financial Corporation (PPFC), did not know they were breached until day 65 of the attack.

Below I walk through the seven successful steps the adversary took before posting sensitive PPFC data to a PasteBin site. 

Read more

Our team has been actively involved in defending some of the most attacked organizations in the world. Having a front row seat in the fight against advanced persistent threats (APTs) has informed how I think about defense and intelligence. Last month I teamed up with our partners at Cybereason to discuss:

    • The most pressing challenges your company faces when fighting APTs:
      • Excessive false positives
      • Lack of threat context
      • Poor endpoint visibility
    • Four steps you can take to combat APTs in your organization, including automating threat detection and implementing behavioral analysis
    • How to empower your security team in the fight against APTs by adopting automatic threat detection, eliminating alert fatigue and using endpoint data to reveal full attacks

Read more