Cybersecurity Blog: The Cyber Scene is evolving, are you?

One of the most compelling questions asked today by security operations is, “Can we enable our analysts to make security decisions that will have a positive impact on the overall security posture of our organization?” The short answer is, “Yes. But it’s not easy.”

Read more

“You will never reach your destination if you stop and throw stones at every dog that barks.” – Sir Winston Churchill

This summer our team has been traveling the globe with our message of cyber enlightenment. Through real-world accounts of how we’ve helped some of the world’s most prominent companies mature their cybersecurity posture, our analysts have inspired hope and doled out practical steps both practitioners and leadership can take to shore up their networks.

Read more

“You can’t buy the Cyber Kill Chain®, but you can buy into it.” 

In a recent webcast, Senior Security Strategist at Solutionary, Jon Heimerl, joined me for a discussion about the tactical and strategic approaches of using the Cyber Kill Chain® to effectively respond to cyber-threats.

After reviewing key findings from the NTT Group’s 2016 Global Threat Intelligence Report, Heimerl introduced an incident response case study (minute 10:18 of the recording below) in which the team effectively leveraged the Cyber Kill Chain analytic framework to better understand each phase of the attack and gain a comprehensive picture of the adversary’s tactics, techniques and procedures. The mid-size financial client, code named Peaceful Panda Financial Corporation (PPFC), did not know they were breached until day 65 of the attack.

I jump in at minute 13:10 of the recording to walk us through the seven successful steps the adversary took before posting sensitive PPFC data to a PasteBin site. 

Read more

Lockheed Martin Cyber Kill Chain® Prominent Component of NTT Group’s 2016 Global Threat Intelligence Report

This year’s Global Threat Intelligence Report (GTIR) provides organizations the data needed to disrupt attacks. Solutionary, an NTT Group company, partnered with Lockheed Martin on their 5th annual GTIR. 2016 is the first year the report included partners with the goal of an expanded view of the threat landscape, and more analysis of attacks, threats and trends from last year. The 2016 GTIR includes information from 24 security operations centers, seven R&D centers, 3.5 trillion logs, 6.2 billion attacks, and 8,000 security clients across 6 continents.

The report uses last year’s attack information and the Lockheed Martin Cyber Kill Chain to highlight practical application of the Cyber Kill Chain and explain a comprehensive strategy to enable effective security across the entire organization.

Read more

As previously discussed (TIP Defined blog post), a properly employed Threat Intelligence Platform can enable an organization to take a more effective approach to computer network defense. In this post we will delve a bit deeper into how a Threat Intelligence Platform (TIP) can act as a tool for incident response and investigations, becoming a central hub for SOC operations performing with an Intelligence Driven Defense®mindset.

Read more

Arguably one of the most important aspects of cybersecurity is Threat Intelligence. Yet despite its importance, this particular discipline as part of a solid security posture is often underestimated in terms of importance.

The consulting company, Forrester, defines threat intelligence as the details of the motivations, intent and capabilities of internal and external threat actors. Forrester extends their definition of Threat Intelligence to include specifics on the tactics, techniques and procedures that hackers and Advanced Persistent Threats employ within their attacks. - Threat Intelligence Buyer’s Guide SANS CTI Summit, 10 February 2014.

Read more