Security incidents as unwanted as they are can be turned into a great opportunity for improvement. Listen to my speech at the Forensik Conference where I go through what I consider the top common lessons learned after IR.
Tag Archives: cybersecurity
‘Motive – Opportunity – Impunity’ cycle shapes the cybersecurity threat landscape for years
Motive – Opportunity – Impunity: without breaking this cycle in the global private and public sectors cooperation, there’ll be no end to cybercrime nor to politically motivated hacks. Motive Money. That’s what’s directly behind the majority of cyber attacks today. Another much less frequent but very dangerous motive is politics with state actors seeking influenceContinue reading “‘Motive – Opportunity – Impunity’ cycle shapes the cybersecurity threat landscape for years”
How to make smart investments in cybersecurity
Developing and prioritizing investment needs is not an easy task for most of the CISOs out there. Most of them face strong budgeting constraints and need to extensively justify every penny they request. Some will only get significant spending approved after their organization experienced a significant breach. This article aims to provide a noninclusive listContinue reading “How to make smart investments in cybersecurity”
Proactive Threat Hunting – no longer a whim
Originally posted in 2018. We are undoubtedly in the era of huge security alert fatigue. This has been caused by the vast number of false positive alerts generated every day by countless security products that organizations put in place to improve their defences. Because of this, it’s hard to justify resources who would essentially focusContinue reading “Proactive Threat Hunting – no longer a whim”
Let’s start with the basics. Windows security events monitoring.
Originally published in 2015. Security logs collection and analysis is crucial for security incident detection and response. There are many tools that can help in this activity but they can be only as good as the data that is sent to them. This guide concentrates on providing recommendations and ideas to consider when planning logContinue reading “Let’s start with the basics. Windows security events monitoring.”
Finding newly registered domains for hunting and blocking.
Originally published in 2015. Email addresses in freshly registered short lived domains are increasingly used to send spam and malware. They are also used in spear phishing campaigns often combined with bitsquatting/typosquatting techniques to fool users into trusting the message content. The same applies to websites serving malicious content that are linked by the phishingContinue reading “Finding newly registered domains for hunting and blocking.”