Threat modeling is a process by which potential threats can be identified, enumerated and prioritized, all from a hypothetical attacker’s point of view. The purpose of threat modeling is to provide defenders with a systematic analysis of the probable attacker’s profile, the most likely attack vectors and the assets most desired by an attacker. Ef

Some of the best intelligence an operator or decision-maker can obtain comes straight from the belly of the beast. That’s why dark web intelligence can be incredibly valuable to your security operations center (SOC). By leveraging this critical information, operators can gain a better understanding of the tactics, techniques and procedures (TTPs) emplo

It’s hard to escape the reality that every day, cyberthreats morph and expand, escalating the need to improve and tighten security operations and response practices. While it may feel overwhelming, there are ways to help level the playing field. Cognitive computing and machine learning are new technologies that can empower security practitioners to foc

This is the final installment in a three-part series. Be sure to read Part 1 and Part 2 for more information. Improving integration, visibility and analytics with a platform approach to security information and event management (SIEM) is the means to the business value of security, compliance and operational efficiency. Security teams are operating in an

When you work in the cybersecurity industry, the skills shortage isn’t just a news topic — it’s a serious business challenge. How can security teams defend against cybercriminals and their ever-evolving attack techniques when they’re significantly outnumbered? How can they successfully dig through millions of events across dozens of point s

This is the second installment in a three-part series. Be sure to read the first installment for more information. In highlighting the difference between tools and platforms for security monitoring and analytics initiatives, one of the biggest benefits of a platform approach is that it lets your security analysts be analysts instead of researchers. Download

Janus, the ancient Roman god of beginnings and endings — from which we get the name for January, the first month of the calendar year — was depicted as having two faces: one looking backward and one looking forward. In the context of time, it can be argued that security monitoring and analytics initiatives are the Janus of contemporary cybersecurity. LetR

The cyberthreat intelligence (CTI) community has not yet agreed on attribution for the threat actor behind the NotPetya malware, but it is actively investigating. The apparent objective of NotPetya is to destroy infected computers, not necessarily to hold data ransom. Hopefully, you have already invested in solid backups. But when it comes to further manag

As a child, I used to dread going for my annual checkup. Whether it was the anxiety of receiving shots or being poked and prodded, the lollipop at the end never really made up for the angst beforehand. With age comes wisdom, however, and I now understand why a health check is important for the human body to function properly. In a security scenario, a health

Many companies, organizations, groups and individuals who are vigilant in the face of new cyberthreats create highly advanced detection and prevention systems to help potential victims identify and remediate security events as quickly as possible. While these controlling, monitoring and alerting mechanisms can be used in isolation, their true value lies in

We all have heard the proverb: One rotten apple can spoil the whole barrel. This also applies to many practical scenarios in our day-to-day life, like finding a stinky sock in a pile of fresh laundry. Similarly, in a security operations center (SOC), one of the tasks security analysts spends most of their time on is identifying and detecting the actual threa

Organizations are increasingly clustering their skills and capabilities into security operations centers (SOCs). An SOC is a focused facility where security specialists monitor, assess and defend against computer security issues. Introducing virtual reality (VR) and augmented reality (AR) technology into this environment can enhance the team’s performa

If it’s summer, it must be Hollywood blockbuster season. Disaster! Horror! Explosions! Supervillains! But in the corporate world, it’s summer blockbuster season year-round. Networks of zombie bots! Twisted teenage genius hackers! The chills and thrills are dramatic, and they make for easy presentations. Give the audience enough explosions, and

Microsoft Office 365 is popular — very popular. In 2016, Gartner reported that 78 percent of enterprises surveyed used or planned to use Office 365. With access to a range of user activity events from a variety of sources, including Exchange Online, SharePoint Online and Azure Directory, how can Office 365 administrators correlate all this valuable data wit

Security information and event management (SIEM) is top-of-mind for many chief information security officers (CISOs). There are many common challenges related to the implementation of SIEM, some of which are rooted in false expectations and inconsistent views. This is a good reason to address five of the most common misunderstandings associated with SIEM, wh