In the first installment of this three-part series based on our recent white paper, The Skeptic’s Guide to Buying Security Tools, we outlined an evidence-based approach to helping your organization justify a new security tool purchase. This included identifying where security gaps exist, if those gaps could be filled by existing tools, and—if not—how to evaluate potential tools that could help.

When Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin published their paper “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” in late 2010, they changed the way security personnel thought about defending their digital assets. The paper continues to be a useful model for defense today. This article proposes ways that modern network-derived evidence applies to the kill chain.

As a principal security researcher on Corelight’s Labs team, I help to solve difficult network security research problems at scale. Corelight’s customers might recognize some of my work if you see the packages “VPN Insights” or “App ID” on your sensors. Outside of my day-to-day role, I have a hobby podcast called eCrimeBytes where we lightheartedly discuss an electronic crime case each week.

Defend your digital assets in 2023 with modern strategies. From IaC scanning to secrets detection to honeytokens, strengthen your castle against evolving threats.

In this blog post, we will explore how the computer security landscape has expanded to reach below the operating system levels, aiming to address areas that are often overlooked or completely neglected in cybersecurity. Attackers have discovered techniques to establish long-term persistence in compromised hosts by injecting malicious code to run before the operating system loads in areas commonly referred to as Basic Input Output System (BIOS).

As organizations grow, they naturally need to analyze logs from more data sources. But as these data sources expand in number and type, it becomes more difficult for teams to scale their security detection rules to keep up with the ever-changing threat landscape. Sigma is an open source project that aims to address this challenge. By leveraging the expertise of the open source community, Sigma enables security teams to implement out-of-the-box rules that cover a wide range of threat scenarios.

In a recent panel discussion led by David Neuman, Sr. Analyst with TAG Cyber, ThreatQuotient’s Dave Krasik, Sr. Director of Product Management and Jessica Bair Oppenheimer, Director, Cisco Security Strategic Alliances shared their insights on data-driven security operations. The discussion focused on the challenges and importance of prioritizing, automating and collaborating to detect and respond to threats, and was followed by a demo of the ThreatQ Platform.

As technology advances, the battle between cyber criminals and organizations intensifies. Cyber threats have become more sophisticated, complex, and widespread, posing a significant risk to the security and integrity of sensitive data. In Q1 2023 alone, the number of global cyber attacks increased by 7%, with an average of 1,248 attacks reported per week.