Threat Hunting

Paul and I have talked a lot about his enchanted quadrants on the podcasts, but for those who haven’t watched, here’s a quick summary…  An effective security program requires the integration of four key data sources: Logs (firewall, network, application, etc.) Endpoint (files, processes, logs, etc.) Network (flow and packets) Threat Intelligence Most organizations build […]

The endpoint market has been hot for years.  At one point, there were over 80 new endpoint vendors trying to displace the traditional anti-virus vendors.  The endpoint security market was transitioning from endpoint protection to endpoint detection and response (EDR).  EDR is all the rage, but do you really need one? While the endpoint market […]

There are numerous security use cases where the integration of network packet data provides additional contextual information for better actionability.  Free and open source packet capture tools do a great job capturing packets, but how do you collect, aggregate, and analyze that data at scale? Let’s start with a quick review of packet capture tools, […]

Data breaches are becoming more costly.  According to the 2019 Cost of a Data Breach Report, the average total cost of a data breach is $3.92 million, up 12% over the past five years.  The average size of a data breach is 25,575 records, up 3.9% from the previous year.  With these continued increases, how […]

We hear a lot about security orchestration, automation, and response.  It will help us with our security skills gap.  It will improve our operational efficiency, thus reducing mean time to detect and respond to incidents.  It will give us more time for threat hunting.  But how much is really being automated? In sponsorship with ServiceNow, […]