Achieving Operational Excellence in a Cybersecurity Program
As cybersecurity threats continue to grow in complexity and frequency, achieving operational excellence in threat detection and response is more important than ever. However, SOCs (Security Operation Centers) often face a variety of operational challenges that can hinder their ability to effectively protect their organizations. From alert fatigue to manual ... Read More
Enabling File Integrity Monitoring on Windows with Osquery and EclecticIQ Endpoint Response
File Integrity Monitoring (FIM) is a security control that helps organizations ensure the integrity of their files and systems by monitoring changes to files and directories. FIM is an important security control needed for almost all kinds of compliance requirements, like PCI DSS, HIPAA, GDPR and ISO. The aim of ... Read More
If Infosec Was a Supermarket Business
By Jordan Durham I was recently reading an article which made a brief analogy between cybersecurity and a retail store. This got me thinking – could there be a deeper analogy made for cybersecurity and a supermarket, especially detection and response programs? I strongly believe that awareness is one of ... Read More
Why MSSPs Must Go Beyond Pure Efficiency to Deliver Value in Cybersecurity
Today’s managed security service providers (MSSPs) are faced an eternal struggle when it comes to their customers. They must be able to provide a sufficient level of value while at the same time maintaining operational efficiency. This balancing act isn’t easy, especially since focusing on one side will have major ... Read More
Compliance Does Not Equal Cybersecurity
HIPAA, GDPR, PCI, CIS, NIST. Does any of those acronyms sound familiar? Chances are, you’ve heard of several and have a general understanding of what they’re all about. For those that don't, these are examples of regulatory compliance frameworks, and their aim is to provide policies and processes for security ... Read More
Data Philosophy and Technology Combine for Better Endpoint Security
Russel Ackoff was the one of first to define a hierarchy from data to wisdom (1). In Ackoff’s words: "Data are symbols that represent the properties of objects and events. Information consists of processed data, the processing directed at increasing its usefulness. For example, census takers collect data. The ... Read More
Hunting Emotet Made Easy with EclecticIQ Endpoint Response
Earlier this year, EclecticIQ Analysts published this article detailing the inner workings of a newly observed Emotet variant. In November, another industry source published a report talking about the resurgence of Emotet after a hiatus. The report describes how Emotet is activated after remaining dormant to obfuscate the infection ... Read More
Using Log Parsing to Stop Microsoft IIS Backdoor Attacks
Chances are you’ve heard of Microsoft’s Internet Information Services, (more commonly known as IIS) as it’s one of the most popular web servers in the world, boasting a user base of over one million websites and included in the tech stack of nearly 6,000 companies. Being popular is great, but ... Read More
5 Questions to ask About Your EDR – Integration
This is the final part in our series on some of the capabilities you should be looking for in your Endpoint Detection and Response solution. Why are we writing this series? Choosing the right EDR solution is important. A recent SANS survey entitled Modernizing Security Operations found that EDR is ... Read More
5 Questions to ask About Your EDR – Response
This is part 3 in a series on some of the capabilities you should be looking for in your Endpoint Detection and Response solution. Choosing the right EDR solution is important, as pointed out by a recent SANS survey entitled Modernizing Security Operations which found that EDR is considered the most ... Read More
