Setting Time Expectations for RFIs

To effectively respond to events and incidents, cybersecurity defenders rely on their knowledge of various topics, e.g., DNS, HTTP, TCP/IP, LoLBINs, Windows services, processes, threads, WMI, Mimikatz, and more. The more a defender understands these technical topics, the more efficient and thorough their investigations will be. During an incident, the ability to contain and eradicate … Continue reading Setting Time Expectations for RFIs

External Attack Surface Management and its Integration with Cybersecurity Operations

Recent news reminds us that vulnerabilities persist in critical infrastructure platforms targeted by financially motivated and state-sponsored espionage threat actors. We're constantly hearing about the exploitation of old and new vulnerabilities as part of cyberattacks. While vulnerability management may be challenging, we must be vigilant and look for ways to improve our cybersecurity defenses. Implementing … Continue reading External Attack Surface Management and its Integration with Cybersecurity Operations

Rethinking Cyber Threat Intelligence

By Justin C. Klein Keane, Director, MorganFranklin Consulting The promise of cyber threat intelligence (CTI) was always that, as a global community, blue teams could share information about badness that happened instantaneously and proactively utilize indicators of attack (IOAs) or compromise (IOCs) observed by others. IOAs and IOCs are known as tactical CTI.While this was … Continue reading Rethinking Cyber Threat Intelligence

Threat Intelligence Requirements

Originally posted August 1, 2022 By ttheveii0x on Security Risk Advisors blog UPDATED: January 24, 2023 Establishing Threat Intelligence Requirements should be one of the first things organizations do when starting a Cyber Threat Intelligence (CTI) program. It is possible to establish CTI requirements with a CTI program already in place. Threat intelligence requirements provide … Continue reading Threat Intelligence Requirements

Defining Cyber Threat Intelligence

Cyber Threat Intelligence (CTI) is not a new area of cybersecurity, but uncertainty about what CTI is remains a question throughout the community. If you ask ten people to define CTI, you will likely hear eight to ten (8-10) different definitions. It’s very concerning that this is the current state of understanding. To test the … Continue reading Defining Cyber Threat Intelligence

Malware Analysis: A General Approach

Originally posted February 5, 2021 By ttheveii0x and Jonas Eichinger on Security Risk Advisors blog UPDATE: Rewritten on January 5, 2023 TL; DR Malware analysis has many benefits for organizations and cybersecurity operations; however, most organizations have not defined processes for performing malware analysis. This post walks through the questions that malware analysis can answer … Continue reading Malware Analysis: A General Approach