Compliance is like an annual checkup at the dentist: Nothing good is likely to come of it and we want it to be as fast and painless as possible. In the first of two blogs on compliance, we’ll consider how best to think about compliance intent, and how deception can...
On 24 July, 2019 the State of Louisiana actually had to declare a state of emergency over what appears to have been a ransomware attack against at least three of the school districts within the state. So far, the districts impacted include Sabine, Ouachita, and...
The Cyber Kill Chain If you’re reading this blog, you likely know the basics of the cyber kill chain. You might even be able to name a few of the seven stages in the kill chain, which lays out the steps adversaries take to attack and exploit their victims. Where you...
When you think threat hunting, what comes to mind? For most enterprise security staff, the answer is “Hmmm, not sure if that’s for me”. It’s true that threat hunting is a bit daunting: What goals am I going to achieve? What will I do if I actually find an adversary? Do I have the skills […]
What’s the biggest lesson from the SolarWinds fiasco? Just focusing security defenses on the most common means of penetrating an organization doesn’t cut it.