Protecting Microsoft Active Directory Part 3:  Deception-based AD Security

Protecting Microsoft Active Directory Part 2: Attack Paths

In a previous blog, we provided an overview of the (unfortunately quite complex) Active Directory Attack Surface. In Part 2 of this series, we’ll explore how attackers plan their movement and traverse attack paths once they have discovered AD vulnerabilities and...
OT Risk Management – Deceiving Your Way to IT/OT Convergence

OT Risk Management – Deceiving Your Way to IT/OT Convergence

Securing Operational Technology (OT) networks is definitely “a thing” these days. OT environments include specialized equipment (e.g. PLCs) that monitor and control production facilities such as refineries, manufacturing plants and utilities. The stakes are high with...
Threat Hunting the Modern Way

Threat Hunting the Modern Way

When you think threat hunting, what comes to mind? For most enterprise security staff, the answer is “Hmmm, not sure if that’s for me”. It’s true that threat hunting is a bit daunting: What goals am I going to achieve? What will I do if I actually find an adversary?...
The Solarwinds Attack – Don’t Trust; Always Verify

The Solarwinds Attack – Don’t Trust; Always Verify

What’s the biggest lesson from the SolarWinds fiasco? That just focusing security defenses on the most common means of penetrating an organization doesn’t cut it. Sure, you should guard against phishing, fortify your DMZ and Internet-facing applications,...