The Cyber Kill Chain or: how I learned to stop worrying and love data breaches

[vc_row css=".vc_custom_1452687555475{margin-bottom: 100px !important;}"][vc_column offset="vc_col-lg-9 vc_col-md-9" css=".vc_custom_1452702342137{padding-right: 45px !important;}"][vc_custom_heading source="post_title" use_theme_fonts="yes" el_class="no_stripe"][stm_post_details][vc_column_text css=".vc_custom_1469204474178{margin-bottom: 20px !important;}" el_class="no_stripe"]Pulling off a heist is no easy feat – and in order to prevent theft, you best understand the plan of attack. Like any good…

The Pyramid of Pain

[vc_row css=".vc_custom_1452687555475{margin-bottom: 100px !important;}"][vc_column offset="vc_col-lg-9 vc_col-md-9" css=".vc_custom_1452702342137{padding-right: 45px !important;}"][vc_custom_heading source="post_title" use_theme_fonts="yes" el_class="no_stripe"][stm_post_details][vc_column_text css=".vc_custom_1469204064857{margin-bottom: 20px !important;}" el_class="no_stripe"]To illustrate this concept, I have created what I like to call the Pyramid of Pain.  This simple diagram shows the relationship between the types of indicators…

The Information Security Leader, Part 1: Two Distinct Roles, Four Fundamental Questions and Three Persistent Challenges

[vc_row css=".vc_custom_1452687555475{margin-bottom: 100px !important;}"][vc_column offset="vc_col-lg-9 vc_col-md-9" css=".vc_custom_1452702342137{padding-right: 45px !important;}"][vc_custom_heading source="post_title" use_theme_fonts="yes" el_class="no_stripe"][stm_post_details][vc_column_text css=".vc_custom_1469203926039{margin-bottom: 20px !important;}" el_class="no_stripe"]“If you always do what you’ve always done, you’ll always get what you’ve always got.” This kernel of wisdom comes from a certain high-tech headhunter…

The Security Cost of Free Smartphone Apps

[vc_row css=".vc_custom_1452687555475{margin-bottom: 100px !important;}"][vc_column offset="vc_col-lg-9 vc_col-md-9" css=".vc_custom_1452702342137{padding-right: 45px !important;}"][vc_custom_heading source="post_title" use_theme_fonts="yes" el_class="no_stripe"][stm_post_details][vc_column_text css=".vc_custom_1468414338842{margin-bottom: 20px !important;}" el_class="no_stripe"] There are hundreds of thousands of them to choose from now whether you have an iPhone, an Android or some other version of smartphone.…

Russian Threat Group Targets Clinton Campaign

[vc_row css=".vc_custom_1452687555475{margin-bottom: 100px !important;}"][vc_column offset="vc_col-lg-9 vc_col-md-9" css=".vc_custom_1452702342137{padding-right: 45px !important;}"][vc_custom_heading source="post_title" use_theme_fonts="yes" el_class="no_stripe"][stm_post_details][vc_column_text css=".vc_custom_1468414547659{margin-bottom: 20px !important;}" el_class="no_stripe"] Governments like to know what the leaders of rival countries are really thinking. To answer these questions, they may turn to their spy agencies,…

Best Practices for Confidence in the Cloud

[vc_row css=".vc_custom_1452687555475{margin-bottom: 100px !important;}"][vc_column offset="vc_col-lg-9 vc_col-md-9" css=".vc_custom_1452702342137{padding-right: 45px !important;}"][vc_custom_heading source="post_title" use_theme_fonts="yes" el_class="no_stripe"][stm_post_details][vc_column_text css=".vc_custom_1468415537126{margin-bottom: 20px !important;}" el_class="no_stripe"] Until recently, most cloud migration decisions were made without the benefit of the CISO's guidance. In an effort to take advantage of cloud efficiencies,…

Malware Lingers with BITS

[vc_row css=".vc_custom_1452687555475{margin-bottom: 100px !important;}"][vc_column offset="vc_col-lg-9 vc_col-md-9" css=".vc_custom_1452702342137{padding-right: 45px !important;}"][vc_custom_heading source="post_title" use_theme_fonts="yes" el_class="no_stripe"][stm_post_details][vc_column_text css=".vc_custom_1468416117681{margin-bottom: 20px !important;}" el_class="no_stripe"] Threat actors leveraged a “notification” feature in the Windows Background Intelligent Transfer Service (BITS) to download malware. In May 2016, the SecureWorks® Incident Response…