Privilege escalation is one of the key components of any attack that involves penetrating a system. If threat actors have limited access due to a current user’s privilege levels, they will naturally aim to escalate their privileges before expanding the scope of the attack. How can security professionals detect malicious escalation techniques before adversaries get…

Designing your security information and event management (SIEM) strategy can be very challenging, particularly in complex environments that depend on many systems and stakeholders. For security leaders, it may seem as though this work is never complete. Indeed, maintaining an effective SIEM program requires a cyclical approach of reviewing business objectives, planning detection and response…

2017 has been yet another year full of widespread, highly disruptive ransomware attacks, data-destroying malware outbreaks and other headline-grabbing security incidents. However, with more organizations increasing their level of security awareness, sharing threat intelligence, achieving regulatory compliance, and recruiting more women and new collar workers to launch cybersecurity careers, there is plenty to be thankful for this Thanksgiving.

Strong enterprise cybersecurity programs must be a built on a framework that incorporates strategic, operational, and tactical leadership and goals. As an enterprise, you used to worry about your competitors and your goal was to outpace them, to outservice them, and to outsmart them. Today, you can be the smartest and the fastest and have…

Steganography, or the practice of concealing a file, message, image or video within another file, message, image or video, may be an older technique, but it continues to be an incredibly versatile and effective method for obscuring or hiding information in plain sight. In 2017, IBM X-Force has identified three different malware samples in network…

As The Wall Street Journal recently pointed out, some clients of cloud service providers such as Amazon and Microsoft are accidentally leaving their cloud databases exposed due to misconfigurations of their services. Coupled with recent headline-making breaches, it’s becoming clear that the greatest risks to an organization might come down to a simple permission error or server…

A threat hunting program can provide an accurate picture of where your organization is exposed to threats and help security professionals strengthen those weaknesses. If you know how an adversary is breaking into your environment, you can improve your defenses and stop attacks from happening again in the future. This echoes the importance of having…

This is the first installment in a three-part series about malware sandboxing. Stay tuned for more information. When the fidget spinner fad hit last year, my seventh grader was immediately on board and quickly became a fidget spinner snob, boasting about bearing quality and spin longevity. My fifth grader, however, eschewed fidget spinners with the…

The continuous advancement and sophistication of cyberthreats has gradually decreased the sufficiency of traditional gateway and endpoint security solutions for protection against malware. These approaches were sufficient when malware occurred in small numbers and it was easy to differentiate between good and bad applications. Nowadays, there’s a world of unknown code — a gap between…

One of the fundamental problems with cybersecurity is that organizations often do not realize when they are compromised. Traditional incident response methods are typically reactive, forcing security teams to wait for a visible sign of an attack. The problem is that many attacks today are stealthy, targeted and data-focused. Just stop for a moment to…