Skip to main content

Ransomworm: Don’t Cry – Act.


In July last year, we released our research report on the Anatomy of a Ransomware attack in which we looked into both the financial model of ransomware and then detection as it unfolds. Due to the recent WannaCry ransomware craze, we think it’s time to revisit. When we addressed ransomware last year, we made a significant comment about the ever-evolving nature of malicious software. We predicted that in the near future (evidently now) ransomware will move[…]

Topics: data science, ransomware, SECURITY, SIEM, Uncategorized

How to Leverage Behavioral Analytics to Reduce Insider Threat: Your Questions Answered

Last Thursday, we presented a webinar and discussed how UEBA technology can improve Insider Threat detection as well as overall SOC operational efficiency and noise reduction. I would like to thank the participants who were very active and showed interest by asking lots of questions. We felt we owed everyone the answers to the questions that were asked and may or may not have been answered during the webinar. And took the privilege to remove questions[…]

Topics: data science, SECURITY

Separate True Security Risk from Everyday Account Lockouts

It’s one of the most persistent, costly annoyances IT security teams face. Hundreds or even thousands of customers lock themselves out of their online accounts each day, simply by forgetting or mistyping their passwords. Those mistakes can monopolize up to 70 percent of a security expert’s time – not a junior employee’s time, but an experienced, senior-level staffer trained to spot legitimate threats. Enterprises have been clamoring for a solution to this industrywide challenge. Today,[…]


Passing the Hash Like It's 1999!

I wanted to start this post with a recap about the history of Pass-the-Hash (PTH) attacks and how they were a major threat; yet, is no  longer today. I really did.  In the last few weeks, I have been modeling behaviors of users in NTLM rich environments, only to learn that Pass-the-Hash still goes undetected after all those years. Further, NTLM is here to stay, at least for a while longer. Having said that, with user[…]


My RSA Expectations – Blinding Spotlights

Having been to more RSA events than I am willing to admit, the highlight for me is always watching for new products being released and security startups coming out of stealth showing their never-before-seen technologies to detect data breaches before they happen. At this year’s RSA event most of the older more mature technologies will be found in north building and most of the security startups with new ideas will be found in the south[…]


User Behavior Analytics: Automated Storytelling for Incident Response

When a security staff member sees a security event there’s a process that occurs. First, there’s verification that it’s not a false positive or false negative. After that it goes into a review queue that may accumulate several hundred or more critical events per day. These get looked at by more senior analysts. They try to ascertain: The origin of the attack, What assets may have been involved and possibly compromised, Involvement of malicious code,[…]


The Problem with Patching is it’s not a Panacea

Remember when it seemed like everyone held his or her breath every Microsoft Patch Tuesday wondering how bad it would be? Unless it’s a pervasive security flaw such as the BASH shell vulnerability (a command line program for UNIX systems/ run on 80 percent of the servers online), which led to the Shellshock attacks, patching isn’t the hair-on-fire exercise it once was. As many companies rushed to address the BASH vulnerability, they found that the[…]


Cyber Insurance, User Behavior Intelligence and Lower Costs

Buying Cyber Insurance We’ve all read articles about companies that had a lot of costs associated with a data breach but in the same paragraph we see that the company had data breach insurance that offset some portion of the cost. Risk is bad for business. When it comes to risk, business take two approaches—mitigate and transfer. Buying insurance is risk transfer to an insurance company. Actuary tables have been around since the 1700s. Data[…]