Skip to main content

SECURITY

Finding a Security Unicorn

A recent post on securityintelligence.com is unlikely to surprise anyone who’s been paying attention to the cybersecurity job market. According to a new Cybersecurity Ventures report, the unemployment rate for cybersecurity jobs is currently zero. On average, there are two open jobs available for every candidate, with over 1 million open IT security positions. Companies are making it worse by trying to hire security unicorns: analysts with skillsets so broad that no person has them[…]

Read more

Topics: SECURITY, Uncategorized

Who do I belong to? Dynamic Peer Analysis for UEBA Explained

In user and entity behavior analytics (UEBA), a security alert is best viewed in context as discussed in my past webinar. A user’s peer groups provide useful context to identify and calibrate that user’s alerts. If a user does something unusual on the network, such as logging on to a server or accessing an application for the first time, we may reduce or amplify the risk score of this activity depending on whether the peers[…]

Read more

Topics: data science, SECURITY, Uncategorized

No SIEM? No Problem!

What kinds of imagery are conjured up when you think about a Security Operations Center (SOC)?  Perhaps a militaristic setting straight out of the movie War Games, but with upgraded tech? Or maybe a dark room with a few scruffy security analysts staring at a wall full of large monitors while they frantically hammer away on their keyboards? Possibly you’re envisioning a single security engineer wearing a nerdy T-shirt hidden away somewhere in the bustle[…]

Read more

Topics: SECURITY, TIPS AND TRICKS

The Challenge of Using a SIEM to Detect Ransomware

Ransomware is becoming more common than ever. Corporations both large and small, are increasingly finding themselves the targets of advanced ransomware campaigns. Unfortunately, most security teams haven’t had enough experience with ransomware in corporate environments to stop infections before they run rampant.  This post explores some of the challenges security teams may face when trying to use SIEM correlation rules to identify the behavior and activities associated with a ransomware infection. Zooming out for Greater[…]

Read more

Topics: ransomware, SECURITY

A Forensics Expert's Opinion: Why Exabeam Matters

The size of hard drives, logs, and other data sources has grown immensely in the past few years. I’ve had many different roles within the DFIR (digital forensics and incident response) space, including SOC analyst, incident responder, and forensic examiner, and this massive increase in available data poses challenges in all of those areas.  Fully combing through a multi-terabyte hard drive takes longer than smaller drives. Intrusion investigations can rapidly balloon from one computer to many,[…]

Read more

Topics: SECURITY

It's Not Always the Hackers...

20 years ago, I was working the graveyard shift as a policeman on the south side of Chicago. Part of the area I patrolled included one of the largest railroad freight yards in the U.S.  Occasionally, we would get calls to assist the railroad police.  On this particular day we received a call to assist with a “theft in progress”. Upon arrival at the railyard, we found a freight train with 50+ rail cars stopped[…]

Read more

Topics: CUSTOMERS, SECURITY

How to Leverage Behavioral Analytics to Reduce Insider Threat: Your Questions Answered

Last Thursday, we presented a webinar and discussed how UEBA technology can improve Insider Threat detection as well as overall SOC operational efficiency and noise reduction. I would like to thank the participants who were very active and showed interest by asking lots of questions. We felt we owed everyone the answers to the questions that were asked and may or may not have been answered during the webinar. And took the privilege to remove questions[…]

Read more

Topics: data science, SECURITY

Ransomware: Why Steal When You Can Disrupt?

When asked why he robbed the bank, the old saying goes, the thief replied: because that’s where the money was. But in fact, there was no need to rob; applying the modus operandi of recent ransomware attacks, all the thief had to do is disrupt the entrance to the bank, and collect the money without any extra effort. Ransomware recently made the headlines when several organizations, including hospitals, were infected and forced to pay tens of thousands[…]

Read more

Topics: ransomware, SECURITY

A User and Entity Behavior Analytics System Explained – Part I

This 3-Part blog series will demonstrate how data analytics of a User Entity Behavior Analytics (UEBA) product is at work to address cyber threats. In concept, a UEBA system such as Exabeam’s monitors network entities’ behaviors in an enterprise and flags behaviors that deviate from the norm.  While the benefits are understandable, there are many challenges.  In this blog series, I’ll focus only on the data analytics part of the system that has proven to[…]

Read more

Topics: data science, SECURITY

Introducing Exabeam Threat Hunter

Today we announced the availability of Exabeam Threat Hunter, a new product that raises the bar for the UBA market. While UBA is focused on using data science to notify an analyst about users who deserve attention, Threat Hunter completes the picture by giving an analyst the ability to query, pivot, and drill down into user sessions that match any combination of attributes and activities. In short, if UBA is about the machine telling the analyst[…]

Read more

Topics: data science, SECURITY
2017