Intro to IR Triage (Part 2): Analysis Categories

Intro to IR Triage (Part 2): Analysis Categories

In the 2nd post in our Intro to IR Triage series, we’re going to take a big picture view.  I want to give you the roadmap of how we are going to approach this series before diving into the technical details. In the last post, we talked about the goal of triage and...

Intro to IR Triage (Part 1): Buyer’s Guide

Intro to IR Triage (Part 1): Buyer’s Guide

Part 1: Host Triage Tool Buyer’s Guide I often encounter companies who are starting to think more formally about incident response and how to properly deal with incidents. To help them with that process, I wanted to create a series of blog posts about responding to an...

Get Free Incident Response Software

Organizations need to be able to respond to alerts and investigate their computers, but not every organization has an incident response budget or dedicated personnel. The newly released Cyber Triage Lite helps these companies by providing a free method for collecting...

Cyber Triage Has a New Look

Cyber Triage 2.0 has been released with a new user interface and can be used for free (with a reduced feature set). The new UI allows you to make better decisions, and prevents missing evidence by automating the incident response triage workflow and giving more...

Exposing More Data to Save Time

The new Cyber Triage release allows you to better understand the impact of a threat.  Now, you can automatically see what registry keys reference a file with malware, what processes are using the file, and remote hosts with active connections to those processes.  ...

Finding Suspicious Program Activity

The 1.6.1 release of Cyber Triage added a new automated analysis technique to make the life of an incident responder easier and more efficient.  The new technique focuses on the programs that were run on the target system. The motivation for analyzing these programs...

Dig Deeper: Find More IOCs and Fast Flux Domains

Find more evidence on an endpoint with the latest Cyber Triage release.  Last week’s 1.6.0 release expands on Cyber Triage’s thoroughness and ease of use. We’ll talk about two new analysis techniques in this post: collecting all file metadata and detecting fast flux...

Automating Incident Response: Setting the Stage

Overview Many companies want to improve their incident response capabilities and make them more effecient. Automation is often touted as way to improve the response times, but what does automation (or orchestration) mean in DFIR?  Can the entire process be...

Maturing towards Team-Based Incident Response

Maturing towards Team-Based Incident Response

In our last blog post, we talked about how, as an organization’s security posture matures (often along with the organization itself), its strategy starts to move beyond prevention to focus on detection and response. In general, the larger or more valuable the company,...

Make Better Use of IDS Alerts for Incident Response

Make Better Use of IDS Alerts for Incident Response

If your organization’s security posture is maturing beyond prevention and beginning to focus on detection, you may find yourself evaluating a host of new security technologies. Among the most attractive for many organizations are network intrusion detection systems...