Understanding Your Client’s “Normal”

Understanding Your Client’s “Normal”

Detecting an incident means one of two things. You have to see either a known problem — such as high-risk malware infecting one or more client endpoints — or something that is suspicious. But how do you know if suspicious activity is good or bad unless you...

Reducing Response Time with Whitelisting

When triaging a host during incident response, it is critical to be able to quickly focus on the suspicious data. Whitelisting gives you the ability to ignore known safe files, for example, so that you can focus on truly suspicious items. However, you can’t know...