Finding Suspicious Program Activity

The 1.6.1 release of Cyber Triage added a new automated analysis technique to make the life of an incident responder easier and more efficient.  The new technique focuses on the programs that were run on the target system. The motivation for analyzing these programs...

Dig Deeper: Find More IOCs and Fast Flux Domains

Find more evidence on an endpoint with the latest Cyber Triage release.  Last week’s 1.6.0 release expands on Cyber Triage’s thoroughness and ease of use. We’ll talk about two new analysis techniques in this post: collecting all file metadata and detecting fast flux...
Make Better Use of IDS Alerts for Incident Response

Make Better Use of IDS Alerts for Incident Response

If your organization’s security posture is maturing beyond prevention and beginning to focus on detection, you may find yourself evaluating a host of new security technologies. Among the most attractive for many organizations are network intrusion detection systems...

What is in your CSIRT First Responder’s Jump Kit?

Like other services, effective Computer Security Incident Response Teams (CSIRTs) are tiered. The First Responder on a CSIRT is much like the EMT who assess the situation and either deals with it themselves or brings the case to more specialized teams. In this blog...