Saturday, April 22, 2017
OODA Framework for TI / DFIR / CSIR Process Engineering
THE OODA Loop (https://en.wikipedia.org/wiki/OODA_loop) can be used to develop workflows for TI / DFIR / CSIR, including leveraging TIMP implementations, like MineMeld (https://www.paloaltonetworks.com/products/secure-the-network/subscriptions/minemeld).
Friday, April 7, 2017
Offensive Security vs. Enhanced (Defensive) Security
Offensive / obfuscation tools (e.g., honeypots, bastion hosts, anti-reconnaissance: Microsoft NetCease) and techniques are now gaining more attention as of late.
So, while next-generation (defensive) security tools and techniques (e.g., behavioral analytics: UBA / UEBA via Cisco StealthWatch, binary sandboxing, advanced threat protection: ATP) are all the craze, InfoSec leadership will have to address prioritization for budgets and bodies.
Said prioritization may be assisted by identifying the defense-in-depth posture, as well as the threat environment.
So, while next-generation (defensive) security tools and techniques (e.g., behavioral analytics: UBA / UEBA via Cisco StealthWatch, binary sandboxing, advanced threat protection: ATP) are all the craze, InfoSec leadership will have to address prioritization for budgets and bodies.
Said prioritization may be assisted by identifying the defense-in-depth posture, as well as the threat environment.
Subscribe to:
Posts (Atom)