I have created a small self-explanatory diagram that explains how front-line defences are often useless while your internal security architecture is not up to the mark.
Cybersecurity Blog
Everything about threat intelligence, blue team, red team, pentesting, security audit, security review, testing and assessment.
Friday, August 14, 2020
Monday, May 11, 2020
SOC Monitoring Mindmap
This COVID-19 pandemic significantly influenced the worldwide economy. The rapid interruption to organization businesses around the globe has left organizations attempting to keep up security and business resilience.
Often in this fast shift, SOC divisions cannot monitor and track events coming from multiple sources, tools, and departments because they have no visibility into the threat environment or too much visibility in their infrastructure, which often leads them to false-positive incidents.
Often in this fast shift, SOC divisions cannot monitor and track events coming from multiple sources, tools, and departments because they have no visibility into the threat environment or too much visibility in their infrastructure, which often leads them to false-positive incidents.
Sunday, November 24, 2019
Guidelines for Corporate Email Audit
Many security firms often provide audit assurance to their clients. As a part of their many activities, auditing corporate email system is one of their principal activity. In this article, I have 40 guidelines which an auditor or manager can use to audit their clients' corporate email system. It includes some technical and more procedural guidelines.
Labels:
audit,
compliance,
corporate email,
email,
email encryption,
mdm,
o365,
security
Auditing remote access process and procedures
In this article, I am going to share a small checklist that will help auditors and testers to provide assurance on remote access processes and procedures for any company. This is not a technical article but controls defined in this list can be well-reviewed by managers and to be discussed with clients. For each part, if they want to go in-depth, they can.
Thursday, September 26, 2019
Integrate Threat Intelligence program into your daily security operations - Phase 3 - Effectiveness of the Analysis Process
This is the fourth article of 5 articles series on integrating threat intelligence into daily security operations. If you have not gone through the first three articles, then I highly recommend you reading that as all articles are connected to one another in a proper sequence. In this article, I am going to talk about the effectiveness of the analysis process. Here is article 1, article 2 and article 3.
Labels:
anonymous,
APT,
blueteam,
cyber,
cybersecurity,
darknet,
deepweb,
edr,
hacking,
informationsecurity,
infosec,
intelligence,
malware,
redteam,
security,
threat,
threathunting,
threatintelligence,
threats
Tuesday, September 17, 2019
Integrate Threat Intelligence program into your daily security operations - Phase 2 - Collecting Intelligence
This is the third article of 5 articles series on threat integrating threat intelligence into daily security operations. If you have not gone through the first two articles, then I highly recommend you reading that as all articles are connected to one another in a proper sequence. In this article, we are going to talk about phase 2 in which we will discuss what would be the intelligence collection strategy, methods and procedures. Here is article 1 and article 2.
Labels:
anonymous,
APT,
blueteam,
cyber,
cybersecurity,
darknet,
deepweb,
edr,
hacking,
informationsecurity,
infosec,
intelligence,
malware,
redteam,
security,
threat,
threathunting,
threatintelligence,
threats
Saturday, May 18, 2019
Integrate Threat Intelligence program into your daily security operations - Phase 1 - Planning and Preparation
From the last article located at here, we have now a majority of information to start the preparation and planning. In this article, I am going to explain how we can initiate the project and start preparing plans and procedures. This can be done in two phases.
Initial meetings with internal team to discuss the current threat landscape of an organisation.
Review observations that can help to prepare a perfect plan.
Labels:
anonymous,
APT,
blueteam,
cyber,
cybersecurity,
darknet,
deepweb,
edr,
hacking,
informationsecurity,
infosec,
intelligence,
malware,
redteam,
security,
threat,
threathunting,
threatintelligence,
threats
Wednesday, May 15, 2019
Integrate the Threat Intelligence program into your daily security operations - Phase 0 - Introduction
There is a huge amount
of the increasing use of sophisticated malware, and often organisations fail to
understand the real intent of such activities by a large group of hackers, nation-sponsored
attacks, organized cybercrimes, cyber terrorists. These attacks result in
revenue disruption, damaging public and private reputation and demolishing
business processes and workflow.
Intelligence is staying
ahead of the next threat targeting to your organisation by implementing
protective measures to protect your brand reputation, data, people, process and
technology infrastructure. I am assuming whoever reading this article has a little bit of background knowledge on threat intelligence terminology.
Just having a Threat
intelligence product itself is not sufficient, data should be collected,
classified and correlated with hacking tools, tactics and techniques.
Labels:
anonymous,
APT,
blueteam,
cyber,
cybersecurity,
darknet,
deepweb,
edr,
hacking,
informationsecurity,
infosec,
intelligence,
malware,
redteam,
security,
threat,
threathunting,
threatintelligence,
threats
Subscribe to:
Posts (Atom)