ken-dunham

Ken Dunham

Senior Director, Technical Cyber Threat Intelligence

Ken Dunham brings more than 27 years of business, technical and leadership experience in cyber security, incident response and cyber threat intelligence to his position as senior director of technical cyber threat intelligence for Optiv. In this role, he is responsible for the strategy and technical leadership to mature Optiv’s data integration and innovation of intelligence-based security solutions.

 

Phishing - The Rest of the Story

· By Ken Dunham ·

Receiving an email lure designed to trick you into clicking a phishing link and then logging into a fake website has become a common threat. In this blog we look into how to dive deeper into the threat to move from reactive to proactive. These tactics help a company zoom in on specific threats that are common or repeated against them from both opportunistic and targeted attacks.

Continue reading

Pass-the-Hash

· By Ken Dunham ·

Pass-the-hash (PtH) is an all too common form of credentials attack, especially since the advent of a tool called Mimikatz. Using PtH to extract from admin memory parsing is much faster than old dictionary and brute force style attacks of yester-year using tools such as ”Cain and Abel.” This blog introduces the Windows Security Account Manager (SAM) file, hashes for credentials, how PtH is easily performed using a tool called Mimikatz, and how to detect such attacks within alerts.

Continue reading

Cyber Threat Intelligence Requires Commitment

· By Ken Dunham ·

It’s been said that in a breakfast of bacon and eggs, the chicken is involved but the pig is committed. This saying is relevant when implementing a cyber threat intelligence program. You must be committed in order to succeed. In this blog post, I’ll explore some of the common pitfalls of implementing a cyber threat intelligence program.

Continue reading

Orchestration & Automation (O&A) Methodology

· By Ken Dunham ·

O&A is at the heart of working with big data in an automated and efficient fashion. It involves two important elements: orchestration - planning and coordination of elements, variables, and process; and automation - automating a process or task. The role of designing and managing O&A for an organization is much like that of an orchestra conductor, making sure each part is playing its part in an integrated musical piece that is dynamic and changing, requiring core excellence in each role but also coordination through the conductor.

Continue reading

Being Certain about Estimative Uncertainty

· By Ken Dunham ·

I love it when my teenager says something like, “You know Dad, that’s how they designed it,” when in fact, my child does not have any evidence to support his conclusion. It’s spoken as a hard truth, with enthusiastic declaration. If it’s a fact – stick to the facts people. Too often we find individuals involved in cyber defense and threat research and response doing the same thing.

Continue reading

The Need for Augmented Intelligence

· By Ken Dunham ·

Cyber threat intelligence can be a lot harder than you think. As a regular speaker at various conferences, I’m constantly asked the question about how to get started in the world of cyber threat intelligence. The answer lies in assessing your own maturity and readiness before you consider cyber threat intelligence.

Continue reading

Indicators of Compromise (IOCs) are Not Intelligence

· By Ken Dunham ·

When discussing the topic of cyber threat intelligence, I frequently hear questions about Indicators of Compromise (IOCs). IOCs are not intelligence but are important data points within the intelligence process. Meta-data is a better way to think about how to connect the dots between assets, threats, threat agents, counter-measures and other variables that factor into cyber threat intelligence.

Continue reading

Cyber Threat Intelligence – Putting out Fires or Firefighting?

· By Ken Dunham ·

When it comes to fighting malware, combatting nation-state threats, and securing digital assets, the information security industry has much to learn from firefighters. Though we fight online threats, and firefighters fight fires, both roles have reactive and proactive challenges. Optiv strongly advocates that organizations become firefighters: not only responding reactively but also strategically and proactively.

Continue reading

Risk Management and Intelligence: What is Your End Game?

· By Ken Dunham ·

Anyone worth their salt in the world of cyber threat intelligence is always focused on the actionable outcome – how can I lower my business risk by making a more informed and/or timely decision? If your strategy for enterprise risk management lacks that same focus for return on investment (ROI) related to your cyber threat intelligence component, you’ll miss the mark on your desired outcome.

Continue reading

Shedding Light on the Dark Web – What is it, Really, and How Can it Help Me?

· By Ken Dunham ·

Dark web, darknet, deep web – all sexy new terms that are often overused and not well understood. Definitions are all over the place ranging from illegal and nefarious, to private, commercial, encrypted and so on. When looking at Internet content in 2017, I use the following definitions to describe the three layers of the web.

Continue reading
(14 Results)