Optiv Blog

Tales from Trenches: What’s on Your Shelf?

· By Mark Modisette ·

Don’t you hate it when you forget something? Like when you take your kids on a hike and forget a snack, or take your dog for a walk and forget those-oh-so-necessary little bags? It results in fuming kids and a very serious dog-culture no-no, not to mention guilt. Insert your similar stories here, but in those two scenarios, the treats and the those-oh-so-necessary little bags could represent technology in the people, process and technology triad of despair.

Continue reading

Darknet Done Right

· By Ken Dunham ·

The marriage of a well-managed risk program and a targeted Darknet operation to move towards mitigation of risk is an ROI most mature companies have actualized. Intelligence as a service focused upon marketplace and infrastructure, will likely become a greater focus of service support and integration. When integrating a Darknet intelligence arm into a risk program, be sure to properly staff internal Human Intelligence (HUMINT) resources to strategically and tactically act upon the intelligence that matters most to your organization.

Continue reading

Is There a Trans-Atlantic Cyber Divide? The 5 Things That Differentiate Us Can Make Us Stronger

· By Andrzej Kawalec, Tomas Kubica ·

Having just returned from the U.S. to Europe, we recently met for breakfast around the corner from the new London HQ of Optiv Security, a market-leading provider of end-to-end cyber security solutions, in which KKR invested in early 2017. While the intended purpose of our meeting was to discuss Optiv’s European expansion, quite quickly the conversation turned to the rapidly evolving nature of the cyber security market and its profound impact on people’s digital lives and corporate security strategies on both sides of the Atlantic.

Continue reading

It’s 2018. Password Journals are a Still a Thing.

· By Optiv ·

I was in a store the other day and saw something that, being in cyber security, stopped me fast: A Password Journal. Seriously. A place to write down passwords. The book even recommended using pencil so that when you change them, you can erase the old one.

Continue reading

Keeping Who-ville Cyber Secure This Holiday Season

· By Jeff Wichman ·

If we were to relate the Grinch to cyber security terms, we’d call him a quintessential threat actor. His sole focus is finding a way to stop Christmas from coming, no matter the cost. Like a threat actor, Mr. Grinch checks the perimeter of Who-ville looking for vulnerabilities and gaps that can be manipulated so he can destroy the Whos’ sense of safety and security.

Continue reading

Take a Deep Breath…and Be Thankful

· By Optiv ·

Ah, Thanksgiving. Time to breathe, greet the holidays and revel in a few days off, time with family, and…what’s that call on your cell? “Suspicious activity? Someone accessing a server from where? When?” So much for relaxing. Wait. You can relax. You have a plan.

Continue reading

Tales from Trenches: How a Simple Helpdesk Fix Led to IAM

· By Mark Modisette ·

Still on the fence about the implementation of Identity Access Management (IAM)? The more you read, the bigger it gets. It’s complicated. It’s involved. It’s labor intensive. You may have to shelve things you have and add new things. It’s… daunting. As a former CISO, I get it. But stay with me a minute.

Continue reading

ATT&CK Series: Process Injection, Bypass User Account Control, Exploitation for Privilege Escalation

· By Aaron Martin ·

When it comes to network security and protecting against potential breaches, a vast majority of companies spend large portions of their budget on hardening the perimeter of their networks to prevent initial access. Some commonly overlooked factors are implementing host-based access controls and hardening systems and applications within internal networks to mitigate an attacker from escalating privileges after an initial foothold has been gained. In this post, we will delve into ATT&CK’s Privilege Escalation techniques and tactics from an adversarial perspective.

Continue reading

Titanic - Lessons Learned for Cyber Security

· By Ken Dunham ·

Computer security professionals are all too familiar with the “cat and mouse” game seen on the global stage of the enemy and defenders. History does indeed repeat itself, because we are human. Humans tend to be reactive, take things for granted, and assume much when it comes to our strengths and weaknesses. Bad actor tools, tactics, and procedures (TTPs) continue to evolve with nascent technology and infrastructure solutions.

Continue reading

Will Blockchain Change the World? (Part 2)

· By Ken Dunham ·

In the previous post of this two-part series, we introduced the concept of blockchain and its possible use cases. Blockchain innovation promises streamlined operations, immutable public ledgers and more. It also shows promise in applications where there is a lot of red tape, inefficient operations, and challenges such as transnational currencies and transactions in the financial market. But there are also a variety of threats and risks associated with adoption of blockchain technology.

Continue reading
(695 Results)