Optiv Blog

Maturing IR Capabilities into an Incident Management Program – Part 3 of 3

· By Jenn Black · 0 Comments

Incident response has become one of the most critical aspects of any overall security strategy, but a solid incident response program (IRP) is something many organizations – both large and small – either lack entirely or don’t take seriously enough.

Continue reading 0 Shares

Actionability Doesn’t Mean I Have to do More Work!

· By Ken Dunham · 0 Comments

“Actionability” is something we are starting to hear more and more from industry sales and marketing, but often doesn’t translate into reality for various components of cyber threat intelligence programs and services.

Continue reading 0 Shares

Escape and Evasion Egressing Restricted Networks

· By Chris Patten, Tom Steele · 0 Comments

A command kill chain consists of payload delivery, code execution on a target system, and establishing a command and control (C2) channel outside of a network. There are many ways to achieve each of these steps; for example, Microsoft Office Macro for delivery, PowerShell for code execution and HTTP as a transport for C2.

Continue reading 0 Shares

Tactics, Techniques and Procedures (TTPs) Within Cyber Threat Intelligence

· By Ken Dunham · 0 Comments

TTPs is a great acronym that many are starting to hear about within cyber security teams but few know and understand how to use it properly within a cyber threat intelligence solution. Tactics, techniques and procedures (TTPs) get at how threat agents (the bad guys) orchestrate and manage attacks. “Tactics” is also sometimes called “tools” in the acronym.

Continue reading 0 Shares

New NIST Cyber Recovery Guide, What’s Your Plan?

· By Kevin Hiltpold · 0 Comments

The adversaries trying to breach your cyber defenses have a plan, do you? A few weeks ago, the National Institute of Standards and Technology (NIST) released their Guide for Cybersecurity Event Recovery. The guide includes topics contained in a typical recovery plan and really boils down to documentation, communication and practice.

Continue reading 0 Shares

Information vs. Cyber Threat Intelligence

· By Ken Dunham · 0 Comments

Cyber threat intelligence should always enable decision making and action, but what good is a cyber threat intelligence program if you take no action or it simply makes you do more work? One Optiv client said it best when he stated, “Actionability shouldn’t mean I have to do more work.” Sadly, in our current Information Age, we are drowning in data.

Continue reading 0 Shares

Operationalizing a Cyber Threat Intelligence Solution

· By Danny Pickens · 0 Comments

Cyber threat intelligence is a process required to make action-oriented, judgement-based decisions that are not otherwise possible. Optiv recommends considering four essential attributes of threat agents mapped back to a security posture, as well as six essentials courses of action, known as threat modeling, in order to properly produce, consume and act upon cyber threat intelligence.

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 17

· By Jackson Byam · 0 Comments

For all functional roles in the organization prioritizing those mission critical to the business and its security, identify the specific knowledge, skills, and abilities needed to support defense of the enterprise; develop and execute an integrated plan to assess, identify gaps, and remediate through policy, organizational planning, training, and awareness programs.

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 16

· By Adam Schindelar · 0 Comments

Actively manage the lifecycle of system and application accounts – their creation, use, dormancy, deletion – in order to minimize opportunities for attackers to leverage them.

Continue reading 0 Shares

Top 20 CIS Critical Security Controls (CSC) Through the Eyes of a Hacker – CSC 15

· By Steven Darracott · 0 Comments

The processes and tools used to track, control, prevent and correct the security use of wireless local area networks (LANs), access points and wireless client systems.

Continue reading 0 Shares
(172 Results)