Posts by John Reeman
Time altering techniques to evade your security controls
In this article I’ll be talking about ‘Time Travel’ and sadly it’s not an episode of ‘Dr Who’ or ‘Back to the Future’ and not really ‘Time Travel’ but I needed a catchy title! So what I am referring to is how hackers often change the system time of a particular system they are exploiting…
Read MoreEndpoint Security Part 5: How to setup an automated isolation workflow when malware is detected
In this continuing series on endpoint security protections I’ll be showing you how to fully automate host isolation using ‘Tines’ and ‘Elastic’. This article assumes you are familiar with using Elastic SIEM and have some exposure to Tines. Tines is a smart automation workflow solution that I came across last year. What I like about…
Read MoreEndpoint Security Part 4: How to create a playbook to isolate a machine and alert your SOC team
Overview In this fourth article of a 5 part series on ‘Endpoint Security’ I’m going to be showing you how to create a rule in your Elastic SIEM to generate an alert and isolate a host if the presence of malware is detected. Step One – Create the detection rule In your Kibana console select:…
Read MoreFidelity National Financial acknowledges data breach affecting 1.3 million customers
Fidelity National Financial has suffered a ransomware attack and resulting data breach which involved 1.3 million of its customers’ data.
Read MoreEndpoint Security Part 3: How to correlate threat intelligence
Overview In this third article of a 5 part series on ‘Endpoint Security’ I’m going to be showing you how you can incorporate ‘Threat Intelligence’ into your security operations strategy. There has been a lot written about threat intelligence over the last decade and it has different meanings to people depending on what industry you…
Read MoreEndpoint Security Part 2: Enriching your security event data
In this second part series on ‘Endpoint Security’ I’m going to delve into how you can enrich your security event data to provide further context to assist your security analysts when investigating incidents. In this example we will lead off where we ended from ‘Endpoint Security Part 1’ and so if you were following the…
Read MoreEndpoint Security Part1: Collecting the essential security events for your windows systems
Cyber Resilience – Are you prepared?
In this 4 min video clip, I share my top 5 practical strategies that you should be adopting as an organisation to remain cyber resilient. Whilst there is no silver bullet these should reduce risk and keep you safe from cyber crime attacks such as ransomware.
Read MoreEverything you need to know about IRAP
Introduction In this article I will take you through everything you need to know about an IRAP assessment and how to successfully achieve IRAP Accreditation; what it is, what’s involved, why it’s important and a checklist of things you will need to do to kick start your IRAP journey. What is the Information Security…
Read MoreGenerative AI – AI for the future
I recently attended a very informative and interesting talk on “Generative AI – AI for the Future” hosted by KWM and Professor Genevieve Bell from the Australian National University. A lot has been written about AI and many will be excused from thinking that AI is a modern innovation or simply ChatGPT but the history…
Read More