Category:
Security Insights
Ransomware Resilience: How to prepare and respond in a crisis
Are you prepared for a ransomware attack? What should you do if you become a victim? This guide provides some practical advice you need to know & do to survive.
Read More
Time altering techniques to evade your security controls
In this article I’ll be talking about ‘Time Travel’ and sadly it’s not an episode of ‘Dr Who’ or ‘Back to the Future’ and not really ‘Time Travel’ but I needed a catchy title! So what I am referring to is how hackers often change the system time of a particular system they are exploiting…
Read More
Endpoint Security Part 5: How to setup an automated isolation workflow when malware is detected
In this continuing series on endpoint security protections I’ll be showing you how to fully automate host isolation using ‘Tines’ and ‘Elastic’. This article assumes you are familiar with using Elastic SIEM and have some exposure to Tines. Tines is a smart automation workflow solution that I came across last year. What I like about…
Read More
Endpoint Security Part 4: How to create a playbook to isolate a machine and alert your SOC team
Overview In this fourth article of a 5 part series on ‘Endpoint Security’ I’m going to be showing you how to create a rule in your Elastic SIEM to generate an alert and isolate a host if the presence of malware is detected. Step One – Create the detection rule In your Kibana console select:…
Read More
Endpoint Security Part 3: How to correlate threat intelligence
Overview In this third article of a 5 part series on ‘Endpoint Security’ I’m going to be showing you how you can incorporate ‘Threat Intelligence’ into your security operations strategy. There has been a lot written about threat intelligence over the last decade and it has different meanings to people depending on what industry you…
Read More
Endpoint Security Part 2: Enriching your security event data
In this second part series on ‘Endpoint Security’ I’m going to delve into how you can enrich your security event data to provide further context to assist your security analysts when investigating incidents. In this example we will lead off where we ended from ‘Endpoint Security Part 1’ and so if you were following the…
Read More
Why you need Azure Conditional Access Policies
Overview Having undertaken a number of Red Team assessments over the last 5 years, one of the common things that is uncovered during these assessments is the lack of robust Microsoft Azure AD conditional access policies. Microsoft Azure AD Conditional access is a premium feature and disabled by default. To enable it you need a…
Read More
Keeping your service provider honest!
We all expect our service providers to do the right thing, abide by contractural terms, provide support when they are meant to and be available when in need. However, sometimes that doesn’t always happen and so how do you keep your provider on the hook if things do go awry? In this example…
Read More
Export your passwords from LastPass
Unless you have been living under a rock for the last few months you will know that LastPass has suffered a major breach. If like me you feel you can no longer trust LastPass to safeguard your crown jewels then this article explains how to: Export your passwords from LastPass Delete and permanently erase all…
Read More- « Previous
- 1
- …
- 3
- 4
- 5
Recent Posts
Lvl 17, Angel Place,
123 Pitt Street,
Sydney
NSW 2000
(02) 7230 1350