The computers on your network are protected from malware right? If you are
operating an environment based largely on Windows based PCs you likely have
some kind of anti-virus installed and centrally managed. If you have
purchased a more complete desktop protection suite, you probably even have a
Host Based IDS/IPS protecting your machine from incoming malicious TCP scans,
or possible outbound connections to known malicious sites (like google.com
occasionally). Operating system firewall activated? Yep! AV signatures
current? Check! Global Threat Intelligence updated? Uh, yeah....sure. Then
you should be covered against threats targeting your organization, right?
Most likely not, and at times these tools actually mask intrusions as they
provide a false sense of security and protection.
The Trouble with Reactionary Behavior
The problem with these tools, all of them, is ... (more)
To some of us, seeing an email with malware embedded in a PDF, Word or Excel
attachment is common. In fact, it has become the new norm for malware
delivery to use file types that are not obviously malicious (versus something
like a .exe). Gone are the days of wide-open acceptance of all file
extensions for attachments within an email. In today's network
defense-in-depth techniques, one of the layers is naturally email security.
This includes the scrutinizing of emails for embedded links or attachments
that could be potentially malicious, scanning attachments for possible
detect... (more)
In almost all professions, report writing is a requirement. Typically,
reports document the success and failures of a particular action. While it
may not be your favorite part of the job, report writing does validate your
work to the customer. In our profession, Cyber Security, we have the unique
challenge of communicating highly technical information in a non-technical
format, so that the impact of our efforts can be understood.
Early in my career I hated writing reports. Back then, I had a hard time
understanding why reports were so important. Little did I know that the
cou... (more)
When I was working on a network assessment team for one of my customers, I
would routinely hear upset voices when we would present our findings. The
most common thing that the executives would say was, “Wait a minute,
aren’t we current on our updates? I saw the compliance report, and we were
all green right?”
“All green right?”
What that Information Security Officer was referring to was a slide that was
presented to him showing the level of compliance that the hosts on his
network were currently reporting. To him, this meant secure. It meant that
all of his systems were patche... (more)
As a Security Analyst, I witness very sophisticated Advanced Persistent
Threat (APT) attacks as well as low level cyber criminals attempting to steal
bank information, credit card data and website login credentials. One
commonality that the cyber criminals and the APT share is the method for
gaining access to information, which typically occurs through an end users
email. When it comes to the criminal element of cyber attacks, I am often
amazed at the lack of sophistication and effort that is asserted against
their victims. It leads me to ask the question, "How on earth are these... (more)
Cory Marchand is a trusted subject matter expert on topics of Cyber Security Threats, Network and Host based Assessment and Computer Forensics. Mr. Marchand has supported several customers over his 10+ years within the field of Computer Security including State, Federal and Military Government as well as the Private sector. Mr. Marchand holds several industry related certificates including CISSP, EnCE, GSEC, GCIA, GCIH, GREM, GSNA and CEH.
Giles Proctor
Derek Granath
Tom Flynn
Patrick Pushor
Bob Evans
