In almost all professions, report writing is a requirement. Typically,
reports document the success and failures of a particular action. While it
may not be your favorite part of the job, report writing does validate your
work to the customer. In our profession, Cyber Security, we have the unique
challenge of communicating highly technical information in a non-technical
format, so that the impact of our efforts can be understood.
Early in my career I hated writing reports. Back then, I had a hard time
understanding why reports were so important. Little did I know that the
countless hours I spent converting technical details into a "human readable"
format would payoff in the future.
In the world of Cyber Security, writing is part of the job, so embrace it.
Consider that good report writing can pay dividends in terms of real value
for your customer. ... (more)
To some of us, seeing an email with malware embedded in a PDF, Word or Excel
attachment is common. In fact, it has become the new norm for malware
delivery to use file types that are not obviously malicious (versus something
like a .exe). Gone are the days of wide-open acceptance of all file
extensions for attachments within an email. In today's network
defense-in-depth techniques, one of the layers is naturally email security.
This includes the scrutinizing of emails for embedded links or attachments
that could be potentially malicious, scanning attachments for possible
Imagine for a second you have complete network and host activity trending
data built in to your daily reporting and alert consoles that your analysts
spend hours in front of. Suddenly one of your SQL servers attempts a GET
request directly to an IP address on SSL port 443. Without that trending
information of normal behavior of your server activity, how would you detect
With trending information, your analysts immediately identify this as “out
of the norm”, and begin their investigation into the "why".
Trending - A way to increase your customer value, and find hidden gems.
"Cyber Threat Analysis" is the practice of effectively fusing knowledge of an
organizations network vulnerabilities, both internal and external (including
essential IT systems), and matching these against actual cyberattacks and
threats seen out in the wild. The output of this fused analysis is an
advanced defensive detection mechanism with a final goal of enhancing the
defensive posture of the network against real cyber threats.
We at Cyber Squared refer to this as "Security Intelligence". Security
Intelligence transitions our clients from a state of react... (more)
Malware analysis can be a time consuming process, especially when dealing
with a sample from skilled attackers with time and money on their side .
There is no doubt that fully reversing malware and finding out how it works
is the most effective way to learn how to defend against it, but most
businesses don't have the time or the professional resources to do it.
There are ways in which you, a Computer Network Defender, can glean enough
information from malware to be used in IDS and AV signature creation, DNS
poisoning and blocking as well as sharing with the CND community. This can... (more)