Welcome!

Security through Intelligence

Cory Marchand

Subscribe to Cory Marchand: eMailAlertsEmail Alerts
Get Cory Marchand via: homepageHomepage mobileMobile rssRSS facebookFacebook twitterTwitter linkedinLinkedIn


Latest Blogs from Cory Marchand
Reactionary defenses cost an unreal amount of money for consumers, businesses, governments (both state and local), federal and military. You would think with all of this time and money spent on the various products billed as “protecting” you from cyber threats & intrusions, your enviro...
To some of us, seeing an email with malware embedded in a PDF, Word or Excel attachment is common. In fact, it has become the new norm for malware delivery to use file types that are not obviously malicious (versus something like a .exe). Gone are the days of wide-open acceptance of al...
Attacks against users are not static, they are very dynamic, and our security awareness training should evolve as the threat changes. The user can be treated as a line of defense against spearphising attacks if they are properly armed with the information to potentially recognize an at...
DeepIntel, a conference covering Security Intelligence using several different approaches, managed to effectively deliver the information both in its speakers and in its audience participation. With the attendees intimate proximity to the speakers, those at DeepIntel were not only invo...
Technical controls can only offer so much protection from and for the user. That means the gaps in protection against social engineering type attacks are not only technical, but also educational and awareness related. Only when your users are more informed and aware of their susceptibi...
Malware analysis can be a time consuming process, especially when dealing with a sample from skilled attackers with time and money on their side . There is no doubt that fully reversing malware and finding out how it works is the most effective way to learn how to defend against it, bu...
Social Networking websites, such as twitter, provide cyber criminals a veritable treasure trove of potential victims all in a convenient location. Once a legitimate account is hijacked, it only takes a few minutes to acquire enough account information to compromise other social network...
Think of Information Security as an umbrella of components, and Information Assurance is only one of those components. You cannot simply assume that if your IA group is showing a slide where the risk is “all green” that you are fully protected from threats. It simply means that within ...
In almost all professions, report writing is a requirement. Typically, reports document the success and failures of a particular action. While it may not be your favorite part of the job, report writing does validate your work to the customer. In our profession, Cyber Security, we hav...
"Cyber Threat Analysis" is the practice of effectively fusing knowledge of an organizations network vulnerabilities, both internal and external (including essential IT systems), and matching these against actual cyberattacks and threats seen out in the wild. The output of this fused a...