Tom Cross

The Changing Nature of Incident Response: Part 3

Unfortunately, many organizations have a perimeter-centric approach to network security and don’t have a lot of visibility into what is going on inside their networks. Closing this internal network visibility gap can be a key ingredient in a comprehensive approach to protecting an organization from Advanced Persistent Threat. READ MORE

The Changing Nature of Incident Response, Part 2

We have become too reliant upon fully automated systems to detect and stop computer security breaches. People naturally desire a solution that will prevent all security incidents from occurring in the first place, but is it really reasonable to expect fully automated solutions to stop sophisticated attacks? READ MORE

The Changing Nature of Incident Response: Part 1

You probably have an idea in your head of what the term “Advanced Persistent Threat” means. Unfortunately, whatever it is that you think the word means, there are probably other people reading this post who think it means something else. It is hard to have a dialog about the subject when we aren't speaking the same language. READ MORE

How to Thwart Insider Threats

Insider threats are a rising concern. Over the past several years, there has been a steady stream of reported incidents of authorized users abusing their privileges. In the case of the insider threat, the perpetrator will already have access to the internal environment. Access controls and perimeter defenses aren’t going to stop them. Here are five tips for addressing this rising threat. READ MORE

SLIC Launches Internet Scanning and DDoS Victim Threat Scope Maps

StealthWatch Labs Intelligence Center launches two new threat scope maps! One showing where we’ve seen devices that are scanning the Internet and the other showing sources of denial of service backscatter. READ MORE