Tagged: organizations

SOC Analyst Pyramid, (Mon, May 11th) 0

SOC Analyst Pyramid, (Mon, May 11th)

Introduction Last weekend, I did a 10 minute fireside chat during lunch at BSidesSATX 2015 [ 1 ]. It was an informal presentation, where I discussed some of the issues facing security analysts working at an organizations Security Operations Center (SOC). With only 10 minutes, the largest part of that presentation covered a SOC analyst pyramid of activity any organization will encounter

Security Awareness? How do you keep your staff safe?, (Thu, May 7th) 0

Security Awareness? How do you keep your staff safe?, (Thu, May 7th)

If youve been following recent diaries from my fellow handlers Brad and Manuel, they peel the covers back on a couple current malicious emails campaigns. Many of the readers of the Storm Center diaries will be use to the ebb and flow of these stories. Here in Australiatheres a speeding fine scam email [1] thats been running for the last few weeks, and theres no indication it will drop off any time soon.

Two Thoughtful Essays on the Future of Privacy 0

Two Thoughtful Essays on the Future of Privacy

Paul Krugman argues that we’ll give up our privacy because we want to emulate the rich, who are surrounded by servants who know everything about them: Consider the Varian rule , which says that you can forecast the future by looking at what the rich have today — that is, that what affluent people will want in the future is, in general, something like what only the truly rich can afford right now. Well, one thing that’s very clear if you spend any time around the rich — and one of the very few things that I, who by and large never worry about money, sometimes envy — is that rich people don’t wait in line

A Different Kind of Equation, (Tue, Feb 17th) 0

A Different Kind of Equation, (Tue, Feb 17th)

Both the mainstream media and our security media is abuzz with Kasperksys disclosure of their research on the Equation group and the associated malware. You can find the original blog post here: http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage But if you want some real detail, check out the Q http://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf Way more detail, and much more sobering to see that this group of malware goes all the way back to 2001, and includes code to map disconnected networks (using USB key CC like Stuxnet did), as well as the disk firmware facet thats everyones headline today.