Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Stories from the SOC- SSH Brute Force Authentication Attempt

Ervin McBride IV – TDP Engineer II contributed to this article. Stories from the SOC is a blog series that describes recent real-world security incident investigations conducted and reported by the AT&T SOC analyst team for AT&T Managed Threat Detection and Response customers.

The Email Laundry End of Life?...

June 1st 2020: Fireeye end of life The Email Laundry email security service. This comes as a surprise to many as Fireeye acquired The Email Laundry back in 2017 and seemingly had plans to greatly expand the service. The Email Laundry serviced MSPs and small organizations whereas Fireeye had a conserted desire and history servicing Enteprise businesses. This may be why Fireeye decided to exit the SME Email Security service market.

Profiling "VIP Accounts" Part 2

In this post, we continue our discussion of use cases involving account take over and credential access in enterprise data sets. In the first part of this series, we introduced the definition of a VIP account as any account that has privileged or root level access to systems/services. These VIP accounts are important to monitor for changes in behavior, particularly because they have critical access to key parts of the enterprise.

VPNs and Zero Trust: Thoughts on the Evolving Nature of Remote Access

Organizations of all sizes are currently under siege by adversaries with unlimited time and enough technical skill to exploit the cracks in our information systems and networks. All organizations have something to protect, whether large or small, and they are always looking for new technology to help against these adversaries. Zero Trust has become the latest framework to solve all of our security woes.

What Is the Cyber Kill Chain and How to Use It Effectively

You're probably familiar with the defense-in-depth or castle and moat approach to cybersecurity. It remains a common model that organizations use to think through their information security. However, as organizations have matured they have sought out new models to enable them to better understand how cyber attackers operate and how best to defend against them.

Importance of Operational Data in Incident Context

Network/Security Operations Center (NOC/SOC) engineers and service desk personnel are tasked to process numerous incidents as quickly as possible. However, to resolve an incident they are required to to perform various activities including collecting various operations data including metrics, logs, traces and more from different tools. In many cases, the process also involves coordinating with other IT personnel or creating a war room to bring the incident to closure.