Threat Intelligence & Incident Response

Threat Intelligence & Incident Response
What is the difference between EDR and XDR?

Top Answer : Based on the discussions I've had with multiple security companies, the X stands for "extended" and just means their own additional services they provide to customers. Rather than just the traditional monitoring, detection, and response, the additional services would include things like SOC 24x7, consulting, corporate incident response, threat hunting, etc..


What is the current state of ransomware attacks? What level of defense and preparedness do companies have from their backup support?

Can boards ever be held liable for security breaches?

Top Answer : When I got my administration promotion, I had to sign the paperwork that said I could be held personally liable—all of a sudden, I wasn't sure I wanted to be promoted.

National Security Agency Director Gen. Paul Nakasone said ransomware attacks are likely to remain a daily threat for at least five more years. Do you agree with his statement?

Top Answer : I "disagree" - ransomware is a high ROI activity for the hackers, it is the monetization of all of the TTPs they curate. Ransomware is what kidnapping, trafficking, extortion, racketeering, loan sharking, tax fraud, was for the mafia. Today, even a corner thug with some skills can execute it on a Mom and Pop deli shop with inadequate security controls to extort a few thousand every so often.  It is here to stay in form or other for decades.

Related Tags
Are good backups really the best ransomware recovery strategy?

Top Answer : The simplest approach to recovery, especially from ransom attacks, is making regular backups. But there are two issues with relying on backups. First, people don't make backups. I will be honest: I have never backed up data on my laptop and I’ve already lost data on  a previous laptop of mine that crashed. The second thing is, we still don't have the right technology to make quick backups and restore the systems. To backup data and then restore, could take hours, days, or weeks, if not longer, because we are talking about a significant volume of data. Try not to put all your critical data into one file. As an analogy: I'm from Poland, and around 10 ago, our government put all the top political and military leaders on the same plane. The plane crashed, and all of them died. It’s the same principle with data. You don't put all your data into one bucket. You also have to consider that it takes time to encrypt such huge volumes of data. It takes weeks. It’s better to focus on having proper mechanisms that will try to prevent a major attack by monitoring what's happening in the system. Switch to zero trust security, where you constantly verify everyone. You don't verify someone once and allow that person access to all your data, you verify every time there is a request for new data. It's a fairly new concept that not many companies have implemented, but all those mechanisms can definitely lower your risk.

If these companies were affected then the foundation of computing could be at risk. If you could manipulate at the hardware layer via the firmware, BIOS, ect then a threat actor could weaponize well below the operating system which brings in to question the integrity of the entire computing stack and everything above it.  The firmware and bios are like the rebar and concrete for a building. If that foundation is weak then the entire structure and anything dependent on it is at risk. We cannot underestimate the potential or the severity of these companies being potentially affected by the SolarWinds hack and what that means for the foundational computing hardware they provide to the world.  What do others think ?  How could this impact your organization ?   Big tech companies including Intel, Nvidia, and Cisco were all infected during the SolarWinds hack - The Verge

Top Answer : The message here is: one is never out of the woods ever, so pay attention! Just because today's news eclipses yesterday's doesn't mean companies get to shove the bad under the rug and stay silent. Remember, vulnerabilities discovered 10-15 years back are still at the top of the list of the most exploited.

Are there any solutions currently in the market for Customization and Total Automation for Penetration Testing Reports?

Top Answer : Its not exactly automation of reports but we are looking at AttackIQ to automate parts of the pentesting process including reporting. Happy to chat further if interested.

What can CISOs/CIOs do to be effective despite lack of board readiness?

Top Answer : Usually I have selected roles where IT security functions were pretty well valued. I've had opportunities come up when an organization wants a head of security, and I’ll ask them, “How does the company feel about security?” If they say, “The board doesn't care. They have no interest," in an interview, then I’ll turn down that role. I shouldn’t need to teach you about why my job is important. A company can say all the right things, but if their concern isn’t real then you'll be giving all these presentations, and when it actually gets back to leadership, they say, "Yeah, our security's good—we got breached, but we have you and some other people now, so we're good." Organizations have to understand that security professionals are not a statue you put in a place. They're not like a rottweiler in a junkyard. You have to actually invest in what they're doing. But changes are happening. In a lot of those conversations with leadership about security, people would just nod along and say, "Okay. Uh-huh. No, I'm listening, yep, uh-huh." Now it is, "Tell us how you're going to actually stop this because we're all shareholders."


What is the future of cybersecurity and what changes are organizations making? Should the government implement more defined rules to protect businesses from cyber attacks?

What are your thoughts on SaaS management platforms (SMP)?

Top Answer :

Related Tags
Business Application Development
Architecture & Strategy
Requirements & Design
Testing, Deployment & QA
Mobile Development
Selection & Implementation
Business Analysis
Applications Vendor Landscapes
Data Center
Public and Hybrid Cloud
Business Applications
Crisis Management
Data & Business Intelligence
Artificial Intelligence
Business Intelligence Strategy
Data Management
Enterprise Integration
Machine Learning
Data Lake
Big Data
Data Warehouse
Disruptive & Emerging Technologies
Virtual Reality
Digital Innovation
Augmented Reality
End-User Services & Collaboration
Collaboration solutions
End User Equipment
End-User Computing Devices
Endpoint management
Productivity tools
Document Management
End-User Computing Applications
End-User Computing Strategy
Voice & Video Management
Continuous Integration
Technical Product Management
Continuous Deployment
Quality Assurance
Customer Relationship Management
Enterprise Content Management
Customer Success
Enterprise Information Management
Enterprise Resource Planning
Marketing Solutions
Human Resource Systems
Product Recommendation
Risk Management
SOX Compliance
Governance, Risk & Compliance
Infrastructure & Operations
Cloud Strategy
I&O Finance & Budgeting
Operations Management
Network Management
DR and Business Continuity
Server Optimization
Attract & Select
Cost & Budget Management
Manage Business Relationships
Organizational Design
Program & Project Management
Train & Develop
Talent management
Performance Measurement
Organization Structure
Manage & Coach
Availability Management
Financial and Vendor Management
Service Desk
Management Tools
Enterprise Service Management
People & Process
Process Management
Asset Management
Project & Portfolio Management
Portfolio Management
Project Management Office
Confidentiality, Integrity, Availability
Secure Cloud & Network Architecture
Endpoint Security
Data Privacy
Identity and Access Management
Security Operations Center
Security Strategy & Budgeting
Security Vendor Landscapes
Threat Intelligence & Incident Response
Threat & Vulnerability Management
Vendor Management
Infrastructure Vendor Landscapes
Strategy & Operating Model
Business Continuity
Architecture Domains
Tool Recommendation
Is XDR (extended detection response) a buzzword or a real transformational shift?

Top Answer : The whole XDR thing is just a marketing buzzword that everybody's embracing. It’s extended detection response—if I wasn't already doing that, then shame on me because it’s my job to make sure that I monitor what needs to be monitored. But that's a bit of a harsh feud and I know there are a bunch of XDR players. There are certainly technology components and extended service components that people are doing.