Passive DNS Monitoring – Why It’s Important for Your IR Team

DNS is an unsung hero among protocols during a network investigation. It’s almost universally used by other protocols such as HTTP, SMTP, and the like. It’s also a plaintext protocol, which can benefit an incident responder who cannot otherwise examine the contents of an encrypted connection. However, passive DNS monitoring (also known as DNS logging) […]

Detecting Targeted Crimeware Within 30 Minutes of Activating Red Canary

There is no limit to the creativity attackers will use when masking their activity. We observed a great example of this immediately after beginning a 14-day evaluation with a B2C services company. Like most of our customers, this company needed an endpoint visibility, detection and response solution to augment their existing security efforts and further […]

Examining the endpoint security opportunity

This week Network World reported on the “Massive Enterprise Endpoint Security Opportunity.” The premise is that, despite a very active Endpoint Threat Detection & Response (ETDR) market, companies still struggle with significant coverage gaps. In an ESG survey of security professionals, two data points emerge: 63% believe that “[t]here is no endpoint security vendor that […]

Visibility Becomes Paramount As Endpoints and MSSPs Heat Up

This is a guest post contributed by Benjamin Johnson, Chief Security Strategist, Bit9 + Carbon Black. The endpoint security space is hot right now. The managed security provider space is also hot right now. So it only makes sense that managed endpoint security, in one form or another, is the place to be. You cannot […]