Welcome to our new blog series, in which ReliaQuest teammates recommend interesting stories that you might find useful in your day to day jobs. This month, I’m joined by my colleagues, threat hunters George Paco and Jonny Elrod. Here is what we are reading. Rick’s Recommendation “Octosuite: A New Tool to Conduct Open Source Investigations […]
Editor’s note: Dean Murphy, Brandon Tirado, and Joseph Morales all contributed to this blog. The “SocGholish” (aka FakeUpdates) malware distribution framework has presented a gripping tale of intrigue and suspense for ReliaQuest this year. Just in January, we’ve identified and responded to two discrete “hands-on-keyboard” intrusions traced back to a SocGholish compromise. We contained both […]
Originally published in August 2019 Every industry is susceptible to data breaches and malicious cyber-attacks. In 2021, over 5 billion records were exposed and over 1,200 data breaches occurred in the United States. With an 11% increase in data breaches compared to 2020, CISOs and security operations must actively monitor for threats and combat them before […]
First published December 2020 In one of our previous Threat Hunting Use Case blogs, Firewall Targeting DNS, we focused on using firewall data to observe outbound DNS (Domain Name System) traffic in an environment to identify threats and potential security hygiene issues. One specific objective involved identifying potential endpoints bypassing internal DNS forwarders, in order to […]
Keeping Up on Endless IoCs with TweetDeck Keeping up on the latest news is never an easy task. With endless newsletters, feeds, and social media to keep track of, it can be a daunting task. To help with streamlining information security feeds, I’ve recently turned to TweetDeck, a very useful feature of Twitter. TweetDeck offers […]
Today we’re introducing a new set of capabilities in our GreyMatter Open XDR-as-a-Service platform that allow security operations teams to improve detection, threat hunting and ease of management for the platform. These new features address some of the biggest challenges for security programs, most notability that in spite of investments in multiple tools, security operations […]
Firewalls are a staple in every enterprise environment and are typically the first line of defense protecting a network. They control the flow of traffic in and out of network boundaries based on a set of rules. The management of these rules will ultimately determine the level of security and protection a firewall provides. One […]
Do you and your team want to start proactively threat hunting in your environment? If so, it’s time to dive into the threat hunting steps below, starting with performing research on what you want to hunt for before digging into the data. It can be tempting for security teams to want to dive right in without a […]
Updated May 2021 Antivirus (AV) is one of the most fundamental tools that an organization can deploy to provide security to their organization. A typical antivirus solution primarily uses signature–based detections for identifying threats on a system which may not catch the most advanced threats, but it is still helpful in detecting some commodity malware […]
Ransomware droppers and data ex-filtration and phishing, oh my! Web traffic is an essential part of operations but also represents one of the most dynamic attack surfaces all companies have to secure. The first step to securing this attack surface is installing a web proxy, which introduces an overwhelming volume of logging that’s difficult to […]