Three Ways to Fortify Security Operations With Technology and Expertise
Information security practitioners operate in a multi-dimensional field requiring speed and agility in order to adapt to constant change. We must be swift at detection and response in order to prevent compromises and data breaches.
Just recently I worked with my FireEye Mandiant Managed Defense colleagues to remove a threat actor from a customer’s environment after detecting the usage of BLOODHOUND, an Active Directory recon tool. Our rapid detection and response prevented the customer from data loss, and we went on to improve their security posture with preventative security configuration changes to their network environment.
Find and outmaneuver. These are aspects of the security field over my entire career—from the U.S. Air Force and carried through to Managed Defense. With each new customer, operation and engagement, I have noticed that there are some striking similarities on how to fortify security operations to better battle the adversary, regardless of the job.
1. Take Action Now
There is rarely a good time to pause. From APTs to FIN groups (financially motivated attackers), attackers are innovative, resourceful and highly motivated to breach a network. As I write this, we’ve seen a resurgence of opportunistic attacks and actors are organized to deliver malware as a service. Take MAZE ransomware for example...