Cyber-targeted attacks such as APTs are the primary cause of concern for any organization that holds data which can be of interest to attackers. The motivations are diverse and the attackers are highly sophisticated and relentless in their approach.

Here are some indicators which will help you detect a compromise :

• Identification of same email from public domain to significant number of users or C-level employees or high value targets; encrypted attachments, password protected and zipped and pr

While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me thinking, why is threat detection so hard for so many organizations today? We can trace the “cyber” threat detection to 1986 (“Cuckoo’s Egg”) and 1987

I got into a very insightful debate with somebody who will remain nameless in the beginning of this post, but will perhaps be revealed later. The debate focused on the role of context in threat detection.

Specifically, it is about the role of local c

One of the most common questions I received in my analyst years of covering SIEM and other security monitoring technologies was “what data sources to integrate into my SIEM first?”

And of course the only honest answer to this question is: it depen