Saturday, March 29, 2014

Analyzing the Target Breach "Kill Chain Analysis" Report

-- If you haven't read it yet, the document "A "Kill Chain" Analysis of the 2014 Target Data Breach" is a must read for anyone in the role of enterprise [cyber] defense.

I've been studying recent breaches through the looking glass of the "Lockheed Martin Kill Chain". If you'd like a primer on the importance and background of the kill chain methodology you should read Rodrigo Bijou's fantastic analysis. The LM kill chain methodology for examination and defense from an attack is actually quite brilliant. It's not necessarily revolutionary - but enterprise security professionals now have a structured and documented way of trying to thwart attackers, and learn from breaches. So it's fair to say that this is something everyone in defense (and oddly enough, offense) should know like the back of their hand.

Tuesday, March 25, 2014

Attribution - The 10 Ton Elephant in the Room

First let me tell you why I'm writing this post you're reading, and why I hesitated to write this post in the first place. I am not a full-time threat or security researcher, let me just get that out of the way. I'm fully aware I don't qualify to have the in-depth attribution conversation which I'll leave up to the experts but there are many things that still fall into my wheelhouse, so here is a semi-organized collection of my thoughts on this specific topic of attribution in cyber.

This current discussion on the DailyDave regarding the APT1 report Mandiant put out (one year on) list is seriously boiling my bunny(tm).

Monday, March 10, 2014

Here a box. There a box. Everywhere a breach. Notes from RSA 2014

TL;DR - More of the same, and security is still a 1U 'solution' that fails every time, eventually.

Hey everyone, I’m writing you from the settled dust of RSA Conference 2014. It typical fashion I made grandiose plans to meet up with people I’d not seen in years, and meet people I only knew by a handle over Twitter or some other online forum … and it all went to hell. Best laid plans and all that, right? Every year RSA Conference is the same. You show up in San Francisco and hit the ground in a fast sprint. Although I don’t feel like I was sprinting so much as the ground underneath me was moving so fast I could only keep up by running my hardest. Analogies aside, I ended up with a talk, a panel and some booth time and of course time with our often very interesting client base. Then I made the mistake of walking the showroom floors. That’s right, there’s an s at the end of that word because there were in fact two sides of Moscone this year that were used for exhibition.

Google+