Threat modeling frameworks and methodologies


Threat modeling is a process by which organizations can shift their security approach from reactively plugging exploits to proactively and systematically understanding and addressing potential threats in the design stage. This process identifies potential threats to the system, data/asset exposure, logical/architectural vulnerabilities, and relevant security controls to help evaluate security decisions, serve as a guide... Continue Reading →

Advertisements

Unpatched vulnerabilities; Is it problem worth solving?


Enterprise today are investing in world class security products and do hire talented workforce to keep their business assets safe from any attack vectors. According to IBM XForce Threat Intelligence Index 2019, the growing attack surface and rising risk in organization today are vulnerability remediation and effective patch management. Security leaders wanting their security operations... Continue Reading →

Cyber Threat Intelligence Sources


On Feb 12, 2015, US president sign an Executive Order to encourage and promote sharing of cybersecurity threat information within the private sector and between the private sector and government. Rapid information sharing is an essential element of effective cybersecurity, because it enables companies to work together to respond to threats, rather than operating alone.... Continue Reading →

Modern CyberSOC – Brief and Implementation Strategy on building a Collaborative Cyber Security Infrastructure


In earlier years, everyone depends on SOC (includes firewalls, WAF, SIEM, etc.) and the prioritize in building the SOC provides security and the CIA was maintained. However, later the emerge of the attacks and the threat actors becomes more challenge and the existing SOC will not able to provide better security over the CIA. There... Continue Reading →

Cyber kill chain is dead


cyber kill chain vs MITRE

Threat Hunting = Use humans to find stuff


Organizations realize that cyber security investments are not avoidable in digital economy and has leading security technologies to identify, protect, detect, respond and recover from various attack vectors. But, Can they sit and relax for tools and technologies to alert them? If yes, why companies waiting an average of 220 days between the intrusion and... Continue Reading →

Blog at WordPress.com.

Up ↑

%d bloggers like this: