7 matches found
Applying the Tyson Principle to Cybersecurity: Why Attack Simulation is Key to Avoiding a KO
Picture a cybersecurity landscape where defenses are impenetrable, and threats are nothing more than mere disturbances deflected by a strong shield. Sadly, this image of fortitude remains a pipe dream despite its comforting nature. In the security world, preparedness is not just a luxury but a...
Implications of Windows Subsystem for Linux for Adversaries & Defenders (Part 2)
This post is the second of a multi-part blog series that explores and highlights the different risks that Windows Subsystem for Linux WSL poses to an enterprise IT environment. Here we examine different TTPs that abuse WSL and assess different methods to defend against such threats. ← Go to Part ...
Holy Grail of Security: Answer to ‘Did X Work?’ – Podcast
Get a glass. Pour in one shot of VERIS, aka the Vocabulary for Event Recording and Incident Sharing engine that generates Verizon’s funny, well-written, incredibly useful, annual Database Investigations Report DBIR. Next, add a shot of MITRE ATT&CK: the curated knowledge repository of reported...
MITRE ATT&CK® mappings released for built-in Azure security controls
The Security Stack Mappings for Azure research project was published today, introducing a library of mappings that link built-in Azure security controls to the MITRE ATT&CK® techniques they mitigate against. Microsoft once again worked with the Center for Threat-Informed Defense and other Center...
MITRE ATT&CK® mappings released for built-in Azure security controls
The Security Stack Mappings for Azure research project was published today, introducing a library of mappings that link built-in Azure security controls to the MITRE ATT&CK® techniques they mitigate against. Microsoft once again worked with the Center for Threat-Informed Defense and other Center...
How the new Talos IR Cyber Range can prepare your employees for a cyber attack
By Gerard Johansen, Charles Iszard and Luke DuCharme. With the surge of ransomware attacks, information leaks and other cyber attacks in the headlines, most companies and organizations are aware that their employees need to be trained on how to stay safe online. But the real challenge lies in how...
Countdown to Black Hat: Top 10 Sessions to Attend — #5
Black Hat USA 2019, which is only one month away, offers scores of training courses and research briefings, so every week we’re picking a session we believe Qualys customers will find valuable. This week’s selection is the training course Adversary Tactics -- Detection. This course focuses on...