Dealing with Insider Threats Charles Herring

The most dangerous and difficult risk to detect to an organization is insider threat. When a trusted asset decides to betray the trust of his benefactor for the sake of ideology, greed or extortion the organization can suffer long lasting damage. This article outlines the nature and strategies of handling insider threat.

Processing IOCs in the StealthWatch System Charles Herring

Threat data contained in Indicators of Compromise (IOC) can be applied against the data stored in StealthWatch to look for markers of historical breach. This entry outlines the steps in performing this analysis.

Step Away from the PCAP! Charles Herring

Great investigators know the importance of details but often we go too deep, too quickly. An organized approach to incident response will allow more actionable intelligence to be created in less time.

Subscribe to forensics