Quick Cookie Notification

This site uses cookies, including for analytics, personalization, and advertising purposes. For more information or to change your cookie settings, click here.

If you continue to browse this site without changing your cookie settings, you agree to this use.


View Cookie Policy for full details

Matt Hathaway  

Why Flexible Analytics Solutions Can Help Your Incident Response Team

I happen to despise buzzwords, so it has been challenging for me to use the term "big data security analytics" in a sentence, mostly because I find it to be a technical description of the solutions in this space, rather than an indicator…

Underestimating Attackers Gives Them an Advantage

All too often, the media reaction to data breaches is to tout the incredible sophistication of responsible parties, as if it is a shock that technological developments have made these events increasingly easier. There are some very key areas in which we need to stop…

You Need To Understand Lateral Movement To Detect More Attacks

Thanks to well-structured industry reports like the annual Verizon DBIR, Kaspersky "Carbanak APT" report, and annual "M-Trends" from FireEye, the realities of modern attacks are reaching a much broader audience. While a great deal of successful breaches were not the work…

Attackers Have Luck On Their Side - Prevention Is Not Enough

Some security professionals mistake the "assume breach" mentality to be a statement that people are giving up on trying to prevent cyber attacks. To the contrary, many of us believe that you need to do everything in your power to incapacitate intruders, yet…

Incident Detection Needs to Account for Disruptive Technologies

Since InsightIDR was first designed, there has been a noteworthy consistency: it collects data from your legacy networking infrastructure, the mobile devices accessing your resources, and your cloud infrastructure. This is because we believe that you need to monitor users wherever they have access to…

Leverage Attackers' Need To Explore For Detection

When you examine the sanitized forensic analyses, threat briefings, and aggregated annual reports, there are a two basic facts that emerge: There are a lot of different attacker groups with access to the same Internet as baby boomers and short-term contractors. Most of them are…

Attackers Thrive on Chaos; Don't Be Blind to It

Many find it strange, but I really enjoy chaos. It is calming to see so many problems around in need of solutions. For completely different reasons, attackers love the chaos within our organizations. It leaves a lot of openings for gaining access and remaining undetected…

People and Process Are Keys to Compliance, Tech Simply Must Make Them Both More Efficient

Compliance is not always an exciting topic to write about, in fact it's almost NEVER an exciting topic to write about, but that doesn't diminish its importance. For those of you in security who must adhere to a varietal (first of many references to adult…

Enterprise Account Takeover: The Moment Intruders Become Insiders

Every time an attacker successfully breaches an organization, there is a flurry of articles and tweets attempting to explain exactly what happened so information security teams worldwide are able to either a) sleep at night because they have mitigated the vector or b) lose only…

Insider Threat or Intruder: Effective Detection Doesn't Care

For various reasons, I have recently had a lot of conversations about insider threats. What is the best solution for them? How can they be detected? Does InsightIDR detect them? Rather than answering these questions with more questions, here is what I say: when you…

Positive Secondary Effects: Incident Response Teams Benefit From Cloud Applications

We primarily hear the term "secondary effects" after natural disasters: "an earthquake causes a gas line to rupture and a fire ensues" or "a volcano erupts and the sulfur cloud shuts down all flights across the Atlantic", but there…

Catching Stealthy Attackers: Detecting Log Deletion and Brand New Phishing Domains

It should come as no surprise by now that attackers are doing their best ninja impressions when trying to monetize the data on your network, whether it be credit card data, intellectual property, health records, or something else entirely. The longer their presence remains unknown,…

Alert Fatigue: Incident Response Teams Stop Listening to Monitoring Solutions

"Don't Be Noisy." It's that simple. This motto may be the only remaining principle of the concept that entered incubation in mid-2012 and eventually became InsightIDR. Of the pains that our customers shared with us up to that point, there was a very…

Detecting Intruders Using Credentials: Lateral Movement Is Not Just for T3h 1337 h4x0|2

The largest challenge for organizations looking to detect and contain attackers is one of the hardest to overcome: disbelief. Disbelief that they will be targeted. Disbelief that someone will get past their perimeter. Disbelief that they will use stealth. Whether it is an expert group…

Attackers Love When You Stop Watching Your Endpoints, Even For A Minute

One of the plagues of the incident detection space is the bias of functional fixedness. The accepted thought is that your monitoring is only effective for systems that are within the perimeter and communicating directly with the domain controller. And, the logic continues, when they…

Never miss a blog

Get the latest stories, expertise, and news about security today.