Posts

Showing posts from November, 2022

Attack Simulations for your SOC

Image
 Introduction SOC analysts spend 99 percent of their time looking at the same data and patterns over and over again. They develop muscle memory that helps them use their platforms without much effort but also in grains in them potentially poor practices. Most analysts are new to the industry and are taking certifications like CompTIA Cysa+ and Azure SC200 but none of these certifications teach them what genuine malicious actions look like. So how do you train a team of people how to detect malicious activity and respond in the ever-morphing threat landscape? You throw them through the ring of fire. You make them triage real (as close as possible) incidents and appropriately monitor their behavior and progress to tune the processes perpetually. Analysts are arguably the single most important role within a SOC, they carry the burden of triaging alerts and correctly identifying whether malicious activity is occurring. They are the first, middle and last line of defense. However, despite t

Shadow IT: Your Bible

Introduction If you have worked in IT for long enough, you would have stumbled across a handful of things that you know the user definitely shouldn't have. Well, that was likely "shadow IT". I describe shadow IT as "Anything technology related within a consistency that is not authorized by the service provider". This description is as broad as possible because that is the reality of shadow IT it exists in basically any form and as an IT service provider, the instructions and objectives given to you by executives are also likely equally as broad ("if it runs on electricity, it's your problem"). Below I've listed some key points that everyone should consider when thinking about Shadow IT: Tackling shadow IT is a never-ending battle. You need to be vigilant and always looking for improvements It's a human problem if your company hires humans, you have shadow IT. Decreasing friction and improving the relationship between the service provider