AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Search in comments
Filter by Custom Post Type
Posts

New Professor Wool whiteboard video course on advanced cyber threat and incident management

by

Advanced Cyber Threat and Incident Management with Professor Wool is a new whiteboard-style series of lessons that examine the some of the challenges of and provide technical tips for helping organizations quickly respond to cyber-attacks while minimizing the impact on the business. Enjoy the videos!

Lesson 1: How to Bring Business Context into Incident Response

SIEM solutions collect and analyze logs generated by the technology infrastructure, security systems and business applications. The Security Operations Center (SOC) team uses this information to identify and flag suspicious activity for further investigation. In this lesson, Professor Wool explains why it’s important to connect the information collected by the SIEM with other databases that provide information on application connectivity, in order to make informed decisions on the level of risk to the business, and the steps the SOC needs to take to neutralize the attack.

Lesson 2: Bringing Reachability Analysis into Incident Response

In this lesson Professor Wool discusses the need for reachability analysis in order to assess the severity of the threat and potential impact of an incident. Professor Wool explains how to use traffic simulations to map connectivity paths to/from compromised servers and to/from the internet. By mapping the potential lateral movement paths of an attacker across the network, the SOC team can, for example, proactively take action to prevent data exfiltration or block incoming communications with Command and Control servers.

Subscribe to Blog

Receive notifications of new posts by email.