You Dont Have Windows 7 in Your Environment Do You

Today is the day. Microsoft Windows 7 is officially end-of-life (EOL). The Windows 7 operating system was released on October 22, 2009. For 10 years now, IT and system administrators around the globe have relied on their trusty old Windows 7 OS. I mean, it was a step beyond Windows XP for sure. With EOL here, have you migrated all of your systems to Windows 10? If you have not migrated, you definitely should. Continue reading

Investigate Alerts in Microsoft Azure Using SOAR

Alerts or detections come in many forms—some are good and some are not—and security operations center (SOC) analysts are responsible for the initial investigation into these anomalies. What’s more, when it comes to cloud-based resources, we may not have the luxury of logging everything that happens on a host operating system. Microsoft Azure helps provide quite a bit of data to assist with the initial investigation, as well as some initial response actions. Continue reading

Understanding APIs: SOAP

In my previous post, I talked about the basics of REST (representable state transfer) APIs (application programming interfaces). If you haven’t read it yet, I highly recommend you read that post before continuing. In this post, we will be talking about the basics of simple object access protocol (SOAP) APIs, and we will primarily focus on a real SOAP service: Microsoft Exchange Web Services. RESTful APIs, which are the most commonly used APIs today, are powerful and provide a simple way to interact with a service or application via an exposed interface. Continue reading

Swimlane and Cylance PROTECT: Endpoint Threat Response

Swimlane and Blackberry Cylance have partnered to offer a new use case that combines the power of security orchestration, automation and response (SOAR) with Cylance PROTECT’s integrated threat prevention solution. The Proactive Endpoint Threat Response use case utilizes our integration to take a proactive response to detections identified by Cylance PROTECT. By ingesting detections from Cylance PROTECT, Swimlane can automate and orchestrate the enrichment of detections using multiple open source intelligence (OSINT) platforms to identify malicious files proactively that are similar or related to a specific variant identified by Cylance. Continue reading

Understanding APIs: REST

Security orchestration, automation and response (SOAR) platforms rely heavily on APIs (application programming interfaces) to drive orchestration of disparate security tools (products) and invoke desired responses in the form of actions. Besides SOAR products, APIs are commonplace among almost all services, tools, and products used by technical workers. Even though APIs are extremely common, you may not have experience using them or even know that a service has one when interacting with it. Continue reading

Vulnerability Management Program Best Practices

Nowadays most organizations have begun to implement a Vulnerability Management Program (VMP), but implementing one is daunting. Most organizations realize they either have no true categorical ownership over systems or they lack the authority to enforce remediation of identified vulnerabilities. Either way, it is time consuming to track down and enforce a true VMP within many organizations. What is a Vulnerability Management Program? If you are new to implementing a VMP, then you first must understand what vulnerability management is. Continue reading

Every Security Team Is a Software Team Now

Building and facilitating a culture with continuous collaboration between engineers and security forces is becoming the new philosophy in security, which is why I am stoked for this year’s Black Hat USA keynote speaker: Dino Dai Zovi, staff security engineer at Square. “Every Security Team is a Software Team Now” promises to dive into the latest iteration of security operations as current security teams morph into in-house security software teams, delivering multi-vertical value through self-service platforms and tools. Continue reading