Incident Response Tools

You are only as good as your toolset!

David Biser

August 31, 2016 - Posted by David Biser to Security Insight

In my last blog I asked the question, “Have you ever tried to chop down a tree with a fork?” and told you about an incident response process that was made difficult by the lack of adequate tools. This is a common problem in the field of incident response and security as a whole, and shouldn’t exist. Unfortunately, however, many system administrators, network administrators and help desk personnel assume they can handle an incident, when in reality it is far more complex than they are aware.

A basic introduction to incident response is beyond the scope of this blog, but I do want to introduce the reader to the “Order of Volatility.” This is a common methodology that is taught across the security spectrum. It provides the responder with the ability to gather evidence from the more volatile to the less. This is extremely important when responding to breaches or malware infections. So, let us review the... read more >

Incident Response Preparation

Preventing Incident Response Frustration #WarStoryWednesday

David Biser

August 03, 2016 - Posted by David Biser to Security Insight

Threat Intel

Ever try to chop down a tree with a fork? Any type of skilled labor requires the use of proper tools, and incident response is no different. In my experience as an incident responder, many organizations often lack both the proper incident response tools and staff trained to use those tools. In this war story, we take a look at what that can mean for rapid response and remediation.

Incident Response War Story

In a recent incident response engagement, a victim of a data breach contacted us regarding the loss of credit card data. This company had received a notification from a Federal law enforcement agency, which, during an investigation, had observed the organization’s IP addresses in relation to stolen credit card data. Further investigations showed that the stolen credit card data had been taken from the organization’s network. The notification had little for the organization to go on, which is typical in this type of situation. Yet,... read more >

The Evolution of Ransomware

Think You've Seeen It All from Ransomware?

David Biser

April 26, 2016 - Posted by David Biser to Security Insight

The Evolution of Ransomware

We’ve all seen them. Recent headlines filled with reports of massive ransomware attacks against a multitude of targets. With healthcare organizations, financial institutions, and even the government falling prey, it would appear that none are safe. Many, many blogs and security posts have been issued warning businesses against this attack vector, seemingly to no avail!  So, you might ask: “Why should I continue reading this blog post?” The answer is simple. Ransomware is evolving!

That’s right – you haven’t seen the end of ransomware or its effects. Since so many businesses are learning to effectively recover from devastating ransomware attacks, cyber criminals are adopting new methods to continue their campaign. Recent research from Talos indicates that ransomware authors are changing their weaponry to be even more... read more >

Threat Intelligence and Incident Response: What Not to Do


David Biser

April 06, 2016 - Posted by David Biser to Security Insight

Integrate threat intelligence to enhance incident response.

Cyber security is an ever-changing landscape. As technology changes so must security procedures and techniques. Often in the cyber security realm of incident response, I am astounded by the lack of forethought given to newly emerging tools and tactics, such as threat intelligence.

Threat intelligence is important and must be properly dealt with if we are going to utilize it to its fullest capacity in cyber security. Sadly though, we are seeing a true lack of thought and strategy when it comes to actually implementing threat intelligence in the incident response process. This war story displays the wrong method of utilizing threat intelligence, both as a part of incident response and as a way to react to ongoing threats.

War Story

A company experienced what was classified as a breach, when several customers’ personally identifiable information (PII) was used to... read more >

Cloud Security: What to Expect

How to prepare for security in the cloud

David Biser

February 23, 2016 - Posted by David Biser to Security Insight

Cloud Security

In my recent blog post, we introduced the topic of cloud security and described tips to understanding a cloud environment. For this blog, I want to explain how a company can incorporate security into the cloud.

As more and more companies adopt the cloud service model and migrate their critical data to the cloud, security must rise to the forefront. If you neglect security in the beginning phases of adopting the cloud, then you are setting yourself up for failure.

Enhance control layers for cloud security

First, let us describe some control layers that you... read more >

Voted one of the Best Computer Security Blogs 2016
NTT Security (US), Inc. (formerly Solutionary) is a security consulting and managed security services provider. The NTT Security blog is a place for IT professionals to both learn and talk about the latest in IT security and compliance.

Get the NTT Security Blog delivered to your inbox!

Enter your Email:

(We will not share your email or use it for anything else.)