Cyber Kill Chain use areas

How Cyber Kill Chain Can Be Useful for a SOC Team? (Part 2)

Installation: At this stage, SOC analysts are advised to deploy a Security Information and Event Management (SIEM) and Host-Based Intrusion Detection System (HIDS) to detect attacks. To deny an attack, Cyber Kill Chain recommends using Two-Factor authentication, strong password, and privilege separation as well as disrupting attack using data execution prevention. If the attackers successfully penetrate corporate critical IT infrastructure, SOC teams must contain them in a timely fashion to mitigate damages. To this end, Cyber Kill Chain recommends employing Inter-Zone Network Intrusion Detection System, App-aware firewall, and trust zones.

Continue reading

forensic investigation SOAR

How to Do Cyber Forensic Investigation with SOAR?

The incident response process is incomplete unless the cyber forensic investigation takes place. In fact, forensic investigation helps in identifying the causes of the attack and the main culprits behind the attack. Usually, the Computer Security Incident Response Team (CSIRT) has to gather forensic details such as logs or artifacts in the aftermath of the incident. Doing so manually is a daunting task as data is supposed to be collected from multiple sources such as the operating system, memory, network, or even cloud.

Continue reading

Coronavirus Pandemic: Beware of the Bait Sites

The menace of coronavirus pandemic is accelerating significantly and hackers are capitalizing the element of fear to collect shear currency. They are creating thousands of websites as baits.

According to the Check Point Research report, threat actors are registering phony COVID-19-related domains and selling them on discounted off-the-shelf malware on the dark web.

In this article, we will delve into some essential details regarding the coronavirus-related bait sites. Here is some help.

Continue reading