May 7, 2019 | Posted in Red Teams, Purple Teams, and GRC by Tim Wainwright and Kevin Foster   This article begins with the difference between Designing vs. Describing the cybersecurity program with NIST CSF. I then explain how in a mature program, NIST CSF helps us describe the separate purpose and sequence of Red and […]

March 21, 2019 | Posted in Blue Teams and Purple Teams by Kyle Sheely   Chances are if you’ve been affected by cybercrime in the past year, you’ve been the victim of a banking trojan. Proofpoint’s latest quarterly threat report notes that over half of all successful email-based attacks were propagated by banking trojans (meanwhile ransomware, once one of the greatest threats to enterprises, came in […]

March 8, 2019 | Posted in Blue Teams, Purple Teams, GRC, and Strategy by Evan Perotti and Mike Pinch   Back in December 2018, MITRE released the first round of its evaluations on EDR tools, including Carbon Black, CounterTack, Crowdstrike, Endgame, RSA, Sentinal One, and Windows Defender.  Specifically, MITRE tested the APT3 threat group (https://attack.mitre.org/groups/G0022/) […]

February 13, 2019 | Posted in Purple Teams by Tim Wainwright This article covers how a Purple Team process done correctly can: Be documented and organized using the free VECTR.io platform (https://vectr.io) and align to MITRE ATT&CK Generate quantitative success defense metrics more meaningful than existing hygiene and hyperbole metrics Change your teams’ attitude and […]

December 7, 2018 | Posted in Red Teams, Blue Teams, and Purple Teams by Evan Perotti and Mike Pinch   On November 29th, MITRE ATT&CK released the results of their first round of endpoint security evaluations. The evaluations simulated malicious activity from the APT-3 campaign against seven products. While our analysis directly compares the performance […]