“Just make us Zero Trust.” Hands up if you’ve ever heard some version of this statement. Gather ten cybersecurity pros in a room, and you’ll have ten frustrated people trying to implement Zero Trust Security Architecture (ZTA). Although boards and non-security executives often understand the ZTA security model at a high level and love the…
Read moreHow to Implement Zero Trust with SenseOn
Bad news first. Implementing Zero Trust is more complex than using a particular service or a product. Although definitions vary, Zero Trust is an approach to network architecture that moves security closer to user actions and away from network assets. In a 100% Zero Trust environment, no user, process or application inside a network is…
Read moreWhat Zero Trust Vendors Need To Tell You
What size Zero Trust would you like? Zero Trust Architecture (ZTA), and cybersecurity in general, would be easier if you could walk into a Zero Trust shop instead of navigating a human and technological minefield featuring confused executives, reluctant employees, and a buzzword-heavy Zero Trust vendor landscape. The fact that “humans don’t work in a…
Read moreQuacking the Code: An Analysis of the Ducktail Malware Operation
Lachlan Godding 06 Sep 2023 Quacking the Code: An Analysis of the Ducktail Malware Operation SenseOn has analysed several variants of a highly targeted malware operation, dubbed ‘ducktail’, which is delivered to victims via tailored spearphishing attacks. While a WithSecure report indicates that this malware has been in circulation since as early as 2018, SenseOn…
Read more3 Ways to Reduce Your Security Operations Centre Costs
A typical security operations centre (SOC) has three core costs: People, data and tools. The total cost of these will vary dramatically based on factors like how many endpoints and users are in your environment and the number of SOC team members you need. Various SOC cost calculators available online put the cost of building…
Read more2 (Realistic) Ways to Leverage AI In Cybersecurity
If you had to choose a security measure that would make the most difference to your cyber program right now, what would it be? Maybe you’d like to get another person on your team? Someone who is a skilled analyst, happy to do routine work and incredibly reliable. Or perhaps you’d prefer an investment that…
Read moreSolving False Positive EDR Alerts
Endpoint Detection and Response (EDR) alerts are what happens when an EDR system decides that event data from an agent installed on an endpoint, or several endpoints, shows a potential threat. This doesn’t mean that every EDR alert is a malicious event in progress. Many are “false positives” or malicious behaviour that is actually not…
Read moreThreat Detection In 2023 Is Broken. Here’s How to Fix It
Learn about the 3 capabilities that effective threat detection tools need to have in 2023.
Read morePlugging the Cybersecurity Visibility Gap
Is this suspicious network activity alert actually a sign of intrusion, or just another false positive? As the cybersecurity visibility gap widens, anyone who works in a security operations centre (SOC) is likely to ask themselves and their colleagues this question on a regular basis. Unfortunately, as analysts know, answering it is rarely straightforward. Most…
Read moreSupercharge Microsoft Sentinel SIEM with SenseOn
Security information and event management (SIEM) solutions like Microsoft Sentinel SIEM are at the heart of most security operations teams. But like any SIEM, while Microsoft Sentinel can be an incredible tool for centralising security data, it also risks being expensive and ineffective. In a recent webinar I discuss these problems and how SenseOn can…
Read more