“Just make us Zero Trust.” Hands up if you’ve ever heard some version of this statement. Gather ten cybersecurity pros in a room, and you’ll have ten frustrated people trying to implement Zero Trust Security Architecture (ZTA).   Although boards and non-security executives often understand the ZTA security model at a high level and love the…

Bad news first. Implementing Zero Trust is more complex than using a particular service or a product.  Although definitions vary, Zero Trust is an approach to network architecture that moves security closer to user actions and away from network assets. In a 100% Zero Trust environment, no user, process or application inside a network is…

What size Zero Trust would you like? Zero Trust Architecture (ZTA), and cybersecurity in general, would be easier if you could walk into a Zero Trust shop instead of navigating a human and technological minefield featuring confused executives, reluctant employees, and a buzzword-heavy Zero Trust vendor landscape. The fact that “humans don’t work in a…

Lachlan Godding 06 Sep 2023 Quacking the Code: An Analysis of the Ducktail Malware Operation SenseOn has analysed several variants of a highly targeted malware operation, dubbed ‘ducktail’, which is delivered to victims via tailored spearphishing attacks. While a WithSecure report indicates that this malware has been in circulation since as early as 2018, SenseOn…

A typical security operations centre (SOC) has three core costs: People, data and tools.  The total cost of these will vary dramatically based on factors like how many endpoints and users are in your environment and the number of SOC team members you need. Various SOC cost calculators available online put the cost of building…

If you had to choose a security measure that would make the most difference to your cyber program right now, what would it be?  Maybe you’d like to get another person on your team? Someone who is a skilled analyst, happy to do routine work and incredibly reliable. Or perhaps you’d prefer an investment that…

Endpoint Detection and Response (EDR) alerts are what happens when an EDR system decides that event data from an agent installed on an endpoint, or several endpoints, shows a potential threat. This doesn’t mean that every EDR alert is a malicious event in progress. Many are “false positives” or malicious behaviour that is actually not…

Learn about the 3 capabilities that effective threat detection tools need to have in 2023.

Is this suspicious network activity alert actually a sign of intrusion, or just another false positive? As the cybersecurity visibility gap widens, anyone who works in a security operations centre (SOC) is likely to ask themselves and their colleagues this question on a regular basis.  Unfortunately, as analysts know, answering it is rarely straightforward. Most…

Security information and event management (SIEM) solutions like Microsoft Sentinel SIEM are at the heart of most security operations teams. But like any SIEM, while Microsoft Sentinel can be an incredible tool for centralising security data, it also risks being expensive and ineffective. In a recent webinar I discuss these problems and how SenseOn can…