A couple of months ago, someone asked me what’s the best risk management strategy that I have come across. Pat came my reply: MITRE ATT&CK.
The person on the other end was surprised.
Continue reading “MITRE ATT&CK has always been a risk management framework, and now it’s official”
To me, the SolarWinds hack is remarkable because it (momentarily) managed to upend one kind of strategy with the other. A broader strategic calculus is palpable from the operational choices made in this intrusion — from the Concept of Operations which underpins it.
Continue reading “(Telemetry & toolchains) vs. tradecraft: The SolarWinds hack from a strategic lens”
For the Infosecurity Mag: https://www.infosecurity-magazine.com/opinions/mssps-strive-detection-ninjas/.
I am having some strange epiphanies as I go knee-deep into SIEM engineering. While the MSSPs have existed in all flavors and sizes, there seems to be a broad consensus that they simply can’t mimic the capabilities of an in-house security operations function – especially when it comes to gaining context, visibility and speed.
Continue reading “How the MSSPs Can Strive to be Detection Ninjas – Infosecurity Mag”