Incident Response


Mar 2019

In Time: Responding to a Cyber Incident

Cyber threat has continued to grow year over year, as made evident by the number and scale of data breaches. Organizations face a variety of cyber threats from large-scale phishing attempts to targeted attacks from cybercrime organizations and hacking groups. When a breach occurs, rapid response is critical. The longer an incident goes undetected and the greater the foothold the attacker can establish within an...

Read More


Aug 2018

Locked Out: Ransomware Prevention and Incident Response

A ransomware attack can be a debilitating event for an unprepared person or organization.  Depending on the type and value of the data stored on an infected computer, the impact of an incident can range from a minor hiccup in operations to the death of the company. The impact of ransomware on small to medium size businesses (SMBs) can be particularly devastating. In its Second Annual...

Read More


Aug 2018

Sticking Around: Common Windows Malware Persistence Mechanisms

Malware authors put a lot of time and effort into writing their malware and finding ways to get it installed and running on target machines. If users could get rid of malware for good by just closing it or restarting their computer, then these attackers would have put in a lot of work for minimal payoff. But hackers leverage malware persistence mechanisms to be sure...

Read More


Aug 2018

What do I do if my Network is Hacked?

7 Steps to Achieving Effective Information Security Incident Response Nobody wants to be hacked, but the only thing worse than having an incident is to have one and then botch the incident response procedures. An incorrect response could allow an attacker to gain further access to your network, fail to completely remove the infection, or render evidence of the incident inadmissible in legal proceedings. By...

Read More


Jun 2018

Using Root Cause Analysis After a Cybersecurity Incident

There were 1,579 breaches reported in the U.S. in 2017, according to the Identity Theft Resource Center (ITRC). This represented a 44.7 percent increase over incidents reported for 2016. Your enterprise might be next. It’s important to learn about incident response, including a root cause analysis. The best defense for your business is prevention. However, when an incident does occur, it’s important to use the...

Read More


Jul 2017

Reverse Engineering Malware: Using Data Carving in Incident Response

Information security professionals, especially those who serve as “blue teamers” or enterprise defenders, are dealing with an evolving array of malware threats. In the blue team toolkit, one of the most important and difficult techniques is the ability to reverse engineer malware. Joe Gray, enterprise security consultant for Sword & Shield Enterprise Security, writes about his experience learning the techniques of reverse engineering malware using...

Read More