This Insider Risk Investigations Report highlights the expertise of our team, who has been providing insights from real hands-on investigations since 2017. As always, we are pleased to present our findings in the spirit of sharing these insights as we work towards building greater resilience from insider risk for our customers.

In this report, we have examined the existing gaps in MITRE repositories and how they inhibit security teams from understanding their true threat context. We also introduce Securin’s Vulnerability Risk Score (VRS), an vulnerability ranking system that can help organizations prioritize vulnerabilities based on their risk factors, threat associations, exploitability, and criticality.

The SANS CTI survey shows that many CTI programs can meet the challenge. While some programs are just getting started due to increased cybersecurity needs and a growing, complex threat environment brought on by the rapid shift to remote work, organizations can rely on CTI providers and information-sharing groups to fill in the gaps as their programs mature.

This report provides an analysis of the DNS queries blocked by Protective DNS, finds commonalities among the end users that are protected, and uses a financial model to estimate the value of the threat prevention provided by Protective DNS to the UK economy.

CISOs aren’t alone in recognizing the need for new threat detection and response strategies. In fact, security technology providers are championing a new technology initiative dubbed eXtended Detection and Response (XDR). XDR tools are intended to solve many threat detection and response issues by providing an integrated security architecture, advanced analytics, and simplified operations. Despite this innovation, however, users remain confused about XDR and where it could fit into their security programs. This report answers “what is XDR and which are the most important XDR requirements?”

This third edition of the Hacker’s Playbook Findings Report continues in the tradition of reporting enterprise security trends from the point of view of an attacker. The findings represent anonymized data from many millions of SafeBreach breach methods executed within real production environments. This edition includes existing Hacker’s Playbook Findings Report data and new data from deployments between January 2017 and November 2017, with a combination of over 3,400 total breach methods and almost 11.5 million simulations completed. This report reflects which attacks are blocked, which are successful, and key trends and findings based on actual security controller effectiveness.

From the report, “With its customer base of over 4,000 organizations, Alert Logic has first-hand insight into the state of threat detection and response. Drawing from more than a billion security anomalies, millions of security events, and over a quarter million verified security incidents from April 2017 to June 2018, our research has identified five key insights that every business leader, IT leader, and IT practitioner should be aware of: 1. The initial phases of the cyber killchain are merging to accelerate targeted attacks 2. Industry and size are no longer reliable predictors of threat risk 3. Attack automation and “spray and pray” techniques are aiming at everything with an IP address 4. Cryptojacking is now rampant 5. Web applications remain the primary point of initial attack” Read on to find out more.

From the report, “The fight to protect your company’s data isn’t for the faint of heart. As an embattled IT warrior, with more systems, apps, and users to support than ever before, keeping everything up and running is a battle in itself. When it comes to preventing the worst-case scenario from happening, you need all the help you can get, despite your super-hero status. That’s why we’ve developed this incident response guide. We’ve collected and curated decades of infosec war stories and intelligence — from across the galaxy — so that you’re better armed in the fight against cybercrime. You’ll have an insider’s perspective on how to build an incident response plan and team, and what tools and training you can use to arm those team members.”

This blog post takes a look at Metamorfo and how it is impacting Brazilian users, specifically, to install banking trojans.

This research presets a list of vectors commonly used by attackers to compromise internal networks after achieving initial access. It delivers recommendations on how to best address the issues. The goal is to help defenders focus efforts on the most important issues by understanding the attackers’ playbook, thereby maximizing results.

This report takes a look at the reality that even though we spend lots of money to protect people from targeted attacks, they still continue to happen. Why are we missing the mark, and what can we change?

From the report, “AED is an acronym we‘ve coined, short for “Acquire, Enrich, Detect.” It describes the process we use internally to collect threat intelligence and actualize our ability to identify when networks are under attack. We do this in the shortest possible time, with the highest degree of confidence, by looking ONLY at the raw network traffic.”