03 Nov
Synchronize siloed security services with ConnectWise
MSPs & ConnectWise ConnectWise Manage is a popular professional service automation(PSA) software that MSPs (managed service providers) use to manage the services they are offering. It has covered many aspects of running an MSP including sales/marking/contract management/finance/project/ticket etc. all in one place. As more and more MSPs start offering cybersecurity services, a few things may
31 Oct
Create vulnerability summary report using Power BI
A vulnerability scanner enables organizations to monitor their networks, systems, and applications for security vulnerabilities. Most security teams utilize vulnerability scanners to find weaknesses in their environment and make sure preventive actions are taken properly beforehand. The number of vulnerabilities in IT systems is growing fast every day. Over 8,000 vulnerabilities are reported in Q1
29 Sep
Prevent Email Spoofing with SPF, DKIM and DMARC
Email spoofing is one of the common techniques used by phishing attacks. By using different techniques, attackers trick users to think the email is from legitimate parties. To combat email spoofing, a few mechanisms have been invented – Namely DMARC, DKIM & SPF. However many times the terms are confusing. In this blog, we will
15 Sep
6 things you should include in your client security dashboard
Client dashboards and reports are important to the community and the business value. When creating such metrics/dashboards, what is the strategy that can maximize your values? What kind of metrics you should include in your dashboard? Typically the report is mostly sent to a manager in your clients, so the information has to be
14 Jul
Risk based Alerting
Security operations centers (SOC) are incredibly noisy places. They experience hundreds of thousands of security alerts daily. 1% are urgent and very likely to be true attacks. 30% of alerts are false positives. The rest of 69% are either information, nonactionable, or take time to completely identify as false positives or true positives. Either tweaking
11 Jul
Eight factors you should evaluate when prioritizing security alerts
Quantifying and scoring individual security alert are important for security teams to effectively prioritize security tasks. Common scoring mechanisms are the Common Vulnerability Scoring System (CVSS). It is an open framework for communicating the characteristics and severity of software vulnerabilities, owned and managed by FIRST.Org. NIST publishes the Base metrics in the National Vulnerability Database
23 May
Start detecting Leaked Secrets on Darkweb in 10 minutes
The deep web, also known as the dark web, is a part of the internet that is not indexed by search engines and is therefore not accessible to most users. It is often associated with illegal activities, such as the sale of drugs and weapons, and is therefore sometimes referred to as the “dark side”
13 May
Open ports? Detect and respond with automation!
Hackers are constantly scanning networks and trying to get in via vulnerability exposed via open ports. Therefore, it is important to understand what are the open ports within your network and how to deal with them if there are any open ports. Some ports are required to open for providing service and some are needed
10 May
Cybersec Cheat Sheets
Shortcut, hot-keys are powerful techniques to improve efficiencies in daily security operations. However, it is hard to remember them all unless you are using the applications all day. Here is a curated list of cheat sheets for many many popular techs in our cybersecurity space. We did not create them. Credits are to the authors
03 May
Create a Red and Blue Team HomeLab
A SOC team usually has a red team and a blue team. It is always a good idea to practice TTPs(techniques, tactics, procedures), generate IOCs so that you can understand how an attack works and what noise it generates, and set up automation to start practicing analyzing and responding to these issues, with the aim
15 Mar
Integrating CrowdStrike API to Automate Security Investigation and Response with No Code
The CrowdStrike’s Falcon platform provides protection on critical areas of enterprise risk including endpoints and cloud workloads, identity, and data. Its Endpoint Detection and Response capabilities not only provide alerts on discovered threats but also provide a holistic view of threats and intelligence across all the hosts. Therefore, it is very useful for the security
Recent Posts
Recent Posts
Recent Comments
Leveraging AI To Reduce Risk of Ransomware
Top 5 free tools to defend against Ransomware Attack - AI-Based Analysis and Response