Blog Posts

ShinyHunters doesn't encrypt. They log in. Here's the recovery playbook built for an identity-based intrusion, from containment to hardening in the first 48 hours.

Do we recover first or harden security?

Jim Aldridge joins our partners at Airiam on their podcast to discuss parallels he sees between flying a plane and successfully preparing for and responding to cybersecurity incidents.

Ransomware containment and recovery at enterprise scale: MOXFIVE's tactical playbook covering network isolation, identity reset, backup restoration, decryption strategy, and the common pitfalls that extend recovery timelines.

When an incident progresses to the point where enterprise remediation is required, the scope and scale of the response can be daunting. In this two-part series with CrowdStrike, we lay out a roadmap from planning to recovery.

In this blog, we look at 8 examples of best practices that can be implemented to provide for a more resilient architecture.

Business Email Compromises (BECs) continue to be the one of the top attack vectors, costing organizations over $2.3 billion in 2021. In this blog, we share priorities and key methodologies for investigating these attacks.

Host-based microsegmentation offers a wide range of advantages over legacy counterparts allowing organizations to apply segmentation at much deeper granularity including host, user, or application levels.

Gaining access to Active Directory is often a goal of threat actors during an intrusion. In this blog, we look at two key workstreams that add security layers making it more difficult for threat actors to achieve this goal.

Finding the right balance between containment, recovery and forensics workstreams is the key to faster and more effective incident response.

The lines between forensics and recovery can easily blur during incident response. Using an approach that delivers both in parallel helps minimize business interruption and get organizations back online more quickly.

Prioritize efforts, consolidate focus, succeed.