Cory Marchand

When I was working on a network assessment team for one of my customers, I would routinely hear upset voices when we would present our findings. The most common thing that the executives would say was, “Wait a minute, aren’t we current on our updates? I saw the compliance report, and we were all green right?” “All green right?” What that Information Security Officer was referring to was a slide that was presented to him showing the level of compliance that the hosts on his network were currently reporting. To him, this meant secure.  It meant that all of his systems were patched to the current patch levels, all anti-virus was up to date, and all 3rd party systems were also updated.  Being “green” was interpreted as “secure” – not only by this executive, but to those reporting to him. Little did he know that while he was having his weekly meeting with his IA staff... (more)

Effective Report Writing Applied to Cyber Security

In almost all professions, report writing is a requirement.  Typically, reports document the success and failures of a particular action. While it may not be your favorite part of the job, report writing does validate your work to the customer. In our profession, Cyber Security, we have the unique challenge of communicating highly technical information in a non-technical format, so that the impact of our efforts can be understood. Early in my career I hated writing reports.  Back then, I had a hard time understanding why reports were so important.  Little did I know that the cou... (more)

Why Trending Is Essential for Detection

Imagine for a second you have complete network and host activity trending data built in to your daily reporting and alert consoles that your analysts spend hours in front of. Suddenly one of your SQL servers attempts a GET request directly to an IP address on SSL port 443. Without that trending information of normal behavior of your server activity, how would you detect this? With trending information, your analysts immediately identify this as “out of the norm”, and begin their investigation into the "why". Trending - A way to increase your customer value, and find hidden gems. ... (more)

Cyber Threat Analysis Not Just for the Military

"Cyber Threat Analysis" is the practice of effectively fusing knowledge of an organizations network vulnerabilities, both internal and external (including essential IT systems), and matching these against actual cyberattacks and threats seen out in the wild.  The output of this fused analysis is an advanced defensive detection mechanism with a final goal of enhancing the defensive posture of the network against real cyber threats. Security Intelligence We at Cyber Squared refer to this as "Security Intelligence".  Security Intelligence transitions our clients from a state of react... (more)