In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protection…
In recently released Update 1 for InTrust 11.4.1 there is a hidden gem – Suspicious process was started rule, it allows detection of hidden steps that ransomware and malware would do to achieve persistence, hide their tracks and disable protection…
In my previous blog post, I talked about different approaches you can take to identify insider threats in your Windows environment with user behavior analytics — a rule-based vs. pattern-based approach. Specifically, why pattern-based detection has advantages…
Step 1: Implement user threat detection. Step 2: Have a glass of wine.
In my previous blog posts, I talked about pattern-based vs. rules-based user behavior analytics (UEBA), modeling user activity to build behavioral baselines, and the advantages of…
In my previous blog post, I talked about user behaviors that you want to model in order to capture a wide array of anomalies as well as how to use them to detect patterns of suspicious user activity.
But what is User Entity Behavior Analytics (UEBA)…
If you’ve connected to headline news in any way - watch, listen, or read - since last Friday then you must have heard about the massive cyber-attack - WannaCry – a ransomware attack on Microsoft Windows operating systems that have infected more…