SkyRadar Blog

As part of our ongoing series regarding how each part of an organization’s security stack helps the incident response and forensic teams perform their analysis, we are going to now discuss Office 365 logs and the details it captures as teams interact with services held there. 

This article explores incident response investigations using proxy logs to uncover security gaps in email filtering.

Malicious actors regardless of motivation, whether financial or hacktivism, tend to look for the path of least resistance. In many data breaches, when forensic teams investigate the root cause, they end up tracing it back to email as the initial vector of the breach, where it all began. The reason this turns out to be the most lucrative for all attackers is the fundamentals of human psychology.

The aviation sector plays a critical role in allowing people to travel domestically and globally. Millions of people rely on the safety, security and resilience of airlines, airports and the systems that support them.

When there is a limited visibility to a CSIRT team within a company, there is a restricted understanding of risk. This then has a major impact on trust, confidence, collaboration, and ultimately, budget and resource security.

This articles describes how to tailor threat intelligence for information systems requires a dual approach. CSIRTs must prioritize internal data collection while keeping a watchful eye on external sources. The article shows how automation through the right tools augments insights, emphasizing the critical role of tool selection for effective attack mitigation.

In an organization’s cyber security environment, problems change from week to week. Consequently, a constant strive to learn within the team is of utmost importance as new and exciting challenges need to be faced each week. Within this ever-evolving environment, it’s critical that a team should constantly be changing, evolving and learning in order to adopt the practice of continuous improvement towards improving the company’s security posture (Kaizen).

For organizations of all sizes, cyber attacks are not a matter of if, but when. Given that an organization is going to experience security incidents, attacks and even breaches, a cyber incident response team and plan is critical. 

As the cyber-threat landscape evolves and data breaches become more common, incident response becomes more critical than ever for any company. A CSIRT (Computer Security Incident Response Team) is a body of people assigned with the responsibility of responding to and minimizing the impact of any incidents that affect the organization. This team requires a strong and versatile leader.