×
16
Mar

Using Your Data to Detect Compromise

By Ryan Butterworth and Bob Slapnik It’s become common knowledge that threat detection based on signatures, file checksums and blacklisted URLs doesn’t cut it. Security professionals are increasingly realizing there are better ways to detect the presence of attackers that go beyond malware. In this blog, we will illustrate in layman’s terms an effective technique to find exploitation events in

Read More

9
Mar

Third-Generation Threat Detection: Beyond Malware with Knowledge Maps

This blog gives a quick review of 1st and 2nd generation threat detection approaches and introduces the new, 3rd generation. First-Generation Detection: Signature-based IDS and AV Network-based intrusion detection systems and host-based antivirus rely on signatures to detect malware. IDS and AV fail to detect new threats because detection requires prior knowledge of the malware. IDS and AV are easily

Read More

23
Feb

Malware-less Attacks: Real Threats That IDS and AV Will Never See

“Malware-less” typically means the attacker uses whitelisted tools or stolen credentials and doesn’t require exploits or rootkits to maintain remote access. This is an agreeable definition. Traditional security products such as IDS or AV would not detect such an attack. There is considerable debate about what code is considered to be malware or not malware. On one hand, people say

Read More

16
Feb

Investigation of Attack Chain Timelines

Time is an important concept when doing a forensics investigation into the root cause of an attack. Events that occur near one another are often related. A successful exploit may crash a web browser, leaving behind a timestamped crashdump file. If the exploit payload downloads and installs a remote access tool, this exe will have a creation time shortly after

Read More

24
Jan

User Behavior Analytics to Detect Compromise

“I could solve most of our security problems by getting rid of users.” Have you ever had this thought? Sorry to say it, but users are here to stay and they will continue to do dumb things like click on malicious links and open weaponized documents. Exploitation and compromise will continue, and security pros are left with the necessary task

Read More

28
Dec

Why Threat Hunting is Necessary

Not much has changed in the cyber security industry since the days of signature-based antivirus and network intrusions systems; signatures require prior knowledge of the threat, and if the threat is seen again it is blocked.

13
Dec

Modern Anti-Virus and Endpoint Visibility

Arguably, endpoint security is the responsibility of the operating system. For example, Microsoft Windows has and auditing built in – if you know how to configure it. Yet, most enterprises don’t use it effectively or even implement a practice of least-privilege.

3
Oct

Outlier Security receives 5 Stars from SC Magazine

SC Magazine

9
Aug

Guidance Software Enriches Professional Services Offering with Outlier Security Partnership

Business Wire

13
Jun

Outlier appears in Network World New Products of the Week

Network World