Skip to main content
Gemma Moore 21 April, 2022

The Software Supply Chain

There are many different ways in which supply chain attacks can impact your cyber security resilience.  We all appreciate that third-party service providers may have access to physical premises, or to technical infrastructure, and that a compromise of these providers can grant that access to an attacker.  If you have smaller, or less-mature, suppliers in your supply chain, we know that they may have immature information security practices.  Because we think about these areas a lot, most businesses have pretty mature processes aimed at managing these risks in their supply chains.  
One area where we often see weakness in our customers, however, is in management of the software inventory and their software supply chain.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 4 February, 2022

Using Red Teaming to upskill detection and response teams

When we talk about red teaming, it's quite easy for people to understand the benefits of using attacker techniques in our approach when it comes to exploring a particular attack pathway and to see the benefits of identifying the chains of vulnerabilities that allow a compromise to happen.  Quite frequently, though, people underestimate how effective red teaming can be when it comes to upskilling detection and response teams. I'd like to give an example of how - run well - red teaming can be used to improve detection and response outcomes.  This is, of course, an anecdote, but it certainly gives an idea of how performance changes when teams are challenged in the right way.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 4 January, 2022

Using Red Teaming to validate the performance of an outsourced managed service provider

Red teaming can provide assurance within a wide range of business scenarios.  One interesting scenario we explored recently with a customer, a firm within the education sector, involved a situation where they had outsourced detection of security incidents to an external MSSP.  As a result of a governance audit, our customer needed to determine whether the detective and corrective capabilities of the managed security services and associated internal technical controls functioned as expected across several lesser-seen compromise scenarios.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Geoff Jones 16 March, 2021

EDR: Is It Worth It?

When working with smaller businesses, sometimes we’re asked whether Endpoint Detection and Response solutions are worth the money, over and above traditional anti-virus.  Much of the time, EDR is used in large enterprises in conjunction with a sizeable technical team of experienced professionals who engage in active response and threat hunting as their full-time job.  It can be difficult for smaller businesses to see where EDR might fit in.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Geoff Jones 29 May, 2019

BlueKeep: Perimeter Assessments Remain As Important As Ever

The basic security principle of keeping the attack surface as small as possible is still as important as ever, however you define your perimeter.  Keeping an eye on the attack surface of the network perimeter, is not an obsolete activity, it is as important today as it was twenty years ago.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Phil Wilcox 27 September, 2018

Microsoft Exchange Client Access Server Information Disclosure

If you manage Microsoft Exchange and OWA in your environment and you are undergoing an external penetration test or Cyber Essentials assessment, you will often be faced with the Client Access Server Information Disclosure vulnerability identified by Nessus (https://www.tenable.com/plugins/nessus/77026) or other vulnerability scanners.

Until recently, this vulnerability went unaddressed by Microsoft for versions of IIS after 6.0 and before 10.0. The majority of advice provided by online resources suggests applying the latest patches, but as patches don't exist for version 7.0 to 8.5, this isn't an option.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 17 February, 2017

After the storm

You’ve had an incident.  You’ve managed the fall-out, contained the outbreak and restored normal service.  Now is the time to sit down with your incident response teams, your operational teams and other stakeholders and work out how to prevent a recurrence.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 16 February, 2017

Enacting your response

Situational awareness throughout incident response activities is of paramount importance.  As activities are conducted, new information is likely to emerge.  New information may completely change the objectives of your exercise, and teams need to be in constant communication in order to coordinate activities.

Actions assigned to responders during an incident will be informed by the systems and data at risk, business continuity plans for these systems, and the objectives of the incident response exercise.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 15 February, 2017

Defining your objectives

You have an incident. You know you need to handle it. You’re under pressure, and your team is stressed.

This is often the most dangerous point in an incident response operation. Stressed people under pressure to respond quickly tend to make one of two mistakes...

Improve your security

Our experienced team will identify and address your most critical information security concerns.

Gemma Moore 14 February, 2017

Identifying the incident

At some point, your business is likely to have to deal with an incident.  When this happens, being able to accurately identify and classify the incident is key to responding effectively with the minimum impact to your BAU operations. Yesterday, we discussed how proper planning will help you get a robust incident response framework in place.  Today, we are going to look at the sorts of questions you need to ask yourselves in order to be able to identify and classify an incident, and hence tailor your response.

Improve your security

Our experienced team will identify and address your most critical information security concerns.

We'd like to use analytics cookies. These send information about how our site is used to a service called Google Analytics, via Google Tag Manager. We use this information to improve our site.

Let us know if this is OK. We'll use a cookie to save your choice. You can read more about our cookies before you choose.