1. The knowledge Gap

    Knowledge Gap Impact with Deception Defenses

    Doron Kolton |

    Capture the flag exercises show how quickly attackers can learn a new network environment to reduce their noise levels and evade detection. This puts pressure on detection defenses in the first few hours or days when attackers are likely to be noisier. This concept is known as the ‘knowledge ga … READ MORE

  2. DNS plumbing leak

    Is Your Network's DNS Plumbing Leaky?

    Introduction: As detection mechanisms grow more sophisticated, malware developers try new methods to evade. Recently, there has been a growing trend to exfiltrate data and issue commands to malware via the DNS protocol. DNS Command & Control and DNS exfiltration can be successful because DNS is … READ MORE

  3. People first approach to building a cybersecurity team

    The People-First Approach to Security Operations

    Kaustubh Jagtap |

    Security spending is on the rise and prioritized over other IT investments for 2018. A recent Tech Pro Research survey revealed 53 percent of respondents said security will be a top priority in their overall 2018 budget, which 39 percent expect to increase from 1-10 percent over 2017.1 These inc … READ MORE

  4. Olympic Destroyer Cyber Threat

    What Can We Learn from the Olympic Destroyer Malware?

    By now we are all aware of the commotion that ensued behind the scenes of the opening ceremonies of the Pyeongchang Olympics. Organizers have indeed confirmed an attack on non-critical computer systems. For approximately 12 hours on Friday the Olympic networks were down due to the attacks. WiFi … READ MORE

  5. Fidelis Blog - Exploring X.509 Vulnerabilities and covert data exchanges

    Sometimes What’s Missing is Right in Front of Us, We Only Need to Look.

    Jason Reaves Chad Robertson |

    Introduction: Recent research conducted by our threat research team has identified a new method of covert channel data exchange using a well-known and widely implemented public key certificates standard (X.509) utilized in both TLS and SSL cryptographic internet protocol implementations. While c … READ MORE

  6. Fidelis Blog: Using Network and Application Breadcrumbs for Intelligent Deception

    Using Network & Application Breadcrumbs For Intelligent Deception

    Doron Kolton |

    Intelligent deception technology exploits the need of an attacker to discover as much as they can about where they are in the organization’s network immediately post compromise. This is a process not a single event. We have covered active directory and credential breadcrumbs,and file and data … READ MORE

  7. Using File and Data Breadcrumbs for Intelligent Deception

    Using File & Data Breadcrumbs For Intelligent Deception

    Doron Kolton |

    Cyber attacks are not single events, they’re processes. When attackers first access a network or endpoint, they don’t know where they are. So they carefully try to find out as much as possible about the organization. This is precisely the behavior that intelligent deception technology can exp … READ MORE

  8. 4 Kinds of Breadcrumbs In Intelligent Deception

    4 Kinds of Breadcrumbs In Intelligent Deception

    Doron Kolton |

    Cyber attacks are processes that compromise, spread and exploit multiple systems across an organization. They’re not single events. When attackers compromise an asset, they don’t know which asset is infected; they must determine where they are in the network, the network structure and where t … READ MORE

  9. Intelligent Deception Creates Evidence Of Credential & Connection To Lure Attackers To Decoys

    Intelligent Deception Creates Evidence Of Credential & Connection To Lure Attackers To Decoys

    Doron Kolton |

    To attract attackers, decoys are made to resemble the target systems as closely as possible. They have the look and feel of systems that an attacker seeks. Intelligent deception solutions actively lure attackers to the decoys once they have penetrated the perimeter. These lures, or breadcrumbs, e … READ MORE