danbrown
XDR: A New Vision for InfoSec’s Ongoing Problems
Let's face it. The information security industry loves a new acronym. For industry long-timers, a new acronym might be just the latest reason for an eye roll. For folks new to the field, it can be ver[…]
Is Measurable Security Possible?
My last blog post discussed the rationale for CrowdScore® and outlined its evidence-weighting approach, demonstrating a 10- to 25-fold improvement in the ability to accurately distinguish between mali[…]
Noise Is the Problem — CrowdScore Is the Solution
Sometimes we humans are faced with problems so pervasive and persistent that it is difficult to even recognize them as problems. We assume the situation cannot be improved and simply fail to seek a re[…]
Formula 1 Racing and Stopping Breaches
What in the world does stopping breaches have to do with Formula One™ racing? Quite a bit, actually. As a long time follower of Formula 1™ racing, I am excited by CrowdStrike's partnership with Merced[…]
MITRE ATT&CK: Why Detections and Tainted Telemetry are Required for an Effective EDR Solution
Following the MITRE ATT&CK™ Evaluation of endpoint detection and response (EDR) solutions, I've heard a lot of confusion surrounding the various terms MITRE used, particularly the terms "detections,” […]
Understanding Indicators of Attack (IOAs): The Power of Event Stream Processing in CrowdStrike Falcon®
Event Stream Processing (ESP) has been a central component of CrowdStrike Falcon®’s IOA approach since CrowdStrike's inception. In this post we'll take a closer look at ESP — along with its utility an[…]
The Economics of Ransomware: How SCADA/ICS Changes the Equation
Recent reports of SCADA/ICS proof-of-concept ransomware have spurred fresh discussion on the topic. Few threats exceed the level of concern that ransomware generates in the minds of corporations. Ther[…]
What Sets Falcon Apart: Intelligent Host Sensors
It can be difficult to distinguish between “next-generation” endpoint security solutions currently available. Usually the technology lags marketing by a significant margin, and the marketing mostly so[…]
Nothing else is working. Why not memory forensics?
I ran across a couple of blog posts recently that were espousing the virtues of memory forensics. Having developed a framework very similar to Volatility from the ground up under a government contract[…]