danbrown

Let's face it. The information security industry loves a new acronym. For industry long-timers, a new acronym might be just the latest reason for an eye roll. For folks new to the field, it can be ver[…]

My last blog post discussed the rationale for CrowdScore® and outlined its evidence-weighting approach, demonstrating a 10- to 25-fold improvement in the ability to accurately distinguish between mali[…]

Sometimes we humans are faced with problems so pervasive and persistent that it is difficult to even recognize them as problems. We assume the situation cannot be improved and simply fail to seek a re[…]

What in the world does stopping breaches have to do with Formula One™ racing? Quite a bit, actually. As a long time follower of Formula 1™ racing, I am excited by CrowdStrike's partnership with Merced[…]

Following the MITRE ATT&CK™ Evaluation of endpoint detection and response (EDR) solutions, I've heard a lot of confusion surrounding the various terms MITRE used, particularly the terms "detections,” […]

Event Stream Processing (ESP) has been a central component of CrowdStrike Falcon®’s IOA approach since CrowdStrike's inception. In this post we'll take a closer look at ESP — along with its utility an[…]

Recent reports of SCADA/ICS proof-of-concept ransomware have spurred fresh discussion on the topic. Few threats exceed the level of concern that ransomware generates in the minds of corporations. Ther[…]

It can be difficult to distinguish between “next-generation” endpoint security solutions currently available. Usually the technology lags marketing by a significant margin, and the marketing mostly so[…]

I ran across a couple of blog posts recently that were espousing the virtues of memory forensics. Having developed a framework very similar to Volatility from the ground up under a government contract[…]