1. MDR vs. MSSP: Which Solution is the Right Fit for Your Organization?

    Rae Jewell |

    Often, we hear the term “Security as a Service” and itends up gettinglots of words thrown in front of it like Managed Security ServiceProvider (MSSP).Buyers should be aware though, thatanMSSP is often not the same as a Managed Detection and Response Service. The two are very different and th … READ MORE

  2. Deception Deployment Strategies for the Real World

    Tom Clare |

    In nature, deception has been used as both a combat and defense tactic for millennia. The angler fish resides deep in the lightless sea and lures its unwitting prey towards it with an extended dorsal spine - which resembles a fishing pole tipped with a luminous bait. Cyber criminals have been usi … READ MORE

  3. Data Exfiltration in Government Organizations

    Sam Erdheim |

    It’s no secret that US Government Agencies are feeling the pressure – with relentless cyber-attacks – both nation state and otherwise, they are having to strengthen their security posture like never before – in fact, the Federal government has just awarded a $1billion contract to Booz All … READ MORE

  4. Responding to the Cyber Skills Drought with Automation

    Sam Erdheim |

    In our previous blog, Fidelis’ Director of MDR Services, Rae Jewell discussed how 24x7 managed detection and response can help organizations cope with the ever-present cyber-skills drought. This week, we’ll examine how technology that leverages automation can also help organizations address … READ MORE

  5. Responding to the Cyber Skills Drought: The MDR Solution

    Rae Jewell |

    If you ask a CISO today to name the biggest challenges of the job –9 times out of 10, the security skills gapis mentioned.It’s not a myth – the gap iscontinuing to widen and CISOs are feeling the pressure as cyber attacks grow in complexity and are testing enterprises now more than ever. I … READ MORE

  6. The DNA of Detection & Response

    Tom Clare |

    The migration from prevention to detection defenses is driving a new perspective on the DNA required to be successful. Decades of preventive defenses have ingrained concepts of sandboxing, crowd sourced visibility, cloud-based intelligence, and using machine learning anomaly detection to prevent … READ MORE

  7. Emotet Update

    Jason Reaves |

    Earlier this year the Fidelis Threat Research team detailed an update with Emotet involving the use of NetPass and string obfuscation which you can read about here(1). Recently I began researching an Emotet sample that appeared to have been updated yet again. Together with researchers from Flashp … READ MORE

  8. Hacker

    SKIDDIEs and PROs vs. Advanced Deception

    Yishai Gerstle |

    There are different types of hackers, each with their own characteristics, methods and goals. We can divide them into white hat & black hat categories, we can group them by their skills or by their goals. There are Pentesters, hackers for hire, hacktivists and espionage groups. Some hackers atta … READ MORE

  9. Insider Threats Seeking Privileged Access

    Insider Threats Seeking Privileged Access

    Tom Clare |

    Insider threats are often defined to include external attacks (i.e. phishing) compromising credentials for access to desired resources and data. While true insider only incidents account for less than 10%, adding in external attacks increases the incident percentage beyond 60% with some claims as … READ MORE