How to Avoid Wasting Time on False Positives

by Carl Manion
Managing Principal, Raytheon Foreground Security

False positives. Those annoying notifications that make you panic at first, but after further investigation, turn out to be nothing to worry about. At first, they may seem like a minor inconvenience, but what happens when you have hundreds—or even thousands—of them occurring every day and you find yourself wasting 75 percent (or more) of your time?


Detecting the Neutrino Exploit Kit

Bill Miskimen
Sr. Security Analyst

The Neutrino Exploit Kit has made several changes in technique and delivery over the past few years. These changes in techniques, combined with the demise of hugely popular Angler Exploit Kit, have helped Neutrino become one of the most used Exploit Kits on the market today. The group behind Neutrino appears to be updating its exploitation techniques and payloads on almost a monthly basis, if not every few weeks. In this article, we'll look into how the Neutrino Exploit Kit works and some good ways to detect it. We’ll review some high-level details around the kit itself and how front-line defenders can rapidly, easily, and accurately identify Neutrino activity in an enterprise environment – all without needing to understand complex underlying details like compressed flash objects, where coffee comes from, and whether or not the Internet truly is housed in a black box at the top of Big Ben. After reading this, analysts should be able to look at an unlabeled packet capture of reasonable size and quickly identify if any Neutrino activity is present, whether it was successful, and provide a walkthrough/timeline of events around the malicious activity in question.


The Top 5 Things to Look for in an MSSP: Don't settle for just 24/7 monitoring

Lainie Vande Woude
Director of Sales, MidAtlantic Region

Today’s businesses face a rapidly evolving security environment. This ever-shifting landscape requires businesses to reconsider how they protect themselves. For many businesses, partnering with a Managed Security Services Provider (MSSP) makes sense from the perspective of cost, capabilities, and resources. However, not all MSSPs are created equal.


Three Proven Techniques for Detecting Targeted Attacks

by Carl Manion, Managing Principal

Thanks to extensive media coverage of the numerous cyber security breaches over the past several years, most organizations are generally aware of the risk they face due to advanced persistent threats (APTs) and highly skilled cyber criminals. They understand that well-coordinated APT campaigns do, in fact, exist and can result in significant adverse impacts on their business through theft of data or intellectual property; damage to their business reputation or image; and/or sabotage to their critical business systems and networks. As a result, many have invested in implementing multiple layers of defense, including expensive Intrusion Detection and Prevention Systems (IDS/IPS) and Security Information and Event Management (SIEM) solutions.  But, they’re still getting breached and their signature-based defensive stacks are bypassed time and time again.


Black Hat USA 2016

Black Hat 2016 is right around the corner and RFS is prepared to take  Vegas by storm! 

You’ll want to make sure and stop by Booth #1132 and meet the cyber security experts from Raytheon Foreground Security.  We have an exciting schedule of events planned to help you learn more about Proactive Threat Hunting – a unique service that provides reduced variances in threat hunting results; efficiencies of implementing a threat hunting capability; and, improved overall maturity of security operations process.