Featured Posts

An alert touches multiple segments of the network, representing the challenge to reduce false positives
Deep Network Observability

How to Reduce False Positives with Shared Context

False positives are rarely caused by too many alerts, but by missing context. Let’s say a spike in outbound traffic shows up in the firewall logs. Around the same time, ...

Read More
Magnifying glass on top of a diagram that looks like both a fingerprint and a network, representing end-to-end network troubleshooting
Network Operations

Why Most Performance Investigations Start in the Wrong Place

A padlock silhouetted against a dark background, surrounded by a spray of white particles, representing password spraying detection.
Security Operations

What Password Spraying Looks Like in Raw Network Telemetry

All Posts

Network Operations

Network Incident Response System

The network incident response system is a subset of the overall network management effort. Specifically, it addresses the word

Read More
Network Operations

Building your incident response team

What do you normally do when you find an infected machine on the network? if you don’t have a

Read More
Security Operations

Layered security approach (is only as good as ….)

A layered security approach for detecting malware cyber-attacks is the current “go-to” way to defend both network perimeters and

Read More
Security Operations

Malware Incident Response Webcast

We will be presenting on the topic of Malware Incident Response jointly with guest speaker Sean Bodmer. During the

Read More
Security Operations

Malware Incident Response Plan : Detrimental 5

When I was studying at the University, every floor of every dorm had a fire extinguisher. I sort of

Read More