Many of you may have heard the old adage “prevention is ideal, but detection is a must.” For the detection piece in this blue team series I decided to focus on endpoints specifically. I know this does not cover everything, especially those of you who are responsible for protecting things you can’t just slap an AV or agent on (sorry ICS folks). I also find endpoint detection to be more straight-forward than network detection if you are starting from scratch. If you remember the pyramid model from my last post, two of the bottom tiers asked the questions: “Do you…


So you’ve setup your SIEM, you got that “next-gen” AV finally deployed and you even convinced management to procure a DLP solution- props to you. You feel confident about your defense-in-depth and you’ve hit most of the CIS 20 security controls right on the head. So now what? Sit back, relax and watch those Splunk alerts kick off every time your sysadmin uses psexec on their workstation. No hacker is gonna get past you now right? …

Dylan

Blue Teamer, IT, Infosec

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store