SecEng Newsletter #1
Welcome to Issue #1 of the Security Engineering Newsletter.
- Andrew
This article is the first in a series I am writing about SecOps alert enrichment. Recent related alerts is a great enrichment to add to your alerts because it harnesses the information of your past investigations. Every time you add notes to an alert on what happened and why, this enrichment becomes even more useful since it can potentially use that information in the future.
This post from Michael Lyborg at Swimlane goes into how and why you should be tracking and reporting security metrics. I agree that this is an important area to focus in and that automation can certainly help. I would even suggest that teams try to send out a brief version of metrics weekly and then do the deeper dive monthly. It's also crucial that individuals on the team receive the metrics reports and are not left in the dark. If your MTTD/MTTR is really bad, then everyone should be aware and empowered to help fix it.
Sublime Security released a new detection rule for callback phishing via text file attachment, with a large number of recipients that are unknown to the organization, and a short body and subject from an unknown sender.
My brain totally wants this to say "Short Email" but it is actually "Short 'Em All", a Python-based tool that automates the process of scanning hidden content of Short URLs.
An interesting article from Robert Lemos at Dark Reading about the companies that are trying to tackle asking hard questions about our environments using generative AI. One of the examples from the article asks, what if we could just ask AI "what are all the machines I have that have this specific package of xz
on them"? I am skeptical that using generative AI is a requisite part of answering that question. I am also wary of using it to perform any kind of automated decisioning in its current state. Things are moving at an incredible pace, so I am open to have my mind changed about this 😺
John Levine owns a huge content farm of pages where companies' spiders/crawlers will routinely get stuck. For instance, he had to find a contact at Amazon to get theirs unstuck recently. Now that OpenAI's crawler is stuck, he is trying to find a contact there. 🕷️
Not necessarily related to SecEng – Joe Sullivan's keynote from Black Hat Europe 2023 is definitely worth a watch if you haven't seen it.
Thank you for reading this week's issue, and see you next week!
Discussion