About Lauren Pearce
Lauren serves as the Director of Incident Response and Forensics at [redacted] where she’s frequently found on the front lines, leading incident response efforts on behalf of clients. Prior to joining [redacted], Lauren worked at Los Alamos National Laboratory where she specialized in malware analysis as a member and occasional leader of the incident response team. She enjoys teaching technical content and has experience teaching malware analysis to students ranging from private sector managers to US military and everything in between. She holds a BS and MS in Computer Criminology - Computer Science and a BA in International Affairs, all from Florida State University.
Latest from Lauren
Ransomware is one of the greatest threats facing modern networks and it is tearing through the small to medium businesses. This blog post will address detecting ransomware in a vendor neutral format. Most of the detections discussed can be implemented with tools ranging from the most sophisticated XDR to a combination of Sysmon and Elastic Stack. A Quick Note on Live off the Land Detection Once inside a network, attackers may leverage systems administration tools already present in a tactic known as “living off the land”.
What is Defense in Depth? Simply put, defense in depth is the use of layers of security controls to protect a network. The best defense is a multi-pronged, layered defense, both on the physical battlefield and in the digital world. Cyber attackers have your business or organization under the microscope, waiting for a misstep or an easy access point to maximum damage. To get ahead of these potential threats, you need defense in depth (DiD).
When your critical data is under attack, you don’t have time to waste. Incident response helps you respond effectively, and understanding the lifecycle is vital to a powerful defense. Formulating an incident response plan can be the difference between a quick resolution and significant financial consequences for your business in the event of a cyberattack. While you can start with the Cybersecurity and Infrastructure Security Agency (CISA)’s quickstart guide to incident response plans, we’ve created a complete explanation below.
Incident response focuses on how organizations deal with data breaches. Cybersecurity incident response plans work to minimize damage to systems and data in the event of a cyber attack, data breach, or outage. Having an effective incident response program is crucial for any organization to recover with minimal disruption in the event of an incident. Learn more about incident response and how to create an incident response plan. What Is Incident Response?
When it comes to cybersecurity, it’s important to understand the tools, techniques, and thought processes of threat actors. Once adversaries have initial access to a network, lateral movement allows them to extend access and maintain persistence by compromising additional hosts in the network of their target organization. Threat actors can gather information about the company’s user activity and credentials, location of important data, and leverage methods for escalating privilege to successfully complete their attack, theft or espionage activities.
Earlier this year, [redacted] encountered a relatively new ransomware threat actor that called themselves BianLian. We observed the actor deploying custom malware that was written in the Go programming language, which posed some initial, but not insurmountable, reverse-engineering challenges. BianLian used subtle techniques to exploit, enumerate, and move laterally in victim networks to remain undetected and aggressively worked to counter Endpoint Detection & Response (EDR) protections during the encryption phase of their operations.