Brad Garnett

Welcome to my Digital Forensics and Incident Response oasis!

Digital Forensics, Incident Response, and Information Security

Filtering by Tag: Incident Response

Cisco Talos Roundtable: Should governments pay extortion payments after a ransomware attack?

Recently, I participated in a roundtable discussion with Cisco Talos…

In May, the city of Baltimore suffered a massive ransomware attack that took many of its systems down for weeks — restricting employees’ access to email, closing online payment portals and even preventing parking enforcement officials from writing parking tickets. After the attack, the city’s mayor said several times the city would not be paying the extortion request, but it’s still expected to cost the city more than $10 million to recover.

Continue reading

Compromise Assessment vs Threat Hunting

While table top exercises are always a hot commodity for our customers, proactive threat hunting and compromise assessments are becoming increasingly popular through our Cisco Incident Response Readiness & Retainer service. Whether your organization has recently gone through a merger or acquisition, or are in the later stages of your incident response evolution and maturity, finding out what you don’t know (and what your security platforms aren’t telling you) about your network can be a integral part of your organization’s incident response maturity and capability.


Continue Reading

The Power of Logging in Incident Response

A deep dive into logging as an often-overlooked but powerful tool for incident detection and response

“Lack of instrumentation or insufficient logging” is often a phrase used on incident response reports. During incident response activities, this isn’t a phrase you want to see, since lack of logging inhibits your organization’s ability to conclusively determine root cause analysis.

[continue reading...]