Profile

Hi Scott, Thanks for sharing! How do you know if an email is compromised? Is it from leaking breach data report (e.g. haveibeenpwned) or is it from a phishing click report? This will slightly affect the prioritization of each task. Agree with the points you all have mentioned above. I would slightly ...

A great matrix, Kelly. I found this IR policy example is very informative as well: Incident Response Policy Example: cybersecurity ------------------------------ Peter luo DTonomy Inc pchluo@dtonomy.com ------------------------------

Agree with both Jesse and Alex's point on securing beyond vulnerability management. We need to monitor attacker-like behaviors within the environment. MITRE ATT&CK(MITRE ATT&CK®) is a good resource for learning. From a practical implementation point of view, typical EDR, NDR, Cloud misconfiguration ...

Hi Mike, What you are looking for is a security operation platform(vSOC) that consolidates siloed security findings/detections into one place for you to properly manage. BU's upcoming Security Camp will share their journey on the vSOC platform which you may find useful. A shameless plug of our ...

Do any of these IPs belong to your university? I have seen malware servers hosted at school. Besides putting them into the firewall, put them into IDS or SIEM for alerting purposes or threat hunting. Some organization does set an expiration period (typically 30 days) I have seen a few relevant ...

What is the risk associated with this user? Is it premium user risk and non-premium user risk? Based on different risk types, you may need to investigate differently. Without knowing the exact risk type, I do see a lot of unusual user login risks across different organizations, and are noisy, TBH. ...

We work with many security teams in HigherEd. We've seen these SIEMs used in different universities. - Splunk - ELK - Devo - Sumologic - Exabeam Some of them are known to be very expensive. Not everyone has a cloud solution. You can quickly try it out. Depends on your purpose. Are ...

Greetings! I am with DTonomy, an alternative SOAR platform with HigherEd focused. A couple of universities including public universities, private universities, and Ivy League universities have used DTonomy for many years. They are happy to share their experience with you. Reach out if you are ...

Great to meet many people in person in last week's Cybersecurity and Privacy Professionals Conference. I did not find a slack group for this community. Therefore, I create one here CyberSecPrivacy-EDUCAUSE. Let's join and share. If it is duplicated, please let me know.