AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

How to

  • 6 min read

How to find anomalous process relationships in threat hunting

Finding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.

  • 5 min read

This is how you should be thinking about cloud security

Your IT team isn’t racking and stacking servers like they used to, but cracking the cloud security code is easier than you think. Get our pro tips for doing just that.

  • 7 min read

How to choose the right security tech for threat hunting

How do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.

  • 4 min read

Does your MSSP or MDR provider know how to manage your signals?

How well is your MSSP or MDR going to manage your fleet of security signals over time? Here’s how to figure out whether they’re up for the challenge.

  • 7 min read

How to build a useful (and entertaining) threat emulation exercise for AWS

Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.

  • 6 min read

Five tips for improving your data ingestion and auditing process

You’re processing loads of data every day...but are you catching it all? Here are tips from our pros for rocking your data auditing.

  • 9 min read

12 ways to tell if your managed security provider won’t suck next year

How can you figure out if the quality of the service you’re about to sign up for will improve over time? Our COO Yanek Korff’s got some tips for making sure you choose a service that’ll last.

  • 8 min read

How to find Amazon S3 bucket misconfigurations and fix them ASAP

Why do Amazon S3 bucket breaches happen and how can you protect your own org from making this mistake? We’ve got all the AWS pro tips for you in our latest post.

  • 6 min read

Evaluating GreyNoise: what you need to know and how it can help you

We use technologies behind the scenes to make Expel Workbench and our analysts more efficient. GreyNoise is one of those -- here's how we use it and why you might find it useful too.

  • 9 min read

12 revealing questions to ask when evaluating an MSSP or MDR vendor

We’ve heard lots of interesting Qs as prospective customers evaluate which solution's right for them... here are the 12 you should be asking.

  • 9 min read

Seven ways to spot a business email compromise in Office 365

As attackers behind BEC attacks find ever more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.

  • 8 min read

Why we love threat emulation exercises (and how to get started with one of your own)

If your team doesn’t have lots of incident response practice under their belt (yet!), a threat emulation exercise is the perfect way to help them flex those response muscles and improve your collective skills.

  • 4 min read

How to start a cybersecurity program (or restart one that lapsed)

If you're left holding the hot potato of a legacy lackluster security program, or are suddenly forced to protect your org and its data with less, here are a few quick steps to take to get cybersecurity efforts back on track.

  • 3 min read

Three tips for getting started with cloud application security

If you're feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.

  • 3 min read

Office 365 security best practices: five things to do right now to keep attackers out

Figuring out how to protect your SaaS infrastructure like Office 365 -- especially if you’re newer to cloud -- can feel overwhelming. So here are five Office 365 security best practices to check out right now.

  • 6 min read

How to get the most out of your upcoming SOC tour: making your provider uncomfortable

Seven smart ways to prepare for a tour of a security operations center (SOC) and five clues to watch out for during your visit.

Cloud security
  • 7 min read

Getting a grip on your cloud security strategy

Understanding how to think about cloud security differently is half the battle. We've thought a lot about it, and we’ve identified three key points that should inform your cloud strategy.

  • 2 min read

Oh Noes! A new approach to IR tabletop exercises

Oh Noes! is a role-playing game designed to help you and your organization become better prepared to respond to cybersecurity incidents.

  • 4 min read

Five quick checks to prevent attackers from weaponizing your website

Here are some of the most frequent ways attackers can use your website and your web presence to harm your company, your users and the public at large.

  • 5 min read

How to hunt for reconnaissance

Use the hunting process to find attackers performing reconnaissance, through actions that aren’t things most users typically do, in your system.

third party assessment
  • 12 min read

A common sense approach for assessing third-party risk

Let us walk you through our third-party assessment process. We think it's lightweight but still achieves the objective - determining if a vendor can be trusted.

  • 7 min read

Lessons learned from a CISO’s first 100 days

In this guest post, Amanda Fennell, CSO at Relativity reflects on what she’s learned.

  • 9 min read

A beginner’s guide to getting started in cybersecurity

Our list of five things you can do to take the first steps to an entry-level technical cybersecurity career.

  • 8 min read

How to get started with the NIST Cybersecurity Framework (CSF)

We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out.

  • 9 min read

What “I Love Lucy” teaches us about SOC performance

A little nerdy (and a lot math-y) post to help you better understand your SOC's systems, so you know how changes will impact its operation. If you’re wondering what “I Love Lucy” has to do with this then read on.

  • 7 min read

How much does it cost to build a 24x7 SOC?

Not all 24x7 SOCs are created equal. To figure out how much it costs to go 24x7, you have to first figure out what kind of SOC you’re trying to build. We outline four possible security operations centers and an estimate of your costs.

resilience
  • 3 min read

How to disrupt attackers and enable defenders using resilience

So… what is resilience? We’ll cover that and also how it works in this post. We’ve even thrown in a couple examples to get you started.

  • 9 min read

From webshell weak signals to meaningful alert in four steps

Walk through a practical example of how you can make a weak signal actionable by combining events from your endpoint and network security technologies into one meaningful alert.

  • 8 min read

How to triage Windows endpoints by asking the right questions

The three parts of the investigative mindset and how to apply them when you triage endpoint alerts.

Back To Top