SaaS attack technique matrix Permalink

Inspired by MITRE ATT&CK, the good folks at Push Security have taken a pass at enumerating attack techniques specific to Software-as-a-Service (SaaS) applications.

ATT&CK is a great and robust framework, and I love to see it adapted to capture techniques and tactics for different types of systems.

Left and Right of Boom (by Tim MalcomVetter) Permalink

Prevention is just detection with an action at the end.

-Casey Smith (subTee)

In security operations, or any harm prevention discipline, speed is really important. The faster you can find the bad thing, the better your chances of rolling over a proverbial speed bump vs. hitting a brick wall.

But speed can work against you: Move too fast, and you run a very real risk of responding decisively to the wrong things. False positives are never ideal, but can be made far worse when you take disruptive action on them.

A couple of the concepts I’d take away from this article:

• Time to Detect, noting the important relationship between prevention detection: Prevention only exists where there is highly accurate and fast detection.
• Time to Verdict, which is a great way to think about triage: The goal isn’t to triage faster, it’s to triage as fast as you can make good decisions.

Cyber Defense Matrix slide template Permalink

I’ve made 100 variations of Sounil Yu’s venerable Cyber Defense Matrix for workshops, presentations, and planning over the years. Here’s the Google Slides template that I use to save time. May it save you time as well.