Blue Team Alpha Insights

The Blog

Home » Blog

Sonya Z. Meline Joins Blue Team Alpha as Vice President of Business Development

FOR IMMEDIATE RELEASE St. Paul, Minn. – Meline is a veteran of the U.S. Navy J.A.G. Corps and has 18 years of executive leadership experience. She was the Chief Information Officer for a national technology advisory firm with more than 3,500 clients around the world. Meline has a proven track record of launching startups to profitability and increasing revenue for national managed service providers. Her successes include improving operational efficiency and implementing new channel business models, resulting in annual recurring revenue increases of millions of dollars year-over-year. Prior to joining Blue Team Alpha, Meline was the Chief Information Officer at

Crush a Cyberattack: A Frontline Incident Response Team is Crucial

When your house is on fire, who do you call first? At Blue Team Alpha, we like to use the analogy of a house fire when talking about cyberattacks. When your house is on fire, you don’t look up your insurance company and wait for them to dispatch someone. You just call 911 and get the fire department. The same should be true for cyber incidents. The longer an incident goes without containment, the worse it becomes and the harder it is to recover. Insurance companies typically take days to respond to a client, and the company picked by insurance

7 Steps to Security Success: Simplify Cyber Assessment Prep

Preparing for a cybersecurity assessment is essential in protecting your organization from potential cyberthreats. In this blog post, we will discuss the steps you can take to prepare for a cybersecurity assessment. Step 1: Identify Your Assets The first step in preparing for a cybersecurity assessment is identifying your assets. This includes all hardware, software, and data that your organization uses. Make a list of all your assets and classify them according to their criticality and sensitivity. This will help you prioritize your efforts and allocate your resources accordingly. Step 2: Determine Your Risks Once you have identified your assets,

A person planning a budget using a calculator.

Planning and Spending a Cybersecurity Budget in 2023

Key factors to consider when planning a cybersecurity budget Every business has a basic group of factors to consider when determining its cybersecurity budget: Critical business functions What are your business’s top priorities? Determining these functions based on the level of risk and potential impact on the organization allows for proper prioritization of security investments. Often, cybersecurity receives fewer funds than other departments, and a reallocation of funds might be prudent. Consider what has a greater impact: being down for a week, unable to generate revenue, or not having a certain amount of money for a specific department? The threat

What is Penetration Testing?

Penetration testing, or pen testing, is a realistic cyberattack simulation by an ethical hacker to assess the security of computer systems, networks or web applications. Organizations use this technique to identify and verify system vulnerabilities and determine whether their security controls work effectively. Penetration testing involves a series of steps designed to simulate a modern attack behavior. The process starts with target reconnaissance and system mapping, followed by vulnerability scanning, and finally, exploitation and post-exploitation activities. The primary goal of penetration testing is to identify system weaknesses attackers are most likely to exploit to gain unauthorized access or cause damage.

Banks Beware: Battling the Booming Ransomware Business

Ransomware attacks have been on the rise in the financial services industry, with more and more hackers using the ransomware-as-a-service model to carry out their attacks. With the threat landscape for banks and other financial services being in a constant state of flux, it’s essential to take proactive steps to protect against these attacks. There are no silver bullets in security, and the journey to a well-oiled cybersecurity program is a long one, but there are some basics to put in place to ensure you are building a solid foundation that you can continue to improve upon over time. [1] Train

The Effect of ChatGPT on the Information Security Community

What makes ChatGPT revolutionary? Our team believes ChatGPT is the most significant step forward in the evolution of technology since Bitcoin. Let us take a look at a few basic questions: Why does computer science exist? Why do we even create technology and computing systems? It is because we are trying to make life better and more efficient. ChatGPT’s technology has been studied and tested for approximately five years. In December 2022, Open AI released ChatGPT for the public to use for free, and it became the fastest-growing app ever with over one million users in a week. ChatGPT uses

Six Things to Consider Before Buying or Building a SOC

Introduction In today’s digital age, cybersecurity threats have become increasingly sophisticated and businesses are constantly challenged to keep their data and systems secure. As a result, many organizations are considering investing in a security operations center (SOC) to enhance their cybersecurity posture. However, before jumping into buying a SOC, some important factors should be considered to ensure you make the best decision for your business. Business Objectives The first and foremost consideration should be your organization’s business objectives. Understanding why you need a SOC and how it aligns with your business goals is crucial. For instance, a SOC might be

10 Ways to Secure Your Network and Prepare For an Attack

Password management Strong passwords are crucial when it comes to network protection. Attackers frequently try to steal employee credentials or use leaked passwords found on the dark web to gain network access. Companies should require employees to use strong and complex passwords or passphrases with capital letters, numbers, and special characters because they are much harder to crack with brute force. Using a different password for each system decreases the likelihood of attackers successfully reusing leaked passwords or stolen credentials. Using a password manager is a great way to keep track of your different passwords. Multifactor Authentication (MFA) Multifactor authentication

Why Incident Response Experience Makes for Great Pen Testing

Cybersecurity incidents provide responders with valuable cybercrime threat intelligence. Unlike penetration (pen) testers who only do testing, testers with incident response experience are familiar with trending attack tactics, and this real-world experience is invaluable. Traditionally, incident response and penetration testing utilize two different skill sets. Typically, cyber experts specialize in either red team (role of the attacker) or blue team (role of the defender). Purple team (people who can do both) are rare and very special. Think of it like chess: those who can see both sides of the board can anticipate the next move. They know where their opponent

Why Cyber Criminals Love the Holidays and What to do About It

Why do attacks increase over the holidays? In a joint cybersecurity advisory, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) warn that cyberattacks increase significantly during the holidays and encourage businesses to be aware of the heightened risks and be vigilant with network defenses. Like weekends, cybercriminals target the US specifically during holidays because it’s a busy time of year and employees are often distracted, leaving companies vulnerable to attack. With business slowing, people on vacation and kids out of school, it’s not surprising that employees across the board pay less attention to security. Threat actors know this and aim to

ProxyNotShell Advisory – Microsoft Exchange Zero-day Vulnerabilities

Executive summary On September 30th, 2022, GTSC, a Vietnamese cybersecurity company, released a warning stating, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” This vulnerability would allow attackers to formulate a specially crafted HTTP request to the on-prem exchange server over port 443, enabling the attacker to execute malicious remote code on the system as the “SYSTEM” user. Microsoft confirmed both zero-day vulnerabilities late the evening of September 29, 2022 and said they were aware of “limited, targeted attacks using the two vulnerabilities to get into

Bi-annual State of Ransomware

Ransomware in the first half of 2022 Compared to 2021, the amount of publicly reported ransomware attacks has increased across most months according to BlackFog’s 2022 state of ransomware report. These numbers are significantly higher than in 2020 and could be a result of the specific sectors being attacked. Certain industries, like education and government, don’t have the luxury to pause operations, and are sometimes have no choice but to pay ransoms if they don’t have proper data backups. In addition, industries like technology and healthcare are seeing a rise in ransomware attacks, likely due to the sensitive nature of

The Zero Trust Model

What is zero trust? Zero trust (ZT) is a security model wherein nothing is trusted; all users must be authenticated at each log-in to ensure their legitimacy. Full zero trust should be employed across every part of the infrastructure, endpoints, and stacks for services that a company runs. Consider a standard website with databases—each individual server or service by default does not trust anyone or anything. To be trusted, you need to be completely verified and identifiable. Another element of zero trust involves least privileged access, which is only giving access on a need-to-know basis to reduce a user’s digital

What Should Financial Institutions Know About LockBit 3.0?

Who is LockBit? LockBit is a multimillion-dollar ransomware group that offers ransomware as a service. It treats ransomware as a business and even has affiliate marketing, bug bounty, and HR programs. Using its revenue, it hires individuals to write its ransomware software. LockBit is one of the most active ransomware groups. At LockBit, “employees” do not execute the initial exploit themselves; instead, they place ads on the dark web to offer initial access. In these ads, LockBit states it will provide everything you need to deploy ransomware, and then splits the ransom profits with the threat actor. LockBit 3.0 This

SOC 2® Assessment: Type 1 vs. Type 2 and Why a Company Should Have One

SOC 2 Type 1 and Type 2 Commonalities A SOC 2 – Type 1 and SOC 2 – Type 2 Report have many things in common – system description, management’s assertion, and a description of controls as they relate to the Trust Service Criteria. Both reports analyze and report on the design and implementation of the system description and the suitability of control design. The differentiator between the two reports is operating effectiveness. What are Controls in a SOC 2 Assessment? “Controls operating effectively provide reasonable assurance of achieving the service organization’s service commitments and system requirements based on the

Penetration Testing: What is it? How is it Priced?

Penetration (pen) testing is a method of testing network or application security. Executed by a third-party service, experienced testers attempt to access a network utilizing the same tools and attack vectors as threat actors to identify any gaps in a company’s cyber defenses. Their findings are then reported back to the company in detail. Types of Penetration Testing Internal This type of pen testing focuses on assessing any internal network weaknesses. One kind of internal pen testing is blackbox testing. This is when a company provides the pen tester an IP address. They attempt to use that address to gain

Manufacturing’s Biggest Cybersecurity Issues

Manufacturing has several unique problems when it comes to cybersecurity and the threat landscape, namely a distinct lack of funding and personnel that contributes to an excess of vulnerable, outdated legacy systems. The Manufacturing Industry’s Biggest Security Problems Downtime As an industry, manufacturing is acutely vulnerable to downtime. While some industries can somewhat work around network downtime, those in manufacturing cannot because they rely on these networks to operate their machines. No working machines cause a hard, immediate stop to operations. This halt in operations then creates a heightened sense of urgency to resolve the issue. Unfortunately, this degree of

Red Team Vs. Blue Team: Differences and Benefits

Red team vs. blue team exercises are a valuable learning tool for security teams. In these scenarios, the red team simulates an attack that the blue team needs to defend against. By doing this, the blue team has the opportunity to test their skills in an active environment and better prepare for real attacks. What is the Red Team? The red team is a group of individuals experienced in penetration testing and vulnerability scanning that are tasked with simulating a cyber attack. By utilizing the same tools, techniques, and tactics that criminals use, these team members can launch a highly

U.S. Passes Two New Cybersecurity Bills Into Law

On Tuesday June 21, 2022, President Biden signed two cybersecurity bills into law. This was a bipartisan effort, with approval from both Democratic and Republican senators and representatives, which shows the importance of improving the United States’ cybersecurity strategies. These new laws are the Federal Rotational Cyber Workforce Program Act of 2021 and the State and Local Government Cyber Security Act of 2021, per a White House press release. Federal Rotational Cyber Workforce Program Act of 2021 The Federal Rotation Cyber Workforce Program (bill S. 1097) establishes a rotational cyber workforce program within the Federal Cyber Workforce Strategy, under which

More Blue Team Alpha Options