On December 13, 2020 FireEye released their research into the compromise of the SolarWinds Orion supply chain, resulting in the compromise of a significant number of organizations around the world.  Recommendations for incident response have been published by multiple entities with intimate knowledge of the situation, including FireEye, Microsoft, and the United States Department [...]

Remote Desktop Protocol, known as RDP, is a service built into Microsoft Windows operating systems that allows a user to connect to a remote computer over the network. This capability makes remote access and management of computer resources easier, which leads to efficiencies for IT staff. Unfortunately, RDP is also commonly leveraged by criminals [...]

Lexico vs. Ransomware Soteria recently has received urgent incident response requests from clients who had been hit with ryuk, banta, and, phobos ransomware. One of these clients had several systems already in the process of being encrypted when security professionals discovered the outbreak. After initial meetings and contracts were signed, through our Lexico [...]

The Challenge of Detector Management Security operations and monitoring teams face a variety of challenges: the rapid evolution of adversarial tradecraft, poor detector documentation, lack of detector version control, poor detection methodology, lack of testing procedures, and change control processes that are slow and time consuming. These issues plague security teams of all [...]