In the News
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Office of the CISO
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Tools
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
Investigating AI Usage in SOC Using Security Copilot
Discover how to kickstart your AI journey in the SOC with Security Copilot. Learn about prompts, promptbooks, and Logic Apps to streamline workflows, enhance investigations, and build trust in AI solutions. Start exploring today
Defending and Hunting AiTM Attacks
Adversary-in-the-Middle (AiTM) phishing bypasses MFA by hijacking session cookies, enabling account access without additional authentication. Learn about the latest AiTM kits, detection strategies, and hardening guidance for Microsoft 365 environments in our detailed blog.
Understanding Nation-state Threat Actors with VECTR and MITRE ATT&CK
Learn how to use VECTR™ and MITRE ATT&CK to operationalize threat intelligence, prioritize defenses, and enhance readiness against nation-state threat actors like Iran-linked APT groups.
PRESS RELEASE: Security Risk Advisors Releases “The Purple Perspective 2026” Report
Discover actionable insights in Security Risk Advisors’ inaugural report, ‘The Purple Perspective 2026.’ Based on over 160 purple team exercises and testing 8,300+ TTPs, this comprehensive analysis benchmarks industry performance, highlights detection and prevention gaps, and offers recommendations to enhance cybersecurity defenses. Download the report for free today!
AI Automation Levels in Security Operations
Explore the levels of AI-powered automation in security operations with Greg Stachura’s insightful blog. Learn how to align your SOC’s goals with the right automation maturity level and close the gap between attackers and defenders.
Leveling Up and Driving Adoption of AI in Your SOC with Security Copilot
Learn how to drive natural AI adoption in your SOC with practical strategies and exercises. From regex basics to building custom agents, this blog explores how Security Copilot can empower analysts and maximize your AI investment.
Building Accessibility into VECTR
Discover how Security Risk Advisors integrated accessibility into VECTR, enhancing usability for keyboard navigation and screen readers while meeting WCAG AA standards. Learn about the challenges and solutions in building inclusive cybersecurity tools.
A CISO’s Guide to OpenClaw: Chat Becomes Control
OpenClaw-class agents are redefining enterprise security risks. This blog by Chris Salerno explains how CISOs can address the unique challenges posed by these privileged automation runtimes, from persistent memory risks to supply chain vulnerabilities.
Evaluating AI Performance: Practical Tools for ExCyTIn-Bench
Discover how to evaluate and refine AI investigation workflows with ExCyTIn-Bench tools. Learn about Python scripts for data ingestion and benchmarking, enabling repeatable metrics and improved performance.
Intune Suite Is Included in E3/E5 Starting July 2026: What’s Included and How to Plan for Adoption.
Discover how the inclusion of Intune Suite in Microsoft 365 E3/E5 licenses starting July 2026 will transform endpoint management. Explore features like Advanced Analytics, Endpoint Privilege Management, and Cloud PKI, and learn how to plan for adoption effectively.
Using Tabletop Exercises to Strengthen OT Security Maturity
If you are part of an organization grappling with how to secure your Operational Technology (OT) environment, you are not alone. Let’s start with the basics: Do you have an Incident Response Plan (IRP) that includes your OT environments and assets? Hint: the...
Continuous Security Testing Programs
Continuous testing should be multi-threaded, not just red teaming or using one tool.
Save Budget and Improve Your Logging and Monitoring Capabilities
In budget-tightening times, a security data pipeline can greatly reduce your SIEM costs and increase log efficiency. SRA has implemented this new approach for many of our clients, helping them realize significant savings by reducing log size and volume ingested by...
What is OT?
There are many ways to think about Operational Technology (OT) aside from the official definition. I challenge you to define what “OT” is to your organization, and its alignment to your business.
The Road to Benchmarked MITRE ATT&CK Alignment: Threat Resilience Metrics
TL;DR You can describe the progress of your cybersecurity program in a single, threat-driven metric: the Threat Resilience Metric. This metric is born from prioritized MITRE ATT&CK alignment and can be benchmarked with your peers. Prelude: NIST CSF and...
Security Best Practices Amid Geopolitical Crisis
Stay vigilant in cybersecurity with best practices, not just tools, to counteract threat actors effectively.
Understanding and Preparing for the Shift to XDR
The CyberSOC model is changing, driven by cloud adoption and improvements in detection technologies on tools like Endpoint Detection and Response (EDR). Extended Detection and Response (XDR) is the realization of these changes, putting less pressure on the SIEM to...
Building a Security Strategy the Right Way
Given the wildly unexpected events of 2020 and their potential lasting impact that could change the way we work, CISOs should consider revisiting their existing strategies now or begin to plan new ones for 2021 and beyond. At Security Risk Advisors, we often field...
SolarWinds Breach: How do we stop this from happening again?
The SolarWinds breach is perhaps one of the worst, if not the worst public hacking events in history. Much has been written on what happened, and I’m not going to regurgitate those details. There is inestimable complexity ahead for CISOs to try and identify the extent...
Getting Specific with Ransomware Preparedness
Most industry ransomware guidance is focused on SMB protections for commodity malware that exploits low-hanging fruit via worming and trashing share drives and document folders. “Have good backups” is still good advice, but there is much more we can do and with more...
Project SHADOWSTAR: A Data Driven Approach to Network Block Enumeration (Part 2)
Discover SHADOWSTAR, a tool for fast, thorough network block enumeration, enhancing penetration testing and red teaming.
Project SHADOWSTAR: A Data Driven Approach to Network Block Enumeration (Part 1)
Discover SHADOWSTAR, a tool for fast, thorough network block enumeration, enhancing penetration testing and red teaming.
User Data Leaks via GIFs in Messaging Apps
An investigation into how Teams, Discord, and Signal handle Giphy integrations When everyone is working from home, a well-timed GIF sent to...
MSSpray: Wait, how many endpoints DON’T have MFA??
A Little Backstory As more companies move their infrastructure into the cloud, attackers are adapting their techniques to target these resources. One of the bigger changes is the shift to using Azure Active Directory (Azure AD) rather than an on-site solution. We’ll...
Automated Detection Rule Analysis with Dredd
Stay ahead in cybersecurity with Dredd: automate Sigma rule testing against Mordor datasets and IDS rules evaluation with PCAPs for robust defense.
Getting Shells with OpManager
TL;DR This post provides an example of how administrative access to a ManageEngine OpManager application allows [testers] to obtain command execution on underlying OS using the workflow function. Intro During external penetration tests, we often come across...
Direct Access Memories: Subverting FDE with DMA Attacks
Tl;dr: By expanding on research, we were able to successfully gain full administrative access on a sample of laptops from corporate environments with Full Disk Encryption enabled in less than 10 minutes. Background Full Disk Encryption (FDE) has traditionally...
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
AWS IAM Exploitation
In AWS, authorization is governed by the Identity and Access Management (IAM) service. Unfortunately, as most software configuration goes, there is ample opportunity for misconfigurations that result in security vulnerabilities. As it pertains to AWS IAM, this...
Purple Teams and Threat Resilience Metrics
This article covers how a Purple Team process done correctly can: Be documented and organized using the free VECTR.io platform (https://vectr.io) and align to MITRE ATT&CK Generate quantitative success defense metrics more meaningful than existing hygiene and...
Sharpening Offensive Skills Through Purple Teams
Discover how purple teams bridge the gap between red and blue teams, offering red teamers real-time feedback, hands-on experience with defensive tools, and insights into enterprise environments. Learn how this collaborative approach sharpens offensive skills and enhances detection strategies.
Using Purple Teams to Set Detection Engineering Priorities
Purple Teams play a crucial role in enhancing detection engineering efforts by combining the offensive expertise of red teams with the defensive strategies and knowledge of blue teams. By leveraging the insights gained from simulating real-world attacks, organizations can identify detection opportunities and prioritize their engineering efforts.
Coercing Authentication from a Domain System: Analyzing a New Test Case from the 2025 Threat Simulation Index
Explore the latest addition to SRA’s 2025 Threat Simulation Index: the “Coerce Authentication from Domain System” test case. This blog post delves into how tools like PetitPotam and Coercer exploit Windows RPC protocols to force domain systems into unintended authentications. Ideal for purple teams aiming to benchmark and enhance their organization’s threat resilience.
VECTR Satellite Launches in the Azure Marketplace: A Managed Service for Enhanced Threat Resilience
Security Risk Advisors is thrilled to announce the launch of VECTR Satellite in the Azure Marketplace! This milestone marks a significant step forward in empowering organizations to strengthen their cybersecurity posture through a managed platform that operates securely within the confines of an organization’s own private Azure tenant.
Beware of ClickFix: A Growing Social Engineering Threat
ClickFix is a rapidly evolving social engineering technique that began gaining momentum in mid-2024. By camouflaging malware delivery within fake CAPTCHA verification screens or error messages, threat actors successfully lure end users into pressing Windows+R, pasting malicious code, and executing it, often without raising immediate suspicion. This advisory examines how ClickFix operates, documents active campaigns, and provides detection strategies and mitigation recommendations.
Developing Purple Team Attack Plans from Threat Intelligence
Learn how purple teams can turn threat intelligence into actionable attack plans. This guide covers scoping, TTP analysis, and building intel-based purple team exercises.
Enhancing Cloud Security with Purple Team Strategies
Enhance your cloud security with Purple Teaming strategies. Learn how to validate security controls, track improvements, and detect threats in Azure, AWS, and on-prem environments using VECTR. Discover real-world test cases, resilience metrics, and best practices to strengthen your security posture.
My Journey to Becoming a Purple Teams MC
Discover the journey from penetration testing to leading Purple Teams. Learn how collaborative Purple Team exercises bridge the gap between offensive and defensive security, improve detection and response, and foster meaningful knowledge transfer.
Purple Team PSA: Disable Device Code Flow
Microsoft refers to device code flow as ‘high-risk’ and even “recommends blocking/restricting device code flow wherever possible”. Why? Because it might be leaving your organization vulnerable to one of the most persuasive and impactful social engineering attacks I’ve seen in my career – device code phishing.
Efficiently Managing Hundreds of Purple Teams
In 2024 Security Risk Advisors delivered over 170 Purple Teams to our clients. Supporting the technical execution of our Purple Teams we use strong project management techniques that not only make high-volume service delivery efficient but also quite manageable.
Beware of ClickFix: A Growing Social Engineering Threat
ClickFix is a rapidly evolving social engineering technique that began gaining momentum in mid-2024. By camouflaging malware delivery within fake CAPTCHA verification screens or error messages, threat actors successfully lure end users into pressing Windows+R, pasting malicious code, and executing it, often without raising immediate suspicion. This advisory examines how ClickFix operates, documents active campaigns, and provides detection strategies and mitigation recommendations.
The Entra-nce to Tenant Maturity
SRA has developed a maturity strategy for identity and access management (IAM) in Entra ID. The goal is for our clients and readers to achieve the “Modern” maturity level and aspire to be at the “Advanced” maturity level.
Limiting WMI Lateral Movement via DCOM Permissions
If you are looking for a way to curb WMI-based lateral movement – and especially if you do not want a dependency on another control, such as a firewall – DCOM permissions may prove to be a useful method that works with traditional configuration management.
Entra ID to the Rescue: Streamlining Identity Access Reviews with a Dash of Governance
The blog highlights the challenges of managing identity access reviews in complex environments and emphasizes the benefits of using automated tools like Microsoft’s Identity Governance to streamline these processes. Security Risk Advisors (SRA) offers custom solutions to help organizations implement and report on access review results, enhancing compliance and efficiency .
Security Risk Advisors Earns Microsoft Solutions Partner Designation for Infrastructure (Azure)
We are excited to share that Security Risk Advisors (SRA) has achieved the Microsoft Solutions Partner designation for Infrastructure (Azure)! This recognition reflects our proven expertise in accelerating clients' migration of critical infrastructure workloads to...
Building Practical Resilience: The Table-Top Exercise (TTX) Execution Playbook
This playbook on facilitating an effective TTX can help lead you to success. Whether you run them yourselves on call or have an external organization like SRA to help facilitate, they should stoke conversations that lead to meaningful improvement, role clarity, and help make a real incident a little less painful.
One-Click Threat Hunting with Security Copilot
Do you ever feel like you suffer from prompt anxiety? It’s like social anxiety but instead you replace the social part with an AI chat bot. You feel that pressure of having to come up with the perfect prompt to make sure you get just the right response. The way I deal...
Reining in SaaS Sprawl: Implementing a Robust Governance Program
Hypothetical Scenario – One of your primary accounting team members is no longer employed by your organization. Do you know what financial software-as-a-service (SaaS) applications they were using? Do you know if that user accessed any SaaS applications using...
Privilege Escalation in AWS and GCP Machine Learning Instances
Companies interested in developing AI/ML enabled tools can make use of services like Google Cloud’s Vertex AI and Amazon’s SageMaker to quickly deploy GPU-powered compute instances, complete with Jupyter notebooks. Naturally, companies would not be comfortable giving...
Interpreting New Hospital Cybersecurity Requirements for New York State
Effective October 2nd, 2024, New York State released new Hospital Cybersecurity Requirements, in section 405.46. Learn how to configure your Azure and Sentinel ecosystem to support the log storage requirements outlined in section 405.46.
Closing the Gap in Cyber Resilience: Why AI Investigation Benchmarks Matter for CISOs
Explore ExCyTIn-Bench, an open-source framework for evaluating AI in cybersecurity investigations. Learn how it challenges AI agents with realistic SOC scenarios, testing their reasoning, query formulation, and evidence synthesis capabilities.
Microsoft Ignite 2025: The 6 Security Announcements Shaping 2026
Microsoft Ignite 2025 introduced six pivotal security updates, including AI governance tools, passwordless authentication, and autonomous threat response. Discover how these innovations can transform your security operations in 2026.
Introducing Tier 0: How AI Is Empowering the Agentive SOC
Discover how Tier 0, powered by SCALR AI, is transforming Security Operations Centers. By automating repetitive tasks and enriching alerts, Tier 0 enables analysts to focus on real threats, creating a smarter, more sustainable SOC. Learn more about this innovative approach.
CrowPilot: The AI Agent that Connects Security Copilot with CrowdStrike Falcon
A good security program cannot exist without good data, and for AI platforms, like Microsoft’s Security Copilot, good data is essential to maximizing effectiveness. The diverse set of security tools owned by organizations often don’t natively integrate to work...
Get Off the Neverending AI Treadmill and Secure Your Organization
This blog explores why enterprises should resist the urge to chase the latest LLMs and instead focus on securing AI adoption through cloud-based platforms like Azure, AWS, and Google Cloud. Learn how strategic AI implementation can align security, IT, and innovation for long-term success.
AI vs. AI: Red Teaming with PyRIT
This article showcases use of open source tools to use AI LLMs to attack other AI LLMs to identify security vulnerabilities.
Using Purview and M365 to Mitigate Data Security Risks in Microsoft Teams Meeting Recordings
Recording Teams meetings is a convenient way to memorialize an important discussion. But without proper controls in place, recordings can capture sensitive information, consume valuable cloud storage space, and become a data loss vector. Make sure your organization has configured the right settings to mitigate these risks and learn how to use Purview to understand if the organization is already oversharing.
Understanding and Applying Vector Databases to Supercharge your SOC with AI & Copilot for Security
Discover how Azure AI Search integration enhances threat intelligence with vector databases in Copilot for Security.
Building a Copilot for Security Custom NetFlow Plugin
We’ve built a custom Copilot for Security plugin that would take advantage of network flow data and use the power of Copilot for Security to extract the exact time and IP address of a host involved in a security incident, then go retrieve, summarize, and analyze the netflow data within 30 minutes on either side of the first noted malicious event to determine if there was potential for lateral movement or other key indicators of attack. This can give insight to understand if an attacker may have attempted to move laterally on your network, and if so where, and using which protocols.
A Quick Look at Microsoft’s Inventory of AI Solutions
Dive into AI Cybersecurity Development with SRA’s insights on Microsoft AI tools and securing AI in cyber tech.
HIPAA Safe Harbor: How H.R. 7898 Affects Healthcare Organizations
TL;DR New legislation (H.R. 7898) allows healthcare providers to reduce enforcement actions by using security best practices. Background: H.R. 7898 On January 5, 2021, H.R. 7898 was signed into law to incentivize healthcare organizations to implement leading...
PCI v4 and a ‘Customized’ Approach – PCI Community Meeting 2019 Insights
TL,DR; PCI v4 was previewed for the first-time during Day 1 of the PCI Community Meeting PCI v4 has significant changes and introduces a “Customized Approach” to achieve PCI compliance Organizations can continue to achieve PCI compliance through traditional audit...
PAM: High Impact, High Failure Rate
Privileged Account Management (PAM) is a critical function in a modern cyber security program. PAM programs have a high fail rate for a variety of reasons, including: Lack of understanding of key risks around privileged accounts Resistance from system administrators...
Why Red? Why Purple? A NIST CSF View
Red and Purple Teaming serve distinct purposes, and we think NIST CSF backs us up on that. We outline why we believe in starting with Purple Teams to validate Protect...
Updated Results from the MITRE ATT&CK Endpoint Detection and Response Evaluation
Explore MITRE’s EDR tool evaluations for APT3 threat detection, featuring top performers like Crowdstrike and new entrants FireEye and Cybereason. Detailed results at SRA
New Health Industry Cybersecurity Practices (HICP) Guidance Released: What You Need to Know
Explore HPH SCC’s new cybersecurity guidance for healthcare, offering a prescriptive approach to enhance industry-wide security practices.
Open Letter to the FDA
This blog post contains a copy of the questions and comments we’ve submitted to the FDA regarding their latest Medical Device Cyber Security Pre-Market Guidance draft (Link Here). In our previous blog post, we provided an overview of the draft. We believe that...
FDA Pre-Market Medical Device Draft Guidance Review
FDA’s draft guidance on medical device cybersecurity could revolutionize industry practices for manufacturers and healthcare providers.
Privacy: It’s More than GDPR
Discover the importance of a strategic approach to data privacy, transcending compliance to build consumer trust and gain a competitive edge.
Meeting the Standards – Persistent Challenges in PCI DSS
Stay ahead in cybersecurity with SRA’s expert guidance on PCI DSS updates, TLS protocol upgrades, and vendor compliance strategies
No Results Found
The page you requested could not be found. Try refining your search, or use the navigation above to locate the post.
PRESS RELEASE: Security Risk Advisors joins the Microsoft Intelligent Security Association
FOR IMMEDIATE RELEASE PHILADELPHIA, Pennsylvania, USA — January 7, 2025 — Security Risk Advisors today announced it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security...
PRESS RELEASE: Security Risk Advisors Announces Launch of VECTR Enterprise Edition
FOR IMMEDIATE RELEASE Philadelphia, PA – August 1, 2024 – Security Risk Advisors (SRA) announces the launch of VECTR Enterprise Edition, a premium version of its widely-used VECTR platform for purple teams and adversary management program reporting and benchmarking....
PRESS RELEASE: Free Workshop from Security Risk Advisors Empowers Organizations to Select Optimal OT Security Tools
Security Risk Advisors (SRA) announces the launch of their OT/XIoT Detection Selection Workshop, a complimentary offering designed to assist organizations in selecting the most suitable operational technology (OT) security tools for their unique environments.
PRESS RELEASE: Security Risk Advisors Hires Stephen Burke as Director of EMEA Relationships
Security Risk Advisors announced the appointment of Stephen Burke as the company’s new Director of EMEA Client Relationships.
PRESS RELEASE: Security Risk Advisors Hires Joe Cicero as Director of Strategic Alliances
ROCHESTER, NY – Security Risk Advisors (“SRA”), a leading provider of cybersecurity services and solutions, announced today the appointment of Joe Cicero as the company’s new Director of Strategic Alliances. Joe will be at the helm of developing strategic partnerships...
PRESS RELEASE: Security Risk Advisors and Finite State Announce Strategic Partnership to Drive Enhanced Cybersecurity for Connected Devices
Philadelphia, PA and Columbus, OH - [2/1/2024] - Security Risk Advisors (SRA), a leader in cybersecurity engineering, testing, operations, and strategy, and Finite State, an industry leader in software supply chain security, are pleased to announce a strategic...
PRESS RELEASE: Security Risk Advisors Unveils 2024 Test Plans for Cyber Threat Resilience Benchmarks
Elevate cyber resilience with SRA’s 2024 Threat Indexes for sector-specific benchmarking and threat assessment.
PRESS RELEASE: SCALR XDR by Security Risk Advisors Now Available on Azure Marketplace
Security Risk Advisors (SRA) is pleased to announce that its 24×7 security monitoring service, SCALR XDR, is now available in the Azure Marketplace.
PRESS RELEASE: Study Examines Economic Impact of SCALR XDR CyberSOC
Security Risk Advisors (SRA) announced today that a study conducted by Forrester Consulting on behalf of SRA in November 2023 has explored the potential return on investment (ROI) and security benefits for organizations deploying SCALR XDR CyberSOC.
PRESS RELEASE: Security Risk Advisors Granted with Cloud Security and Threat Protection Advanced Specializations by Microsoft
Security Risk Advisors is proud to announce that it has achieved both of the prestigious Microsoft Cloud Security and Threat Protection Advanced Specializations, an accolade that further affirms its standing as a leader in the cybersecurity industry.
Follow us on social media
Browse our Webinars
Access these virtual events on-demand and get valuable insight from our thought leaders and subject matter experts.
Get Curated Security News and Critical Vulnerability Reports
Our Threat Intelligence Gathering & Research (TIGR) team is focused on threat intelligence and curates a daily intelligence report, TIGR Threat Watch, with information collected from several industry intel sources. We also create and publish ad-hoc critical vulnerability notifications in case of critical and time-sensitive vulnerabilities or threats.