advanced-menu-icon

SkyRadar Blog

Kenneth Vignali

Kenneth Vignali is an expert in cyber security including Open-Source Intelligence Investigations, Digital Forensics and Incident Response as well as general cyber security best practices for their client base. Prior to becoming a cybersecurity consultant, he has worked with several large Fortune 500 companies and local and state governments while serving as a Senior Security Advisor for Dell SecureWorks. In his time at SecureWorks, he became a trusted advisor to executives including CIOs and CISOs and led various enterprise-wide security projects for over 7 years. Prior to his current career, he spent 8 years in the US Army serving in roles from threat intelligence, artillery and led a Personal Security Detail team for US officers in Iraq, providing security for key high-level personnel while advising the Iraqi military and government.

Cybersecurity in ATM: Investigating Cyber Incidents Using the 2FA Logs

Background

Historically, security teams would advocate for their IT teams and management to approve the implementation of multi-factor authentication in order to reduce the impact of threats such as brute force attacks against passwords, mitigate fall out from phishing emails and other social engineering related attacks. For context, there are multiple methods of implementing two factor authentication, which includes but is not limited to, SMS based, voice and app based. Once an implementation is in place, this will provide security and incident response teams additional protection and more importantly, additional data points to investigate security alerts.

Read the blog

Cybersecurity in ATM: Investigations Incidents with Cloud Access Security Broker (CASB) Data

CASB solutions can help your business in addressing risk in cloud-based services, consistently enforce security policies and comply with regulations, even when these services reside beyond your perimeter and out of your direct control. The value stems from the ability to identify high-risk applications, users, and other key risk factors across cloud platforms - a potential blind spot for many businesses.

Read the blog

Cybersecurity in ATM : Endpoint Detection and Response (EDR) logs

Endpoint detection and response (EDR) provides continuous monitoring and analysis of endpoints, aiding incident response teams in efficiently managing threats and reducing overall response times in cybersecurity operations.

Read the blog

Cybersecurity in ATM : Using the Security Stack for Investigations – Password Reset Logs

This article explores cyber investigations through leveraging the Security Stack. It sheds light on the role of password reset logs in swift breach detection and mitigation.

Read the blog

Cybersecurity in ATM: Leveraging Anti-Virus Logs for Incident Response

As part of our series on how incident response teams leverage different parts of the security stack for investigations, we now are going to look at how anti-virus logs are used and can be used.

Read the blog

Cybersecurity in ATM : Incident Response using the Security Stack – Office 365 Logs

As part of our ongoing series regarding how each part of an organization’s security stack helps the incident response and forensic teams perform their analysis, we are going to now discuss Office 365 logs and the details it captures as teams interact with services held there. 

Read the blog

Cybersecurity in ATM : Taking Apart the Security Stack in Incident Response (Part 2) - Investigations Using Proxy Logs

This article explores incident response investigations using proxy logs to uncover security gaps in email filtering.

Read the blog

Cybersecurity in ATM : Taking Apart the Security Stack in Incident Response (Part 1) - Email investigations

Malicious actors regardless of motivation, whether financial or hacktivism, tend to look for the path of least resistance. In many data breaches, when forensic teams investigate the root cause, they end up tracing it back to email as the initial vector of the breach, where it all began. The reason this turns out to be the most lucrative for all attackers is the fundamentals of human psychology.

Read the blog

Cyber-Security in Air Traffic Management: Understanding the Power of the Cyber-Security Stack

In the rapidly evolving landscape of cybersecurity, Air Navigation Service Providers and Airports face an ongoing battle against sophisticated threats. To safeguard sensitive data and ensure business continuity, an effective security strategy is important. At the heart of this strategy lies the security stack, a layered approach that fortifies the digital infrastructure against a wide array of cyber threats. In this article, we embark on a journey to explore the intricacies of the security stack, its components, and their vital role in investigating cyber incidents.

Read the blog