Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2020

Sumo Logic and ZeroFOX Join Forces to Improve Visibility and Protect your Public Attack Surface

Today’s organizations have the challenge of managing several different applications and software within their technology stack. The more public-facing platforms an organization utilizes, the greater their public attack surface risks. Without proper protection, they and their community can become an easy target for malicious actors.

What Data Types to Prioritize in Your SIEM

Customers regularly ask me what types of data sources they should be sending to their SIEMs to get the most value out of the solution. The driver for these conversations is often because the customers have been locked into a SIEM product where they have to pay more for consumption. More log data equals more money and, as a result, enterprises have to make a difficult choice around what log sources and data are what they guess is the most important.

Cloud SIEM: Getting More Out of Your Threat Intelligence - 3 Use Cases for IOCs

Ever since JASK was founded, we have heavily integrated with threat intelligence platforms to gain context into attacker activity through indicators of compromise (IOCs). Now that we have joined Sumo Logic, our customers have the ability to pull in more data than ever making this feature even more powerful. One of our tightest integrations is with the Anomali (formerly ThreatStream) platform.

The automation hype is real for SOC teams: unpacking the Dimensional Research "2020 State of SecOps and Automation" report

As more and more enterprises shift to the cloud, the pressure on SOC teams to protect them against threats rises exponentially. They are the very first line of defense against data breaches and cyber threats that become more frequent and more sophisticated.

Building a Security Practice Powered by Cloud SIEM

It has never been a more challenging (or better) time to be a service provider for managed security services. With an estimated 1,200+ vendors selling a variety of security solutions today, businesses are looking for help to manage the complexities of supporting these technologies while protecting critical data.

Defense in depth: DoublePulsar

Unless you’ve been living under a rock you are probably familiar with the recent Shadow Brokers data dump of the Equation Group tools. In that release a precision SMB backdoor was included called Double Pulsar. This backdoor is implemented by exploiting the recently patched Windows vulnerability: CVE-2017-0143. For detection, we are going to first focus on the backdoor portion of the implant, hunting for traces left behind on the network.

Domain Hijacking Impersonation Campaigns

A number of domain “forgeries” or tricky, translated look-alikes have been observed recently. These attack campaigns cleverly abuse International Domain Names (IDN) which, once translated into ASCII in a standard browser, result in the appearance of a corporate or organization name that allows the targeting of such organization’s domains for impersonation or hijacking. This attack has been researched and defined in past campaigns as an IDN homograph attack.