Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

July 2021

How to Spot C2 Traffic on Your Network

Jul 30, 2021 By Corelight In Corelight
Attackers often hide their command and control (C2) activity using techniques like encryption, tunneling in noisy traffic like DNS, or domain generation algorithms to evade blacklists. Reliably spotting C2 traffic requires a comprehensive network security monitoring capability like open source Zeek that transforms packets into connection-linked protocol logs that let analysts make fast sense of traffic. Corelight’s commercial NDR solutions generate this Zeek network evidence and also provide dozens of proprietary C2 insights and detections.
View Video

A SANS 2021 Report Top New Attacks and Threat Report

Jul 30, 2021 By Corelight In Corelight
In the SANS 2021 Top New Attacks and Threat Report, John Pescatore provides insight into the threats highlighted during the SANS panel discussion at the 2021 RSA Conference. This webcast will include practical advice from the paper, including insights from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the critical skills, processes and controls needed to protect their enterprises from these advanced attacks.
View Video

Encrypted Traffic Collection

Jul 29, 2021 By Corelight In Corelight
Working with encrypted traffic is a common task in the SOC and one that many people think network monitoring solutions can't do anything about. The reality, however, is a bit less cut and dry than you might think. Corelight with Zeek can parse details about the certificate handshake and the SSL connection itself. See the cipher and elliptic curve in use, which are great for detecting vulnerabilities like CurveBall. Learn more about Corelight's Encrypted Traffic collection in this brief two minute video.
View Video

OT security and implications to wider IT Environments

Jul 28, 2021 By Corelight In Corelight
Poor Operational Technology (OT) security can lead to serious IT data breaches. Learn from experts at Splunk, Corelight, and ClearShark about the risks unsecured OT systems pose to IT networks, and how visibility into network traffic can enable accurate alerting to malicious behavior. You’ll learn key differences between OT and IT networks, about Corelight’s ability to understand and enhance OT protocols, and the value of Zeek wire data for both IT and OT security.
View Video

Accelerate SecOps with a Single Source of Network Truth

Jul 28, 2021 By Corelight In Corelight
Network evidence is vital for defense, but collecting it can be overly complicated and result in incomplete data that is difficult to use. By transforming VPC and on-premises traffic into Zeek logs and Suricata alerts, you can accelerate threat hunting and incident response workflows in security analytics tools like Chronicle and VirusTotal.
View Video
elastic

Collecting and operationalizing threat data from the Mozi botnet

Jul 27, 2021 By Elastic Security Intelligence & Analytics Team In Elastic

Detecting and preventing malicious activity such as botnet attacks is a critical area of focus for threat intel analysts, security operators, and threat hunters. Taking up the Mozi botnet as a case study, this blog post demonstrates how to use open source tools, analytical processes, and the Elastic Stack to perform analysis and enrichment of collected data irrespective of the campaign.

Read Post

Falcon X Recon

Jul 26, 2021 By CrowdStrike In CrowdStrike
Does the dark web hold security secrets about your organization? Falcon X Recon collects and monitors activity from millions of restricted web pages, criminal forums and encrypted messaging platforms — the hidden recesses of the internet where criminal actors congregate and underground digital economies thrive. By empowering security teams to conduct investigations in real time, they can proactively uncover fraud, data breaches, phishing campaigns and other online threats that target their organization.
View Video
alienvault

Cybersecurity and government

Jul 7, 2021 By Rupesh Chokshi In AT&T Cybersecurity

Photo by Katie Moum on Unsplash In May, after many months of dedicated effort, our compliance team received word that a U.S. Federal Risk and Authorization Management Program (FedRAMP) moderate certification was granted for the AT&T Threat Detection and Response for Government solution. FedRAMP is a program coordinated by the US General Services Administration and the Department of Homeland Defense that inspects cloud-based solutions for compliance with 325 distinct security controls.

Read Post
elastic

Ingesting threat data with the Threat Intel Filebeat module

Jul 1, 2021 By Elastic Security Intelligence & Analytics Team In Elastic

The ability for security teams to integrate threat data into their operations substantially helps their organization identify potentially malicious endpoint and network events using indicators identified by other threat research teams. In this blog, we’ll cover how to ingest threat data with the Threat Intel Filebeat module. In future blog posts, we'll cover enriching threat data with the Threat ECS fieldset and operationalizing threat data with Elastic Security.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.