Threat Detection

Threat hunting 101: Leveraging MITRE ATT&CK framework for extended threat detection

May 19, 2023 By General In ManageEngine

Threat detection and mitigation is one of the core responsibilities of a SOC. With cyberattacks becoming more sophisticated, it has become arduous for security analysts to secure their network from threats. Hybrid work and BYOD policies are making it more difficult for SOCs to keep track of network activities. Attackers continue to improvise new tactics and techniques to compromise an organization’s network.

Read Post

ManageEngine

Read more about Threat hunting 101: Leveraging MITRE ATT&CK framework for extended threat detection

Learn about Corelight and Zeek with AI

May 19, 2023 By Corelight In Corelight

Want to know how to get a commanding view of all devices that log onto your network? Let’s ask ChatGPT! Watch as Corelight's James Pope leverages his AI assistant to explain the power of Zeek®—the open-source technology behind Corelight’s network evidence—and the detailed logs of network activity it produces, including protocols such as HTTP, DNS, and SSL. In the video he also shares how Zeek®’s open standard easily integrates with Suricata, SecurityOnion, Molok, Elk, CrowdStrike EDR logs, and more.

View Video

Corelight

Read more about Learn about Corelight and Zeek with AI

Why Cyber Threat Detection and Response Is So Hard

May 15, 2023 By Justin Foster, Chief Technology Officer In Forescout

Breakthrough innovation arises primarily in response to two conditions. One, when new technology emerges that creates new demand by fulfilling needs customers didn’t know they had. Think smartphones. A generation ago, people didn’t know they needed to be tethered to a phone the size of their palm that was also a camera, a bank, an encyclopedia and a shopping mall. Two, when new challenges arise that require innovation to address them.

Read Post

Forescout

Read more about Why Cyber Threat Detection and Response Is So Hard

2023 SANS Report Digital Forensics

May 15, 2023 By Corelight In Corelight

Speakers: John Gamble (Corelight), Domenica Crognale, Heather Mahalik, David Smalley.

View Video

Corelight

Read more about 2023 SANS Report Digital Forensics

Leveraging the Dark Side: How CrowdStrike Boosts Machine Learning Efficacy Against Adversaries

May 9, 2023 By Denis Rozimovschii In CrowdStrike

The power of the CrowdStrike Falcon® platform lies in its ability to detect and protect customers from new and unknown threats by leveraging the power of the cloud and expertly built machine learning (ML) models. In real-world conditions and in independent third-party evaluations, Falcon’s on-sensor and cloud ML capabilities consistently achieve excellent results across Windows, Linux and macOS platforms.

Read Post

CrowdStrike

Read more about Leveraging the Dark Side: How CrowdStrike Boosts Machine Learning Efficacy Against Adversaries

Zenity Helps Microsoft Identify and Remediate Critical Security Risk in Power Automate Desktop

May 8, 2023 By Andrew Silberman In Zenity

About seven months ago at Defcon, Zenity CTO Michael Bargury presented security research that discovered and outlined a way to take over Microsoft Power Automate enabling bad actors to send ransomware to connected machines by using Power Automate as it was designed. By simply taking over an endpoint, our research showed that attackers can run their own payloads and execute malware by assigning machines to a new administrative account using a basic command line.

Read Post

Zenity

Read more about Zenity Helps Microsoft Identify and Remediate Critical Security Risk in Power Automate Desktop

Detect and Respond to Workload Threats

May 8, 2023 By Sysdig In Sysdig

Learn how to use Sysdig Secure to detect and prevent cryptomining using machine learning! Speaker: Nigel Douglas, Senior Marketing Manager, Sysdig.

View Video

Sysdig

Read more about Detect and Respond to Workload Threats

Key takeaways from RSA 2023: #BetterTogether and AI in security

May 8, 2023 By Ed Smith In Corelight

Whether or not you made it to RSA 2023, here are two key themes we saw throughout this year’s conference.

Read Post

Corelight

Read more about Key takeaways from RSA 2023: #BetterTogether and AI in security

Securing Cloud, Containers, and Kubernetes

May 5, 2023 By Sysdig In Sysdig

Sysdig's Cloud Protection and Response platform bridges the gap between the cloud tenant, the Kubernetes workloads that run in that cloud provider, as well as the processes that are actually executed within containers running in Kubernetes. In this video, Sysdig Senior Technical Marketing Manager takes us through the platform and the best practices to secure your environment!

View Video

Sysdig

Read more about Securing Cloud, Containers, and Kubernetes

New Sliver C2 Detection Released - Redteam detected

May 4, 2023 By Corelight Labs Team In Corelight

We are excited to announce the release of a new detection package “Sliver”, which identifies and raises alerts related to the Sliver C2 framework. This new package joins our industrial-strength C2 Collection and uses a variety of techniques to detect Sliver, above and beyond our HTTP-C2 package’s existing Sliver coverage. In this blog we provide some basics about Sliver and how it works and then dive deep into the techniques we use to detect this popular and powerful tool.

Read Post