The Security Operations Center (SOC) is the central unit that manages the overall security posture of any organization. Knowing how your SOC is performing is crucial, so security teams can measure the strength of their operations. This article describes SOC metrics, including their importance, common SOC metrics, and the steps SOC teams can take to improve them.

Welcome to the third entry in our introduction to the PEAK Threat Hunting Framework! Taking our detective theme to the next level, imagine a tough case where you need to call in a specialized investigator (even Sherlock depended on Watson from time to time!). For these unique cases, we can use algorithmically-driven approaches called Model-Assisted Threat Hunting (M-ATH). In this post, we’ll look at M-ATH in detail.

In the complex world of Internet security, TLS encryption reigns. The powers behind the throne are the Certificate Authorities (CAs) that play a crucial role in verifying websites' identities and regulating the trust we place in those sites. However, understanding the trustworthiness of the CAs themselves can be challenging.

Cyberattacks are unauthorized attempts to access data and disrupt your organization's computer systems or networks. It’s reported that 49% of organizations have suffered a data breach over the past two years — it’s possibly higher than that. These data breaches can cause financial loss, reputational damage and legal liabilities. So, organizations develop Red and Blue teams to mitigate the risk of cyberattacks.

Even though this blog discusses some serious topics related to security of mission-critical SAP applications, why not start it with a fun trivia question? So, here it is: “What does SAP stand for?” As per the company’s website, SAP is an acronym for the organization’s original German name “Systemanalyse Programmentwicklung,” which stands for System Analysis Program Development in English. Founded in 1972, SAP is a global leader in enterprise application software.

Cryptomining is essential for creating new cryptocurrencies and functioning blockchain networks. However, the increased complexity of cryptomining drives the need for specialized, cost-effective infrastructure to mine cryptocurrencies. Enter the cloud: Cloud computing has become critical for cryptomining, making cloud cryptomining popular among miners. This article describes cloud cryptomining, its history, and the types of cloud cryptomining.

RSA is a popular and secure cryptographic algorithm that encrypts and decrypts data. It provides a secure method for transmitting sensitive data over the Internet. While RSA has some vulnerabilities, it is still utilized for various applications, like digital signatures to authenticate the source of a message. This article describes RSA, how it works, and its major applications. It also explains the security vulnerabilities of RSA and how to mitigate them.

“Who you gonna call?” - Ghostbusters Before we get to the main topic of this blog, I would like to provide some historical background on how I got to the topic. Hopefully, this context will be both informative and useful as we try to use call detail records (CDR) for doing good things.

While most people understand that cybercrime is rising, it’s challenging to fathom just how widespread it is. In 2007, researchers found there was a cyberattack every 39 seconds. By 2022, those numbers seemed small and innocent in comparison: The sheer scale of attacks makes it a challenge to understand and find emerging threats or identify trends. Cyberattack maps provide visuals that clarify numbers that can be otherwise difficult to understand and bring to light the dark activities online.

When it comes to cyber threats, few are as feared as Advanced Persistent Threats. An Advanced Persistent Threat (APT) is a sophisticated, highly targeted and often long-term cyberattack orchestrated by well-funded and highly skilled threat actors. In some cases, they’re even backed by governments: North Korea, Russia and China have all been caught orchestrating APT attacks in the past two years. APTs differ from traditional cyber threats, which are more persistent, targeted, and sophisticated.