Over the last several years, Managed Security Service Providers (MSSP) have evolved, and some have started offering Managed Detection and Response (MDR) services as part of their overall security solution. However, an MSSP lacking MDR capability simply cannot provide the same level of security, particularly in today’s quickly changing environment that has seen remote and hybrid work become the norm.

When it comes to powerful integrations, AT&T Cybersecurity leads the way. We understand that customers want solutions that bring together visibility, response, orchestration, analytics, reporting, and more. As the attack surface continues to grow, AT&T continues to look for ways to stay ahead of threats, and one of the ways we do this is through our integrations with strategic partners in the form of new Advanced AlienApps.

Iranian government-sponsored advanced persistent threat (APT) actors are exploiting known Microsoft and Fortinet vulnerabilities to attack targets with ransomware in the transportation, healthcare and public health sectors, according to an alert issued on Nov. 17 by the Cybersecurity and Infrastructure Security Agency (CISA).

What is the XDR paradox? It’s the hottest term in security but there is no consensus yet on the right definition. Why is that? Many organizations have deployed EDR and are benefiting from it, but also looking to the gaps that EDR can’t address such as unmanaged / compromised devices or network-centric TTPs. Likewise, many vendors of EDR/SIEM products have realized they have the same general workflow (analyze data, present an alert, triage it, etc).

On its surface, CVE-2021-42292 doesn’t look like the kind of vulnerability that a network-based tool can find reliably. Marked by Microsoft as a local file format vulnerability, security veterans would expect that between encryption and encoding, there would be a million different ways to evade network detection with a weaponized exploit.

We believe, a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position vendors within the market, but rather more commonly outlines attributes of representative vendors that are providing offerings in the market to give further insight into the market itself. We feel the Gartner Market Guide helps organizations learn about the below.

One of the most common questions that Corelight customers and prospects who are using our Suricata integration ask is “what signatures should I run?” While our answer has always started with the industry-standard Emerging Threats Pro feed, we recognize that other feeds - like the ones from Crowdstrike or private industry groups - often make excellent additions to the ET Pro set.

When you hear the term “Internet of Things,” (IoT) do you picture home devices like lightbulbs, smart assistants, and wifi-connected refrigerators? Perhaps you think of enterprise devices like video conferencing systems, smart sensors, or security cameras? Or maybe traditional office equipment like VoIP phones, printers, and smart TVs come to mind. No matter what devices you imagine, IoT represents an ever-expanding attack surface.