|
By Daniel Ballmer
This blog was originally published on MSSP Alert on September 20, 2024 Cybersecurity platformization is usually discussed as it relates to large organizations. But cybersecurity service businesses stand to benefit as much from platformization as enterprises — if not more so.
|
By Christopher Luft
October brought another round of enhancements to LimaCharlie, strengthening your security operations toolkit. Let's dive into the latest features and improvements we've rolled out, plus get a preview of upcoming events.
|
By Daniel Ballmer
The second most popular OS in today’s business environment, macOS, is often neglected in cybersecurity discussions. This is likely due to Windows OS holding a dominant share (72.1%) of the global workstation market and Linux (4.03%) running critical parts of IT infrastructure. This often leaves macOS excluded from the conversation.
|
By Daniel Ballmer
Security spending is losing momentum with a third of CISOs reporting flat or reduced budgets this year. These numbers come from a recent annual survey of 755 cybersecurity decision-makers conducted by IANS Research. Decreased spending in the face of growing cyberattacks put pressure on security leaders to find better ways to optimize their processes. Fortunately, CISOs are discovering solutions for this problem by following the tried-and-true tactics of simplification, consolidation, and innovation.
|
By Daniel Ballmer
The SecOps Cloud Platform (SCP) helps managed security service providers (MSSPs) improve their response times in several ways. Here is an overview of the most significant use cases.
The platform approach in cybersecurity is gaining traction. However, it’s becoming clear that two very different models of platformization are in play. In this piece, we’ll talk about platformization in cybersecurity, the two major approaches to security platforms, and what it all means for the future of cybersecurity.
|
By Eric Capuano
As a security professional, you know that the ability to swiftly and effectively respond to threats is crucial. In this post, we’ll explore how LimaCharlie, a SecOps Cloud Platform, can help automate comprehensive Incident Response (IR) workflows, including forensic triage acquisition, evidence processing, and forensic timeline generation.
|
By Christopher Luft
This session of Defender Fridays highlighted the importance of enterprise security monitoring. As cyber threats become more complex, the ability to detect and respond to them is crucial for modern business operations. Wes discussed various tools that help collect and analyze data from both networks and user endpoints, clarifying the limitations of TLS interception and concluded by recommending a blend of network and endpoint visibility for a comprehensive and robust security strategy. Links.
|
By Christopher Luft
LimaCharlie introduces a new bi-directional integration platform enhancement, which allows for two-way data flows that streamline detection and response processes while eliminating reliance on third-party automation applications.
|
By Lacey Kasten
In a 'Defender Fridays' live session, Greg Martin, CEO of Ghost Security, revisited the early days of Anomali (formerly ThreatStream), emphasizing its pivotal role in threat intelligence platform (TIP) evolution. He shared the importance of meticulously managing and validating Indicators of Compromise (IoCs) to maintain their relevance and impact, advocating for a blend of automation and manual oversight to keep threat intelligence agile and effective.
|
By LimaCharlie
In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.
|
By LimaCharlie
Watch this week's Defender Fridays with John Tuckner, Founder of Secure Annex, as we explore browser extensions and the risks they pose to your organization. Learn, share, and grow alongside industry experts in information security.
|
By LimaCharlie
Justin Bollinger, Principal Security Consultant at TrustedSec, discussed his research and mitigation guidance on ADCS ESC15 (CVE-2024-49019), also known as EKUwu, a vulnerability in Microsoft's Active Directory Certificate Services.
|
By LimaCharlie
On this episode of The Cybersecurity Defenders Podcast we talk about running and MDR company with Joshua Sitta, Co-Founder and CTO at Sittadel.
|
By LimaCharlie
Johan Berggren, Staff Security Engineer at Google, joined Defender Fridays to discuss OpenRelik - an OSS platform designed for collaborative digital forensic investigations.
|
By LimaCharlie
When securing your own, or your customers’ environments, the power of integration goes far beyond data. It unites platforms, tools, and services to achieve stronger, more efficient security operations. LimaCharlie’s SecOps Cloud Platform, coupled with Microsoft’s robust security ecosystem, can help you deliver detection and response capabilities across Microsoft’s ecosystem. It helps you build stronger security for a fraction of the cost of traditional approaches.
|
By LimaCharlie
On this episode of The Cybersecurity Defenders Podcast we examine how AI is revolutionizing compliance with Dr. Gaurav Banga, CEO of Balbix.
|
By LimaCharlie
On this episode of The Cybersecurity Defenders Podcast we speak with Rich Heimann, AI researcher and author.
|
By LimaCharlie
Lennart Koopmann, founder of nzyme, joins Defender Fridays to discuss the future of network monitoring.
|
By LimaCharlie
Adrian Sanabria, security researcher, joins Defender Fridays to discuss AI red teaming.
- November 2024 (6)
- October 2024 (8)
- September 2024 (14)
- August 2024 (9)
- July 2024 (9)
- June 2024 (11)
- May 2024 (11)
- April 2024 (12)
- March 2024 (9)
- February 2024 (14)
- January 2024 (3)
- November 2023 (3)
- October 2023 (4)
- September 2023 (2)
- August 2023 (6)
- July 2023 (4)
- June 2023 (2)
- May 2023 (5)
- April 2023 (9)
- March 2023 (7)
- February 2023 (7)
- January 2023 (7)
- December 2022 (6)
- November 2022 (6)
- October 2022 (9)
- September 2022 (6)
- August 2022 (6)
- July 2022 (4)
- June 2022 (6)
- May 2022 (4)
- April 2022 (3)
- March 2022 (6)
- February 2022 (3)
- January 2022 (3)
- December 2021 (5)
- November 2021 (6)
- October 2021 (3)
- September 2021 (4)
- August 2021 (9)
LimaCharlie gives security teams full control over how they manage their security infrastructure. Get full visibility into your coverage, build what you want, control your data, get the security capabilities you need, for however long you need them, and pay only for what you use.
LimaCharlie Sensors enable organizations to collect relevant security telemetry, logs and artifacts in real-time from any source and process that data at wire speed using a universal detection, response and automation engine. Use signature based detections, your favourite threat feed or subscribe to curated detection rules.
An engineering approach to cybersecurity:
- Endpoint detection & response: Respond to threats at wire speed and create powerful automations. Leverage solutions custom designed for your environment and control your security posture without having to rely on external vendors.
- Software-defined networking: Secure and monitor network access to your endpoints by providing advanced instrumented Zero Trust VPN access. LimaCharlie’s Secure Access Service Edge (SASE) makes secure remote networking easy and affordable.
- Windows Event Log monitoring: Gain the ability to capture and analyze Windows Event Logs (WEL) in real-time. Ingested WEL are indexed along common indicators of compromise and run through the Detection & Response engine.
- File & registry integrity monitoring: LimaCharlie's File & Registry Integrity Monitoring capability allows you to monitor specific file path patterns and registry patterns for changes.
- Monitoring cloud deployments: Secure your cloud using LimaCharlie’s advanced Sensor technology. Run in a VM, Docker, or as a privileged container in Kubernetes. Optimize your costs with fine-grained event collection control, autoscaling and automated sensor culling.
- YARA scanning at scale: Various YARA scanning methods are available. Run a scan on any given endpoint or continuously across the entire fleet in a way that does not impact performance. Pull YARA signatures from Github repositories and other sources, both private and public.
- Cutting edge detections: Leverage the work of best-in-class professionals with an unparalleled cost efficiency. Subscribe to threat feeds and curated detection rules. Easily write your own custom rules and apply them instantly to your entire fleet.
- Log and artifact monitoring: Ingest logs, or any file type, from any source and run them through the detection, automation and response engine. One year of full telemetry storage included - not just detections or select entries, but all endpoint, network, and external logs telemetry.
Detect and respond on everything.