Analytics

Devo Security Operations - Threat Hunting

Feb 13, 2020 By Devo In Devo

Threat hunting is an essential component of any defense strategy and with Devo Security Operations, threat hunting is easily accomplished. The threat hunting module in Security Operations enables analysts to quickly find evidence of adversaries within their network.

View Video

Devo

Read more about Devo Security Operations - Threat Hunting

Devo Security Operations - Alert Triage

Feb 13, 2020 By Devo In Devo

Security Operations improves SOC operations, from identification to response, by allowing analysts to gain complete visibility, reduce the noise, and focus on the threats that matter most. Instead of simply prioritizing alerts, Security Operations prioritizes what the analysts should investigate.

View Video

Devo

Read more about Devo Security Operations - Alert Triage

Devo Security Operations - Investigations

Feb 13, 2020 By Devo In Devo

Devo Security Operations arms the analyst with a solution that gives them total visibility into security incidents. The net effect is that adversaries are quickly rooted out and analysts become significantly more effective as they work on only the data that matters.

View Video

Devo

Read more about Devo Security Operations - Investigations

Playing defense against Gamaredon Group

Feb 13, 2020 By Daniel Stepanic In Elastic

For several months, the Intelligence & Analytics team at Elastic Security has tracked an ongoing adversary campaign appearing to target Ukranian government officials. Based on our monitoring, we believe Gamaredon Group, a suspected Russia-based threat group, is behind this campaign. Our observations suggest a significant overlap between tactics, techniques, and procedures (TTPs) included within this campaign and public reporting.

Read Post

Elastic

Read more about Playing defense against Gamaredon Group

Activeboards [9] - Bounded Queries

Feb 5, 2020 By Devo In Devo

Devo Activeboards enable users to realize valuable visual insights from large volumes of machine data. With so much data available, it is sometimes desirable to focus on specific data points or periods of data that may be particularly relevant. In this video we will discuss the tools available within Activeboards to accomplish this.

View Video

Devo

Analytics

Read more about Activeboards [9] - Bounded Queries

Announcing the latest version of Security Monitoring for Splunk App

Jan 27, 2020 By Derek King In Splunk

It’s been a while since I have had the pleasure of announcing a new version of Security Monitoring (September 2018), but today I am doing just that. There is nothing better to inspire spending your evenings coding and playing with Splunk than your partner watching shows that just don’t interest you! For my UK friends, yes ‘Love Island’ is that show and for my more international friends "look it up!". So, what updates did I bring?

Read Post

Splunk

Read more about Announcing the latest version of Security Monitoring for Splunk App

FUD-free analysis: Natural language processing (NLP)

Jan 21, 2020 By Joe Gray In AT&T Cybersecurity

If you follow me on Medium or Twitter, you may already be aware. Still, if you don’t (I assure you that you’re missing out), I have been researching several technologies in preparation for an OPSEC/Anti-OSINT tool that I am crafting. I am using this tool as a means to push myself harder to learn something new that I can apply professionally. I am also doing this to be able to make a positive difference in the world.

Read Post

AT&T Cybersecurity

Read more about FUD-free analysis: Natural language processing (NLP)

Mac system extensions for threat detection: Part 2

Jan 14, 2020 By Will Yu In Elastic

In the previous post, we covered some of the frameworks accessible by kernel extensions that provide information about file system, process, and network events. These frameworks included the Mandatory Access Control Framework, the KAuth framework, and the IP/socket filter frameworks. In this post, we will go into the various tips and tricks that can be used in order to obtain even more information regarding system events.

Read Post

Elastic

Read more about Mac system extensions for threat detection: Part 2

Embracing offensive tooling: Building detections against Koadic using EQL

Jan 13, 2020 By Daniel Stepanic In Elastic

This year at BSidesDFW, my local security conference, I highlighted a continuing trend of adversaries using open source offensive tools. The talk reviewed one of these post-exploitation frameworks named Koadic and walked through different ways defenders can build behavioral detections through the use of Event Query Language (EQL).

Read Post

Elastic

Read more about Embracing offensive tooling: Building detections against Koadic using EQL

The Role of Technology in the Modern SOC

Jan 6, 2020 By Jason Mical In Devo

Recently, Security Boulevard published an article I wrote about the role technology plays in the modern security operations center (SOC). It’s a topic near to my heart, since I began working in SOCs back when we were known as “computer incident response teams” (CIRT). Over the years, I’ve seen a lot of outstanding technologies hit the market that have contributed greatly to improving security teams’ ability to identify, investigate and respond to threats.

Read Post

Devo

Read more about The Role of Technology in the Modern SOC

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Analytics

Devo Security Operations - Threat Hunting

Devo Security Operations - Alert Triage

Devo Security Operations - Investigations

Playing defense against Gamaredon Group

Activeboards [9] - Bounded Queries

Announcing the latest version of Security Monitoring for Splunk App

FUD-free analysis: Natural language processing (NLP)

Mac system extensions for threat detection: Part 2

Embracing offensive tooling: Building detections against Koadic using EQL

The Role of Technology in the Modern SOC

Monthly Archive

Follow Us