The Kroll Detection and Response Maturity Model analyses 1,000+ security programs from organisations around the world to identify their actual maturity, the ROI of mature programs and what security leaders can do to elevate their detection and response capabilities. The report leverages data uncovered in our The State of Cyber Defense 2023: The False-Positive of Trust, which looked at responses from 1,000 global security decision-makers.

With the changing security landscape, the most daunting task for the CISO and CIO is to fight an ongoing battle against hackers and cybercriminals. Bad actors stay ahead of the defenders and are always looking to find new vulnerabilities and loopholes to exploit and enter the business network. Failing to address these threats promptly can have catastrophic consequences for the organization.

What happens at the point in time when an organization’s information security is compromised? This blog explores an important paradigm shift that occurs at the very moment of compromise and that can be leveraged to turn the tables on the attackers.

During this year’s Black Hat in Las Vegas, I learned (or was reminded of) many lessons working alongside my Corelight colleagues and Black Hat Network Operations Center (NOC) teammates from Arista, Cisco, Lumen, NetWitness and Palo Alto Networks. The uniqueness of standing up a full security stack and NOC in such a short time with a team that comes together infrequently really forced me to consider how team processes and communication affect NOC/SOC efficiency and effectiveness.

The Corelight App for Splunk provides the foundation for organizations to boost SOC effectiveness and productivity by using Corelight data in Splunk. In this blog, I’ll walk through how the Corelight App leverages Splunk’s Common Information Model (CIM) to enhance users' search experience when they are using Corelight data.

Safeguarding an organization’s virtual realms has never been more important. Today, connectivity and data are the new currency. Yet, as technology advances, so do the malicious actors and their methods, constantly devising more unique and covert ways to breach defenses. Herein lies the role of detection engineering. Acting as the digital watchtower for organizations, detection engineering responds to known threats and continuously scans the horizon for the slightest hint of a potential breach.

In Part 1 of this series, we talked about some challenges with building sufficient coverage for detecting security threats. We also discussed how telemetry sources like logs are invaluable for detecting potential threats to your environment because they provide crucial details about who is accessing service resources, why they are accessing them, and whether any changes have been made.

Do you model Cyber Threats, depict likely attack scenarios via Attack Trees and provide those findings back in a succinct manner to those responsible for the risk(s)? Surely that’s for the proviso of large companies, with big budgets and oodles of staff? I hear you say… Perhaps, but any organisation large or small can start to model their Cyber Threats. Why?

Over the past few months, ransomware targeting healthcare organizations has been on the rise. While ransomware is nothing new, targeting healthcare organizations, at the extreme, can impact an organization’s ability to engage in anything from routine office visits to life-or-death diagnoses, treatments, and patient care.