Threat Detection

Endpoint Detection and Response - you need it on mobile devices too

Oct 10, 2022 By Hank Schless In AT&T Cybersecurity

Welcome to the final episode in our blog series focused on Mobile Endpoint Security. The first two episodes detailed the protections necessary to secure data accessed by remote workers (Endpoint security and remote work) and best practices for combating the threat of ransomware 5 ways to prevent Ransomware attacks).

Read Post

AT&T Cybersecurity

Read more about Endpoint Detection and Response - you need it on mobile devices too

Better Together with CrowdStrike and Proofpoint

Oct 5, 2022 By CrowdStrike In CrowdStrike

CrowdStrike and Proofpoint have partnered to provide joint customers with an innovative approach to handling threats, offering enhanced security postures from email to the device itself. CrowdStrike and Proofpoint are focused on the shared vision of protecting people and their devices from today’s most sophisticated threats.

View Video

CrowdStrike

Read more about Better Together with CrowdStrike and Proofpoint

Threat hunt with network evidence with endpoint telemetry

Oct 5, 2022 By Corelight In Corelight

Corelight and Microsoft show the power of combining network evidence with endpoint telemetry using Defender365 and Sentinel to analyse, investigate, and understand the full breadth of an attack. During the session, we dive straight into the technology and how it can be applied using a simulated attack Demo.

View Video

Corelight

Read more about Threat hunt with network evidence with endpoint telemetry

The Power of Open-Source Tools for Network Detection & Incident Response

Oct 4, 2022 By Corelight In Corelight

When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivaled source of evidence and visibility. Open source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.

View Video

Corelight

Read more about The Power of Open-Source Tools for Network Detection & Incident Response

Privilege Escalation with DCShadow

Oct 4, 2022 By Jeff Warren In Netwrix

DCShadow is a feature in the open-source tool mimikatz. In another blog post, we cover without detection once they’ve obtained admin credentials. But DCShadow can also enable an attacker to elevate their privileges. How can a Domain Admin elevate their access even higher? By obtaining admin rights in other forests. Leveraging SID History, an attacker can add administrative SIDs to their user account and obtain admin level rights in other trusted domains and forests.

Read Post

Netwrix

Read more about Privilege Escalation with DCShadow

Corelight Investigator: Ready for Europe

Oct 4, 2022 By Sara Shuman In Corelight

This summer, we launched Investigator, Corelight’s SaaS-based network detection and response (NDR) solution that fuses rich network evidence with machine learning and other security analytics to unlock powerful threat hunting capabilities and accelerate analyst workflows. Today, we are pleased to share that the Investigator platform is engaged in attestation for GDPR to support customer threat hunting and incident response operations across Europe.

Read Post

Corelight

Read more about Corelight Investigator: Ready for Europe

Detecting the Manjusaka C2 framework

Sep 29, 2022 By Corelight Labs Team In Corelight

Security practitioners may know about common command-and-control (C2) frameworks, such as Cobalt Strike and Sliver, but fewer have likely heard of the so-called Chinese sibling framework “Manjusaka” (described by Talos in an excellent writeup). Like other C2 frameworks, we studied the Manjusaka implant/server network communications in our lab environment, and here we document some of the detection methods available. We have also open-sourced the content we describe.

Read Post

Corelight

Read more about Detecting the Manjusaka C2 framework

Cloud Insecurities - How to threat hunt in hybrid and multi cloud environments

Sep 27, 2022 By Corelight In Corelight

Amidst a record number of workloads moving to the cloud – security teams must not only confront the cyber-skills shortage, but also a general lack of cloud expertise. Corelight and guest Forrester will share best practices for building threat detection, hunting, and incident response capabilities to the cloud and upskilling your existing SecOps team. Watch this on demand webcast to learn.

View Video

Corelight

Read more about Cloud Insecurities - How to threat hunt in hybrid and multi cloud environments

[Demo Video] Corelight + CrowdStrike Falcon XDR

Sep 26, 2022 By Corelight In Corelight

See how Corelight + CrowdStrike Falcon XDR correlates suspicious telemetry from across attack surfaces to show the full picture of adversary activity, and accelerate detection and response.

View Video

Corelight

Read more about [Demo Video] Corelight + CrowdStrike Falcon XDR

How to Defend Against Threats with Falcon Intelligence

Sep 20, 2022 By CrowdStrike In CrowdStrike

In this video, we will review a Falcon Intelligence use case and see how intelligence automation can help improve incident investigation times and your organization's overall security posture.

View Video