Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Picture this: Your organization has been planning for a conference. The IT admin team needs to make sure network security is intact throughout the conference, since a secure and well-connected network defines the event’s success. But, according to a recent study by Statista, the global average cost of data breach cost between May 2020 and 2023 was $4.45 million That’s a hefty price tag for compromised data, and it highlights the critical role of robust data security measures in organizations.

Security operations centers (SOCs) play a vital role in detection, containment and mitigation of today’s advanced cyber attacks. SoC teams are also responsible for proactively hunting for threats, and improving the organization’s overall security posture. Modern SOC analysts struggle with alert fatigue.

Being a security analyst tracking down threats can feel like being the Wile E. Coyote to an attacker’s Road Runner. You’re fast, but they’re faster. You set up alerts, but they still manage to get past your defenses. You’re monitoring systems, but they’re still able to hide their criminal activities.

Orphaned users SQL Server arise when a database user is associated with a login in the master database that no longer exists and should be removed. This situation can happen when the login is removed or when the database is transferred to a different server lacking the corresponding login. The SQL Server logins existing on a server instance can be seen through the sys.server_principals catalog view and the sys.sql_logins compatibility view.

We are excited to announce a significant enhancement to our Entity Enrichment integration with CrowdStrike Falcon: the 1-Click Response action. This new feature empowers SOC analysts to isolate a host directly from Corelight Investigator, leveraging enriched context and point-in-time evidence to make informed, rapid decisions during security incidents.

Threat actors are constantly updating their tactics, techniques and procedures (TTPs). In response, security teams must also continue to evolve their ability to detect the latest threats to avoid exploitation of security gaps that can result in costly breaches. This process, called detection engineering, refers to the method of fine-tuning security technologies to better detect malicious activity.

In this edition of Corelight’s Hunt of the Month blog, we bring you a STRRAT malware detector. In recent months STRRAT has become one of the top malware families submitted to Any.Run’s malware sandbox: STRRAT is a Java-based remote access tool (RAT) that uses a plugin architecture to provide full remote access to an attacker, as well as credential stealing, key logging, and additional plugins.

RSA 2024 is a wrap. After multiple conversations with security leaders and partners on the show floor and during different sessions and happy hours, it’s time to look back and reflect on the biggest takeaways from the conference.