%term

Open NDR static file analysis powered by YARA

Dec 10, 2024 By Corelight In Corelight

Enhance utility of evidence Identify malicious files from network activity and derive the right context without increasing false positives Improve detection coverage Analyze large volumes of files for detecting threats that can be missed by EDR Drive tool consolidation Consolidate tools and eliminate the need for file extraction, storage and custom scripts.

View Video

Corelight

Read more about Open NDR static file analysis powered by YARA

How YARA rules can complement NDR for malware detection

Dec 10, 2024 By Cynthia Gonzalez In Corelight

The Verizon 2024 Data Breach Investigations Report found that system intrusion is the leading attack pattern for the third consecutive year, accounting for 36% of breaches. System intrusion largely consists of a threat actor using hacking techniques and malware to infiltrate the victim organization. Following a successful intrusion, the attacker continues on a multi-stage process: The longer an attacker remains undetected, the greater their opportunity to find a target and extract data.

Read Post

Corelight

Read more about How YARA rules can complement NDR for malware detection

It's Typhoon Season: Attackers are deliberately evading EDR. What can you do about it?

Dec 6, 2024 By Vince Stoffer In Corelight

Over the past year, several sophisticated cyber-espionage campaigns have grabbed the attention of our industry and challenged defenders and vendors alike with advanced tactics, techniques, and procedures (TTPs). One of the most visible campaigns is Volt Typhoon, named by the Microsoft threat intelligence team in May 2023 and attributed to Chinese state-sponsored threat actors.

Read Post

Corelight

Read more about It's Typhoon Season: Attackers are deliberately evading EDR. What can you do about it?

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Dec 2, 2024 By Sweet Security

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform. With Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure.

Read Post

Read more about Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Artificial Intelligence in Cybersecurity: Threat or Advantage?

Nov 25, 2024 By SecuritySenses In SecuritySenses

In today's hyperconnected world, cybersecurity stands as the first line of defense against the growing tide of cyber threats. With billions of devices connected globally, protecting sensitive information has never been more critical-or complex. Enter artificial intelligence (AI), a technological marvel capable of revolutionizing cybersecurity. But as with all powerful tools, AI is a double-edged sword. It holds incredible potential to bolster defenses yet can also amplify the capabilities of cybercriminals.

Read Post

SecuritySenses

Read more about Artificial Intelligence in Cybersecurity: Threat or Advantage?

Detecting Quasar Windows RAT

Nov 22, 2024 By Tillson Galloway In Corelight

Welcome to Corelight Labs' latest hunt! This blog continues our tradition of analyzing trending threat groups and TTPs on Any.Run and writing detectors for them, providing the community with open-source threat intelligence, and acting as a tutorial in engineering threat detections with Zeek Script.

Read Post

Corelight

Read more about Detecting Quasar Windows RAT

AI-Driven Cloud Detection Engineering: Turning Security Telemetry Into Action

Nov 13, 2024 By SecuritySenses In SecuritySenses

Amal Mammadov is a cloud security practitioner and detection engineering specialist whose work sits at the intersection of threat intelligence, cloud-native architecture, and security operations. In this interview, he outlines why most organisations are losing ground despite heavy security investments and what it actually takes to build detection programmes that produce outcomes.

Read Post

SecuritySenses

Read more about AI-Driven Cloud Detection Engineering: Turning Security Telemetry Into Action

Reduce time to triage by up to 50% with Corelight's new Guided Triage capability

Nov 12, 2024 By David Getman In Corelight

Security Operations Centers (SOCs) are under immense pressure to ensure no attack goes unnoticed. At Corelight, we’re being approached daily to help bring in network visibility. For many though, visibility isn’t enough. SOCs are already overloaded and Tier 1 Analysts often lack network expertise. Modern network visibility has to be easy to use and designed for maximizing SOC efficiency. For that, we built Guided Triage.

Read Post

Corelight

Read more about Reduce time to triage by up to 50% with Corelight's new Guided Triage capability

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Nov 11, 2024 By Sweet Security

Customers can now easily integrate Sweet's runtime detection and response platform into their AWS environments.

Read Post

Read more about Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Leveraging Custom IOC Feeds for Enhanced Threat Detection

Nov 6, 2024 By Andrea Napoli In Cato Networks

Indicators of Compromise (IOCs) are vital components in cybersecurity, representing digital clues or evidence that signal a potential security breach or malicious activity in a computer system or network. Think of them as the fingerprints left behind by cybercriminals during or after a cyber-attack. Examples of common IOCs are: Security teams use IOCs as red flags to identify and mitigate threats before they cause significant damage.

Read Post