Threat Detection

Monitoring your AWS environment for vulnerabilities and threat detection

Jan 13, 2022 By Sumo Logic In Sumo Logic

Managing the security of your Amazon Web Services (AWS) environment requires constant vigilance. Your strategy should include identifying potential threats to your environment and proactively monitoring for vulnerabilities and system weaknesses that malicious actors might exploit. In a complex environment—such as your AWS account with a multitude of services, coupled with various architectures and applications—the ideal solution should be both comprehensive and straightforward.

Read Post

Sumo Logic

Read more about Monitoring your AWS environment for vulnerabilities and threat detection

Introducing ATT&CK Detections Collector

Jan 3, 2022 By Marcus LaFerrera In Splunk

The Splunk SURGe team loves to automate and simplify mundane tasks. Through rapid response blogs, we provide context and analysis on late breaking security events that affect everyone, not just Splunk customers. We are firm believers that through shared knowledge and experience we can help the masses better understand the threat landscape and how they can improve their security posture.

Read Post

Splunk

Read more about Introducing ATT&CK Detections Collector

Security strategy for the next Log4Shell

Dec 22, 2021 By Brian Dye In Corelight

Last week I had the privilege to be in Washington, DC talking to a group of defenders. I heard a clear pattern of words: “data-driven,” “telemetry-first,” and “visibility”.

Read Post

Corelight

Read more about Security strategy for the next Log4Shell

A Review of Log4Shell Detection Methods

Dec 22, 2021 By The Veracode Research Team In Veracode

Ever since the public exploit of the Log4Shell remote code execution (RCE) vulnerability became known on December 10, 2021, security teams have been scrambling to understand the risk to their environments. Part of that scramble has been to ascertain which tools are best positioned to help detect the vulnerability. Which approaches are most effective and where do they fall short?

Read Post

Veracode

Read more about A Review of Log4Shell Detection Methods

CrowdStrike Adds New Strategic Partners to Groundbreaking CrowdXDR Alliance

Dec 20, 2021 By CrowdStrike In CrowdStrike

Security telemetry from across technology partners Cloudflare, Armis and ThreatWarrior will fuel the fastest and most effective threat detection and response capabilities at scale.

Read Post

CrowdStrike

Read more about CrowdStrike Adds New Strategic Partners to Groundbreaking CrowdXDR Alliance

Detecting Log4j exploits via Zeek when Java downloads Java

Dec 18, 2021 By Corelight Labs Team In Corelight

We have published an initial blog on the Log4j exploit and a followup blog with a second detection method for detecting the first stage of exploits occurring over LDAP. Today, we will discuss a third detection method, this one focused on the second-stage download that happens after the first stage completes. In this case, the JVM will download additional Java code payloads over HTTP.

Read Post

Corelight

Read more about Detecting Log4j exploits via Zeek when Java downloads Java

CrowdStrike APAC Named Frost & Sullivan Endpoint Security Industry Company of the Year and was also recognized as a Customers' Choice by Gartner

Dec 17, 2021 By CrowdStrike In CrowdStrike

As today's adversaries become more sophisticated, only CrowdStrike provides full, automated protection across endpoints, cloud workloads, identity and data without impacting performance and end-user productivity.

Read Post

CrowdStrike

Read more about CrowdStrike APAC Named Frost & Sullivan Endpoint Security Industry Company of the Year and was also recognized as a Customers' Choice by Gartner

Arctic Wolf Cloud Detection and Response

Dec 17, 2021 By Arctic Wolf In Arctic Wolf

Cloud Detection and Response protects you from key cloud threats like account and business email compromise, ransomware, suspicious resource usage, and phished credentials. Arctic Wolf's Concierge Security® Team continually reviews your cloud posture and works to harden your environment over time. The cloud has changed the way we work. Accelerate your cloud transformation and have confidence your business is secure with Arctic Wolf Cloud Detection and Response.

View Video

Arctic Wolf

Read more about Arctic Wolf Cloud Detection and Response

Detecting Log4j via Zeek & LDAP traffic

Dec 16, 2021 By Corelight Labs Team In Corelight

We recently discussed some methods for detecting the Log4j exploit, and we’ve now developed another method that everyone running Zeek® or a Corelight sensor can use. Our new approach is based on the rarity of legitimate downloads of Java via LDAP. Zeek does not currently have a native LDAP protocol analyzer (though one is available if you are running Spicy). This will not stop you from detecting this exploit downloading Java over LDAP, though. To see how, read on.

Read Post