Threat Detection

SANSFire: An Alert Has Fired. Now what?

Aug 24, 2021 By Corelight In Corelight

While the security industry spends a lot of time and energy getting more and/or better alerts, comparatively little investment has gone into helping analysts operationalize and contextualize those alerts. This webcast will discuss how a solid foundation of network telemetry can enable not only high-velocity, high-confidence processing of alerts of all stripes, but also a host of other critical security applications, from fundamentals like asset management to advanced techniques like proactive threat hunting. Real-world examples and code will be used throughout the talk, along with practical considerations for operating in an enterprise environment.

View Video

Corelight

Read more about SANSFire: An Alert Has Fired. Now what?

Sending Detections to a Slack Channel

Aug 20, 2021 By LimaCharlie In LimaCharlie

This video demonstrates how LimaCharlie users can configure an Organization to send detection telemetry into a Slack Channel.

View Video

LimaCharlie

Read more about Sending Detections to a Slack Channel

Detect security threats with anomaly detection rules

Aug 18, 2021 By Jordan Obey In Datadog

Securing your environment requires being able to quickly detect abnormal activity that could represent a threat. But today’s modern cloud infrastructure is large, complex, and can generate vast volumes of logs. This makes it difficult to determine what activity is normal and harder to identify anomalous behavior. Now, in addition to threshold and new term –based Threat Detection Rules , Datadog Security Monitoring provides the ability to create anomaly

Read Post

Datadog

Read more about Detect security threats with anomaly detection rules

LogSentinel Threat Detection Capabilities

Aug 12, 2021 By LogSentinel In LogSentinel

LogSentinel's Threat Detection Capabilities will help you detect insider and outsider attacks and threats in real-time. Data breach attempts can cost a considerable amount of money to some companies. But this can be easily avoided by leveraging LogSentinel's NextGen SIEM.

View Video

LogSentinel

Read more about LogSentinel Threat Detection Capabilities

Why social graphs won't save you from account takeover attacks

Aug 12, 2021 By Egress In Egress

Account takeover (ATO) is a dangerous form of business email compromise (BEC). Attackers gain access to a legitimate email account within an organisation, often by stealing credentials through spear phishing. They’ll then send emails from the compromised account with the goal of getting a fraudulent payment authorised or accessing sensitive data to exfiltrate.

Read Post

Egress

Read more about Why social graphs won't save you from account takeover attacks

Introducing Zeek

Aug 10, 2021 By Corelight In Corelight

Discover the power of the world’s best network security monitor, Zeek, and how Corelight makes it much simpler to use. Find out why elite defenders have used the evidence Zeek produces to accelerate their investigations, amplify their threat hunting capabilities, speed up analytics and more in this short intro.

View Video

Corelight

Read more about Introducing Zeek

Detecting Security Threats: How to Set up Alerts and Prevent Threats?

Aug 10, 2021 By LogSentinel In LogSentinel

Detecting and preventing security threats is a lot easier than fixing already existing ones. With this in mind, you should set up alerts to detect security threats before they occur and do your best to prevent them from happening. There are many ways to set up security alerts. One way to set up alerts is to use a SIEM system such as LogSentinel SIEM, which will send you an alert if something suspicious happens. This way, for example, if you notice a potential security breach, you can turn off your system network in order to prevent the hacker from accessing your network.

View Video

LogSentinel

Read more about Detecting Security Threats: How to Set up Alerts and Prevent Threats?

Corelight Smart PCAP

Aug 3, 2021 By Corelight In Corelight

Security teams can save up to 10x the packet retention period at 50% the cost compared to full packet capture! Sounds too good to be true, right? It’s not! With powerful, yet easy-to-use pcap levers we let security teams capture just the packets needed for investigations, and correlate them with our alerts and logs, and make packets 1-click retrievable. With Smart PCAP you get months, not days' worth of packet visibility.

View Video

Corelight

Read more about Corelight Smart PCAP

How to Spot C2 Traffic on Your Network

Jul 30, 2021 By Corelight In Corelight

Attackers often hide their command and control (C2) activity using techniques like encryption, tunneling in noisy traffic like DNS, or domain generation algorithms to evade blacklists. Reliably spotting C2 traffic requires a comprehensive network security monitoring capability like open source Zeek that transforms packets into connection-linked protocol logs that let analysts make fast sense of traffic. Corelight’s commercial NDR solutions generate this Zeek network evidence and also provide dozens of proprietary C2 insights and detections.

View Video

Corelight

Read more about How to Spot C2 Traffic on Your Network

A SANS 2021 Report Top New Attacks and Threat Report

Jul 30, 2021 By Corelight In Corelight

In the SANS 2021 Top New Attacks and Threat Report, John Pescatore provides insight into the threats highlighted during the SANS panel discussion at the 2021 RSA Conference. This webcast will include practical advice from the paper, including insights from SANS instructors Ed Skoudis, Heather Mahalik, Johannes Ullrich, and Katie Nickels on the critical skills, processes and controls needed to protect their enterprises from these advanced attacks.

View Video