Threat Detection

Fuel for Security AI

Apr 30, 2024 By Brian Dye In Corelight

The big idea behind Corelight has always been simple: ground truth is priceless. What really happened, both now and looking back in time. Whether it is used to detect attacks, investigate routine alerts, respond to new vulnerabilities or a full scale incident response, the constant is that ground truth makes everything in security better. We have no claim of authorship here. By contrast, we learn from the world’s most accomplished defenders through their use of Zeek® and Suricata®.

Read Post

Corelight

Read more about Fuel for Security AI

Webinar: Incorporating Digital Risk Exposure in Your Threat Detection Strategy

Apr 26, 2024 By Kroll In Kroll

Watch as Kroll experts Wojcieszek and Scott Hanson outline the key benefits of incorporating surface, deep and dark web intelligence into your threat detection and response plans. During the session, they discuss the top use cases of digital risk protection and the best approaches to mapping out and reducing your digital risk across all areas of the internet. They also outline how security teams can use this external threat intelligence to improve their threat detection and response efforts and get wider visibility across the attack lifecycle.

View Video

Kroll

Read more about Webinar: Incorporating Digital Risk Exposure in Your Threat Detection Strategy

Hunting the XZ Backdoor (CVE-2024-3094) | Threat SnapShot

Apr 26, 2024 By SnapAttack In SnapAttack

Welcome back to another episode of SnapAttack's Threat SnapShot! I’m AJ King, the Director of Threat Research here at SnapAttack. In today’s episode, I dive into detecting the XZ Backdoor, CVE-2024-3094, a sophisticated supply chain attack that could have had a massive impact on many Linux distributions.

View Video

SnapAttack

Read more about Hunting the XZ Backdoor (CVE-2024-3094) | Threat SnapShot

Hunting Impacket: Part 2

Apr 25, 2024 By SnapAttack In SnapAttack

Welcome back. This is part two of our blog series covering the Impacket example tools. Impacket is a collection of Python classes focused on providing tools to understand and manipulate low-level network protocols. This capability enables you to craft or decode packets of a wide variety of protocols such as IP, TCP, UDP, ICMP, and even higher-level protocols like SMB, MSRPC, NetBIOS, and others.

Read Post

SnapAttack

Read more about Hunting Impacket: Part 2

Streamlining Incident Response: How CrowdStrike Falcon EDR integration enhances threat detection

Apr 24, 2024 By Sahidya Devadoss In Corelight

In the ever-evolving landscape of cybersecurity threats, staying ahead requires more than just detection; it demands comprehensive correlation and analysis for informed decision-making. Understanding the context surrounding an alert is important to effectively mitigate risk. That's why we're thrilled to announce the integration of CrowdStrike Falcon EDR with Investigator, part of Corelight’s Open NDR Platform.

Read Post

Corelight

Read more about Streamlining Incident Response: How CrowdStrike Falcon EDR integration enhances threat detection

EDR - The Multi-Tool of Security Defenses

Apr 22, 2024 By Trustwave In Trustwave

This is Part 8 in my ongoing project to cover 30 cybersecurity topics in 30 weekly blog posts. The full series can be found here. If your organization has computers, and I’m sure it does, then it's likely it has an Endpoint Detection and Response (EDR) solution installed. Since the capabilities of EDR solutions have changed over the years, it’s recommended to re-evaluate the solution’s features periodically to ensure it is up to date.

Read Post

Trustwave

Read more about EDR - The Multi-Tool of Security Defenses

The Dark Side of EDR: Repurpose EDR as an Offensive Tool

Apr 19, 2024 By Shmuel Cohen In SafeBreach

Endpoint detection and response (EDR) solutions have become a key component of many enterprise endpoint security strategies, resulting in a forecasted market value close to $17 billion by 2030. This is due in no small part to the increase in remote work following the COVID-19 pandemic, the resulting bring-your-own-device (BYOD) trend in which employees use personal devices for work-related activities, and the constant evolution of cyber threats.

Read Post

SafeBreach

Read more about The Dark Side of EDR: Repurpose EDR as an Offensive Tool

Hunting Impacket: Part 1

Apr 11, 2024 By SnapAttack In SnapAttack

Impacket is a collection of Python classes focused on providing tools to understand and manipulate low-level network protocols. This capability enables you to craft or decode packets of a wide variety of protocols such as IP, TCP, UDP, ICMP, and even higher-level protocols like SMB, MSRPC, NetBIOS, and others.

Read Post

SnapAttack

Read more about Hunting Impacket: Part 1

Blackhat NOC: Findings from Europe & thoughts for Asia 2024

Apr 5, 2024 By Dustin Lee In Corelight

How quickly a year passes. 2023 was Corelight’s first year participating in the Black Hat Network Operations Center (NOC). It was a tremendous opportunity and responsibility in which we collaborated with teams from Cisco, Palo Alto Networks, Arista, Lumen, and NetWitness to keep events in Asia, Europe, and the US safe and functional for all attendees. As we speak, our team is gearing up for a repeat for Black Hat Asia 2024 in Singapore.

Read Post

Corelight

Read more about Blackhat NOC: Findings from Europe & thoughts for Asia 2024

Find Lurking Threats Early with Rubrik Threat Monitoring

Apr 4, 2024 By Rubrik In Rubrik

Your backup data hosts valuable information that can be used to identify potential attacks. In this demo, we will show you how Rubrik Threat Monitoring combines intelligence from third-party threat feeds with proprietary intelligence from Rubrik Zero Labs and Rubrik’s InfoSec team to automatically identify indicators of compromise (IOCs) within backup data.

View Video