Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

November 2021

Corelight

Situational awareness for CISA FECB playbooks

Nov 30, 2021 By Jean Schaffer In Corelight

CISA recently released a set of playbooks for the Federal Civilian Executive Branch (FCEB) to provide improved cybersecurity incident response (IR) and vulnerability response. As was demonstrated by the SolarWinds SUNBURST attack in December 2020, coordination and reporting across the FCEB continues to be a challenge. Adding to this challenge is the situation where agencies have differing playbooks on how to handle confirmed malicious cyber activity where a major incident has been identified.

Read Post

SANS 2021 Ransomware Detection and Incident Response Report

Nov 22, 2021 By Corelight In Corelight
Ransomware attacks have become some of the most prolific and public intrusions over recent years. Within a matter of hours, organizations can go from normal operations to having an inoperable network and being extorted for tens of millions of dollars. On this webcast, SANS instructor and author Matt Bromiley, as well as sponsor representatives, will share their thoughts on modern detection and response techniques for ransomware breaches
View Video

Stopping IOT Attacks using NDR

Nov 22, 2021 By Corelight In Corelight
Unmanaged endpoints like IoT devices represent a significant and growing risk surface. Network Detection and Response (NDR) solutions monitor network traffic to generate rich security evidence that enables asset inventory, vulnerability assessment and threat monitoring. In this presentation, experts from Corelight and Microsoft will walk you through how it works and how it can improve your security posture.
View Video
Corelight

Corelight & Microsoft Defender for IoT: Through an XDR lens

Nov 16, 2021 By Brian Dye In Corelight

What is the XDR paradox? It’s the hottest term in security but there is no consensus yet on the right definition. Why is that? Many organizations have deployed EDR and are benefiting from it, but also looking to the gaps that EDR can’t address such as unmanaged / compromised devices or network-centric TTPs. Likewise, many vendors of EDR/SIEM products have realized they have the same general workflow (analyze data, present an alert, triage it, etc).

Read Post
Corelight

Detecting CVE-2021-42292

Nov 10, 2021 By Corelight Labs Team In Corelight

On its surface, CVE-2021-42292 doesn’t look like the kind of vulnerability that a network-based tool can find reliably. Marked by Microsoft as a local file format vulnerability, security veterans would expect that between encryption and encoding, there would be a million different ways to evade network detection with a weaponized exploit.

Read Post
Corelight

Expanded Suricata detections with Dtection.io

Nov 4, 2021 By Alex Kirk In Corelight

One of the most common questions that Corelight customers and prospects who are using our Suricata integration ask is “what signatures should I run?” While our answer has always started with the industry-standard Emerging Threats Pro feed, we recognize that other feeds - like the ones from Crowdstrike or private industry groups - often make excellent additions to the ET Pro set.

Read Post
Corelight

Microsoft + Corelight partner to stop IoT attacks

Nov 2, 2021 By Ed Smith In Corelight

When you hear the term “Internet of Things,” (IoT) do you picture home devices like lightbulbs, smart assistants, and wifi-connected refrigerators? Perhaps you think of enterprise devices like video conferencing systems, smart sensors, or security cameras? Or maybe traditional office equipment like VoIP phones, printers, and smart TVs come to mind. No matter what devices you imagine, IoT represents an ever-expanding attack surface.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.