Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

February 2022

Log4j: Separating the exploits from the noise

Attackers have already found thousands of potential ways to obfuscate their log4j attacks, which are sweeping the Internet at breakneck speed. SOCs protecting still-vulnerable assets have a duty to chase down every alert for it that pops up - which are coming in at a rate of tens or hundreds of thousands of times a day for larger enterprises. This webcast will covers how a data-driven strategy can automate that insurmountable task into a process that quickly reveals systems that actually responded to the attack - letting teams focus on the alerts that matter the most.

Acting on CISA's advice for detecting Russian cyberattacks

Given that active cyber warfare has broken out alongside Russia’s active invasion of Ukraine - from Russian wiper malware to Anonymous hacking Russian state TV - CISA’s recent “Shields Up” memo is a timely insight into some of the TTPs defenders of critical infrastructure should be keeping an eye out for. Let’s break down the four key areas outlined in the memo and examine ways they can be detected with network data.

Thinking Like a Threat Actor: Hunting the Ghost in the Machine

An advanced adversary has bypassed the perimeter defenses, moved inside the environment, and become a literal ghost in the machine, free to move from system to system.... searching for its next target. This is a scenario that every SOC fears, and it presents a daunting threat hunting challenge. But, as we will demonstrate, it doesn't have to.

Application Layer Infrastructure Visibility in IaaS

The migration to cloud provides faster time to deployment and elasticity, but often at some cost and complexity to infrastructure control and visibility. A concrete example we can use is a deployment of web servers with rational security group configuration, in light of the recent Log4Shell vulnerability. While limitations are similar in all IaaS environments, consider the following AWS architecture with focus on the web servers running on EC2 instances.

Securosis Webinar New Age Network Detection

New Age Network Detection: Keeping pace with the Evolution of Tech Infrastructure New approaches to network detection and response to address increasing attacker sophistication and cloud-based resources. How advances in analytics help organizations detect attacks in encrypted traffic and identify command and control traffic. The advantage of an open data approach is to integrate with existing detection capabilities.

XDR: The Importance of Network Technology

XDR is new to the marketplace, and there remains confusion about what it is - and is not. Alex Kirk of Corelight likes to dispel the myth that it's about endpoint security. "You've got to have the N," he says - network technology. In this interview, he dispels myths and expounds on possibilities. In this video interview with Information Security Media Group, Kirk discusses.

Government gets serious: deadlines for Zero Trust Architectures

Since the 1990s, the federal government has been issuing guidelines and recommendations for security via their 800-Series Special Publications. While some of those guidelines became mandates, things have largely inched forward, instead of making any dramatic leaps. OMB’s new memorandum M-22-09, “Moving the U.S. Government Towards Zero Trust Cybersecurity Principles,” is changing this pattern, and setting deadlines for implementation across the government.