Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

March 2022

Corelight

VPNs are increasingly common - how much can you see?

Mar 24, 2022 By Vince Stoffer In Corelight

VPN tunnels are like shipping containers in that they are widely used (especially as the pandemic has moved more of the workforce to remote work), and they can be used to carry traffic for legitimate as well as malicious purposes. Establishing a tunnel between corporate offices, remote workers, or partners to transfer data is a legitimate and common use for VPNs.

Read Post

SANS 2022 Cloud Security Survey

Mar 23, 2022 By Corelight In Corelight
The state of cloud security is evolving. Many organizations are implementing new and more advanced cloud security services that offer cloud-focused controls and capabilities, including services and tools that provide network connectivity and security for end users and office locations, security monitoring and policy controls, and identity services, among others.
View Video

[Webcast] Defending against nation-state actors

Mar 23, 2022 By Corelight In Corelight
With the threat of Russian cyberattacks on the rise, it’s essential for defenders of critical infrastructure to pressure test their cyber defense capabilities. In this webcast, Corelight's Alex Kirk reviews the specific techniques, tactics, and procedures that defenders should monitor in order to identify and disrupt attacks in their environment. Alex has a long and storied career as a cybersecurity professional, including a recent volunteer engagement training Ukrainian cyberdefenders this past fall.
View Video

SANS 2022 Ransomware Defense Report

Mar 11, 2022 By Corelight In Corelight
The years 2020 and 2021 were undoubtedly the years of ransomware. Threat actors wasted no time taking advantage of the chaos caused by the COVID-19 pandemic, launching attacks that netted millions (if not billions) of dollars in extortion fees and leaked a record amount of data from victim organizations. On this webcast, we will look at how ransomware defenses have changed from 2020 through 2022. The webcast will also explore ransomware threat actor changes, current trends, and how to implement defenses against those trends.
View Video
Corelight

Know your environment: Tenable/Corelight integration for prioritized IDS alerts

Mar 10, 2022 By Alex Kirk In Corelight

One of the major causes of alert fatigue for SOCs is a class of alerts that fall in between false positives and useful detections: when an actual attack has been launched, and the detection is working correctly, but the host on the receiving end is not vulnerable, guaranteeing that the attack will fail.

Read Post
Corelight

One SIEM is not enough?

Mar 3, 2022 By Brian Dye In Corelight

The idea behind the SIEM (and now XDR!) technologies was to provide a single engine at the heart of the SOC, aggregating data, enabling analytics and powering workflow automation. The SIEM would act as one place to train analysts and integrate a range of complementary technologies and processes. Given the efficiency that comes from centralization, I was surprised to hear that a growing number of defenders are actually using two SIEMs. Why is that?

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.