How Fidelis Elevate Achieves Active Threat Detection

Modern security teams face a dual challenge: they’re bombarded with alerts while still missing critical signals that indicate real threats. Fidelis Active Threat Detection tackles this problem by correlating weak signals across multiple phases of attacks, transforming them into actionable intelligence. Let’s examine the technical mechanics behind this capability within the Fidelis Elevate platform.

Building a Ransomware Response Plan with Fidelis Elevate XDR: Technical Guide

Ransomware attacks are projected to occur every 2 seconds by 2031, up from every 11 seconds in 2021. Organizations paid approximately $813.55 million to ransomware groups in 2024. Email remains the primary attack vector, with malicious attachments twice as common as phishing links. Organizations with compromised backups face $3M average recovery costs, with 45% requiring more than a month to recover. Active ransomware groups increased 55% from Q1 2023 (29) to Q1 2024 (45).

RVTools Supply Chain Attack Delivers Bumblebee Malware

Arctic Wolf has recently observed the distribution of a trojanized RVTools installer via a malicious typosquatted domain. The domain matches the legitimate domain, however, the Top Level Domain (TLD) is changed from.com to.org. RVTools is a widely used VMware utility for inventory and configuration reporting, developed by Robware. Once the malicious installer was downloaded, the installer attempts to make outbound connections to known command and control infrastructure.

Introducing Modern SecOps, a more realistic alternative to the "autonomous SOC"

I’ve always had a love-hate relationship with traditional SOC. Many SOC teams do great work within this structure. But there are also serious issues with the three-tier model - it’s rigid, costly, and unsustainable for any company that isn’t a large enterprise. In the push to address these limitations, the concept of an “autonomous SOC” has emerged, with some vendors already claiming to offer fully autonomous solutions.

The Rise of Identity-Based Attacks and How Deception Can Help

Identity-based attacks have become the predominant vector for sophisticated threat actors targeting enterprise networks, particularly those using Microsoft Active Directory. Active Directory (AD), which serves as the authentication and authorization framework in over 90% of organizations, represents a critical attack surface that, when compromised, provides adversaries with extensive capabilities for lateral movement, privilege escalation, and data exfiltration.

Amazon SES monitoring: Detect phishing campaigns in the cloud

Amazon Simple Email Service (Amazon SES) is a cloud-based provider for sending transactional, marketing, and newsletter emails. Because of its role as a source of communication for organizations, Amazon SES has become a primary tool for phishing campaigns. Our latest threat roundup includes a key finding that Amazon SES is a common target in the initial stages of a cloud control plane attack.

Four common misconceptions about using AI in security operations

At this stage in AI's evolution, we’ve all heard the big promises - and overpromises - from vendors. But what about the people on the front lines of security operations? How are real practitioners feeling about using AI in their day-to-day work? In a recent webinar with guest speaker Allie Mellen, Principal Analyst at Forrester Research, we dug into how AI is actually being adopted in the SOC - what’s working, what’s not, and what's getting lost in the noise.

Surging Without Slowing: How We Mastered Japan's Golden Week Traffic Spike

Japan’s Golden Week is one of the most anticipated holiday seasons in the region, but for IT and network operations teams it’s a well-known pressure test. As businesses reopen after a full shutdown, millions of workers log in simultaneously at 9:00 AM local time, creating an intense and rapid traffic surge. At Cato Networks, we’ve come to anticipate this moment each year. But this time, our goal wasn’t just to ‘handle it’.

A Sting on Bing: Bumblebee delivered through Bing SEO poisoning campaign

Bumblebee is a downloader malware which has become known for its sophistication and effectiveness. The malware was first discovered in 2022 and was believed to be a tool for ransomware groups due to the developer’s close ties with Conti. Since then, it has been used in various attacks and has been delivered through multiple methods, including phishing emails, malicious documents, and SEO poisoning.