Security orchestration, automation and response (SOAR) tools are most commonly known for automating manual security operations processes in order to expedite security investigations or cyber response. For instance, Splunk’s SOAR technology, Splunk Phantom, is most commonly used to automate alert triage, phishing investigation and response, threat hunting and vulnerability management.

In January and February of 2021, the threat actor called Hafnium used a number of post-exploitation tools after gaining access to Exchange servers through a zero-day exploit. One of their persistence methods was creating new user accounts in the domain, giving them the ability to log back into the network using normal authentication rather than use a web shell or continue to re-exploit the vulnerability (which has since been patched).

If you haven’t been living under a rock for the past few weeks, you've probably come across the recent Microsoft Exchange Server vulnerabilities and its associated exploits.Stop!!! The first thing you should do is to go and patch any Exchange servers you may be running, then you can come back and finish reading this blog. Microsoft's blog provides links to various tools to help in this regard.

Security teams tend to devote a considerable amount of time to investigating warnings that may or may not be "actual" attacks. A false positive occurs when a natural or non-threatening behavior is mistakenly interpreted as malicious. Thousands of warnings may need to be investigated as a result of this. If your security analysts are actively reviewing false warnings, they can spend a lot of time evaluating false alerts before they can start evaluating legitimate threats.

While bad actors have become more organized and sophisticated by refining their craft, they are not the only attackers a security professional needs to be concerned with in 2020. There are still opportunistic, less skilled hackers that utilize commoditized exploits. These attack strategies are made possible by leveraging resources that are highly profitable and simple to use, such as simple phishing kits or even ransomware-as-a-service (RaaS) tactics.

Not many things keep company executives and heads of federal agencies up at night like mega cyber breaches do. Mega cyber breaches are not only on the rise, but are also becoming increasingly costly to treat. IBM found that a mega-breach can cost an organization anywhere between $40 to a whopping $350 million. There are two variables contributing to mega breaches, and these variables are spread among most organizations.