Threat Detection

Shira Rubinoff at Blackhat with Israel Mazin, CEO and Chairman of Memcyco

Sep 28, 2023 By Memcyco In Memcyco

Amidst the electric atmosphere of the Black Hat conference, where cybersecurity luminaries converge to explore cutting-edge innovations, a spotlight shone on Memcyco's CEO, Israel Mazin. In a recent interview captured on film, Israel Mazin engaged in a dialogue with tech influencer and member of our advisory board, Shira Rubinoff. Together, they delved deep into Memcyco's paradigm-shifting product solutions that are challenging the status quo of the threat intelligence landscape.

View Video

Memcyco

Read more about Shira Rubinoff at Blackhat with Israel Mazin, CEO and Chairman of Memcyco

How Can Kill Webs Change Security Thinking?

Sep 21, 2023 By Richard Bejtlich In Corelight

In my previous article, I proposed ways that modern network-derived evidence applies to the cyber kill chain—a concept created by Eric Hutchins, Michael Cloppert, and Rohan Amin that changed how security teams approach defending their digital assets. This article focuses on an evolved, non-linear version of the kill chain called the “kill web.”

Read Post

Corelight

Read more about How Can Kill Webs Change Security Thinking?

Evolution of Real Time Attack Detection

Sep 21, 2023 By Wallarm

Attack detection is critical for most security solutions, whether we are talking about a load balancer-based (NIDS, WAF), host-based or in-application solutions (HIDS, RASP). Interestingly, regardless of the differences in architecture and data flow, most solutions use similar detection principles and techniques. We will explore how the detection architecture evolved over time and how the new generation of detection logic, such as the architecture implemented by Wallarm, is principally different from that of the legacy solutions.

Get White Paper

Wallarm

Read more about Evolution of Real Time Attack Detection

You Can't Win: Learning to Live with Security Pessimism

Sep 15, 2023 By Alex Reid, Product Architect In 11:11 Systems

Cybersecurity can, at times, feel like a thankless and invisible task. The punishment for a mistake is immediate and ruthless, the reward for success next to non-existent, because how do you recognise the absence of a breach? But this isn't a new scenario; the IT industry has dealt with this outlook for decades. The job of an IT department is to be invisible, but when something does go wrong all eyes are inevitably on them to fix it.

Read Post

11:11 Systems

Read more about You Can't Win: Learning to Live with Security Pessimism

Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

Sep 15, 2023 By Ben Reardon In Corelight

During Black Hat 2023 in Las Vegas, our Corelight team worked effectively and speedily with our first-rate Black Hat NOC partners Arista, Cisco, Lumen, NetWitness and Palo Alto Networks. I was fortunate enough to be a member of the NOC team at the show, helping to defend the Black Hat network. In this blog, I’ll share my experience within the Network Operations Center (NOC) as well as an incident that we detected, investigated, triaged, and closed using Corelight’s Open NDR Platform.

Read Post

Corelight

Read more about Black Hat NOC USA 2023: A tale of sharp needles in a stack of dull needles

Will today's security purchases stop tomorrow's deadliest threats?

Sep 14, 2023 By SafeBreach In SafeBreach

In the first installment of this three-part series based on our recent white paper, The Skeptic’s Guide to Buying Security Tools, we outlined an evidence-based approach to helping your organization justify a new security tool purchase. This included identifying where security gaps exist, if those gaps could be filled by existing tools, and—if not—how to evaluate potential tools that could help.

Read Post

SafeBreach

Read more about Will today's security purchases stop tomorrow's deadliest threats?

How Does the Kill Chain Apply to Network-Derived Evidence?

Sep 12, 2023 By Richard Bejtlich In Corelight

When Eric M. Hutchins, Michael J. Cloppert, and Rohan M. Amin published their paper “Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains” in late 2010, they changed the way security personnel thought about defending their digital assets. The paper continues to be a useful model for defense today. This article proposes ways that modern network-derived evidence applies to the kill chain.

Read Post

Corelight

Read more about How Does the Kill Chain Apply to Network-Derived Evidence?

Detecting Gozi Banking Malware

Sep 7, 2023 By Keith J. Jones In Corelight

As a principal security researcher on Corelight’s Labs team, I help to solve difficult network security research problems at scale. Corelight’s customers might recognize some of my work if you see the packages “VPN Insights” or “App ID” on your sensors. Outside of my day-to-day role, I have a hobby podcast called eCrimeBytes where we lightheartedly discuss an electronic crime case each week.

Read Post

Corelight

Read more about Detecting Gozi Banking Malware

Defending your castle: Raising walls versus detecting intruders

Aug 31, 2023 By Dwayne McDaniel In GitGuardian

Defend your digital assets in 2023 with modern strategies. From IaC scanning to secrets detection to honeytokens, strengthen your castle against evolving threats.

Read Post

GitGuardian

Read more about Defending your castle: Raising walls versus detecting intruders

SOC Visibility Triad, Why You Need NDR Alongside EDR

Aug 30, 2023 By Corelight In Corelight

Defenders face numerous challenges in their complex, ever-expanding environments. Good data or network truth shouldn't be one of them. As Corelight is the standard in the NDR market, we will explore how to pivot from NDR to several EDR tools. The demo will showcase popular tools and give analyst workflow examples and use cases. Speaker: Steven Swaim (Principal Federal Sales Engineer, Corelight)

View Video