Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Comprehensive visibility into network protocols is a hallmark of Zeek (and therefore Corelight) data. That's why we are very happy to announce that with our v27.2 release we are supporting a new analyzer for the LDAP protocol. You likely know LDAP as a workhorse for carrying directory information across the network. While it's an open standard, it's most often seen as part of several server implementations, especially Microsoft's Active Directory, OpenLDAP, and others.

Corporate IT infrastructure has become crucial to the success of the modern business. Disruption in the availability of corporate applications and services will impact employee productivity and business profitability. Companies are responsible for the resiliency of their own IT systems and this includes ensuring the constant availability of critical business applications for employees, customers, and partners.

As organizations respond to an ever-evolving set of security threats, network teams are scrambling to find new ways to keep up with numerous standards and regulations to dodge their next compliance audit violation. Can this nightmare be avoided? Yes, and it’s not as complex as one might think if you take a “compliance first” approach.

Ensuring employees operate securely regardless of location has grown in importance over the last several years as the number of people working remotely has exploded. These workers are most likely operating within a software-defined wide area network (SD-WAN). They use SD-WAN to work with data that is now processed more and more in many different cloud services.

According to the Cloud Security Alliance, the average large enterprise has 946 custom applications deployed. Traditionally, organizations deployed Web Application Firewalls (WAF), which provide visibility and enforce security controls on external traffic that passes through them, at the perimeter to protect these applications against external attacks.

The past three years have been challenging in many ways for the retail industry, and this uncertain reality isn’t going anywhere. The industry continues to face challenges; the cost-of-living and energy crisis, and expected period of economic downturn, are understandably unsettling for all sectors, with retail particularly hard hit in a recessionary period.

Managed NDR is network detection and response (NDR) combined with an outsourced SOC (Security Operations Center) monitoring and response layer. The meaning of “managed” in managed NDR will vary from provider to provider. Some managed NDR services will remediate threats for you, while others will stop at alerting and assisting your internal IT team. Similarly, the capabilities of the “NDR” part of managed NDR will also differ depending on who offers it.

In our new threat briefing report, Forescout’s Vedere Labs provides details on the recent ransomware campaign targeting VMware ESXi virtualization servers, or hypervisors, and analyzes two payloads used in these attacks: variants of the Royal and Clop ransomware. We also present the tactics, techniques and procedures (TTPs) used by attackers in this campaign, discuss mitigation recommendations and list indicators of compromise (IOCs) that can be used for detection or threat hunting.