Extended Detection and Response (XDR) is the latest buzz word in the security industry and garnering significant attention. Industry analysts each have their own definition. Meanwhile, security vendors are quickly jumping on the bandwagon, recasting their products as XDR solutions. And it’s safe to assume many more will unveil XDR products in the months ahead.
In recent months, we’ve seen a sharp rise in software supply chain attacks that infect legitimate applications to distribute malware to users. SolarWinds, Codecov and Kesaya have all been victims of such attacks that went on to impact thousands of downstream businesses around the globe. Within minutes of these high-profile attacks making headline news, CEOs often ask: “Should we be concerned? How is it impacting us? What can we do to mitigate risk?” .
Every breach starts as a compromise that goes unnoticed and unactioned, often because existing security devices have too many events, too little context and cannot prioritize. Providing these systems with threat intelligence is the lowest cost and most effective way to improve contextualization and blocking of new attacks.
As a powerful search engine, Elasticsearch provides various ways to collect and enrich data with threat intel feeds, while the Elastic Security detection engine helps security analysts to detect alerts with threat indicator matching. In this blog post, we’ll provide an introduction to threat intelligence and demonstrate how Elastic Security can help organizations establish robust cyber threat intelligence (CTI) capabilities.
The SANS 2021 Top New Attacks and Threat Report is now available for download, covering the security trends and top threats to watch for as the world emerges from the pandemic. Presented at the SANS threat expert panel discussion held during the RSAConference 2021 Virtual Experience, the top attack category the report highlights is supply chain attacks – and with good reason.
I previously talked about how to get started with a threat intelligence program, which is the cornerstone to any security operation. Such a program enables security teams to gain a deeper understanding of adversaries and their tactics, techniques and procedures (TTPs), in order to determine what is relevant to the organization and how to mitigate risk.
Earlier this year, Gartner published its latest research on the Security Orchestration, Automation and Response (SOAR) market in a report entitled, “Is Your Organization Mature Enough for SOAR?”. We’ve been talking to clients about this very subject and agree with Gartner that SOAR tools can increase SecOps efficiency and consistency, provided organizations have laid the proper groundwork.
Threat intelligence provides valuable insight into contextual business risk. You can gain insight into threat actors targeting your industry or information from your organization located on the Dark Web. According to one report, 79% of security professionals find threat data feeds essential to their organization’s cybersecurity posture. Additionally, 63% of respondents noted that they use feeds to ensure a better defense.
Incidents of ransomware have been increasing and evolving steadily for years as financially motivated adversaries shift tactics when one is no longer profitable. Unfortunately, many organizations haven’t been able to adapt their security operations to keep up. Back in 2019, 60% of organizations told ESG that they experienced a ransomware attack that year, with 29% reporting that attacks happened at least on a weekly basis.
