Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

What is the difference between traditional antivirus and EDR?

The multiplicity of devices and the need to access network resources from anywhere has blurred the traditional security perimeter and extended it beyond the office, making endpoint security an essential pillar of a company's cybersecurity strategy. Both antivirus (AV) and endpoint detection and response (EDR) solutions are designed to secure devices. However, these solutions provide very different levels of protection.

CVE-2022-31199: Truebot Malware Campaign Actively Exploiting Netwrix Auditor RCE Vulnerability

On the 6th of July 2023, a joint advisory was published by CISA, the FBI, and CCCS (Canadian Center for Cyber Security) warning of a malware campaign actively exploiting a Remote Code Execution (RCE) vulnerability in Netwrix Auditor (CVE-2022-31199) for initial access.

Truebot Malware: SafeBreach Coverage for US-CERT Alert (AA23-187A)

On July 6th, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Multi-State Information Sharing and Analysis Center (MS-ISAC), and the Canadian Centre for Cyber Security (CCCS) released an advisory highlighting the newly identifying Truebot malware variants. Truebot (also known as Silence Downloader) is a botnet that has been used by the CL0P ransomware gang to collect and exfiltrate stolen target victim information.

Unlocking the Potential of UEBA With Logsign

In today's cybersecurity landscape, traditional security tools alone are inadequate in protecting organizations from advanced threats like data breaches, insider risks, and more. To effectively address these challenges, organizations require a comprehensive solution with UEBA (user and entity behavior analytics) capabilities. Let's discover the benefits of UEBA, and the unparalleled impact Logsign’s Unified Security Operations Platform has on UEBA.

See it in action: Privacy-first generative AI with Elastic

Get a look at the power of Elasticsearch and generative AI (GAI) in action — always putting privacy first and safeguarding your proprietary data. Several examples show off the art of the possible, with intuitive, personalized results you can’t achieve with just publicly available data.

Peeping Through Windows (Logs): Using Sysmon & Event Codes for Threat Hunting

If you have been reading our hunting series, you may have noticed that many threat hunting techniques center on network-centric data sources. Thus far, we have yet to speak about the big kahuna in our hunting tool chest. We are rectifying that right here, right now: we are going to talk about Microsoft Sysmon! In this article, we’re looking at using Sysmon to hunt for threats in endpoints.We’ll highlight some of the most valuable places to start hunting in your Windows logs.