Threat Detection


What is an Intrusion Detection System (IDS)? + Best IDS Tools

An intrusion detection system (IDS) is a software application or hardware device that detects vulnerability exploits, malicious activity, or policy violations. IDSs place sensors on network devices like firewalls, servers, and routers, or at a host level. Once the IDS detects any cyber threats, the system will either report this information to an administrator or a security information and event management (SIEM) system collects it centrally.


Take the Corelight challenge: Splunk's Boss of the SOC

Looking for some threat hunting and incident response practice that's more game than work? Check out the new Capture the Flag (CTF) challenges from Corelight, now available on Splunk’s Boss of the SOC (BOTS) website - just in time for.conf! Our two on-demand BOTS modules will show you how Corelight data in Splunk can accelerate your processes and help analysts spend more time analyzing and less time fumbling with queries and gluing together data sources.


Splunk and Mandiant: Formidable Defense Against Attackers

The security landscape is ever-changing, intensified by more sophisticated threats, and an increasing number of employees working from home leading to an expanding attack surface. Security professionals are tasked with maintaining a secure environment against a plethora of threats, manifested in thousands of alerts and events that are generated by security controls every day.


What's Behind the "+" in SOCVue+

Most of us are happy just knowing that a technology works, not necessarily how it works. But the details behind the enhancements we’ve made in the Cygilant SOCVue+ platform are too good not to share because of the benefits that they deliver to our customers. In our recent announcement, we touched on a few of the technical aspects of these enhancements.


Extend Threat Visibility With Humio's Integration With CrowdStrike's Indicators of Compromise (IOCs)

An indicator of compromise (IOC) is a piece of digital forensics that suggests that an endpoint or network may have been breached. The ability to monitor for indicators of compromise is critical to a comprehensive cybersecurity strategy, bringing improved detection accuracy and speed, along with faster remediation times.


XDR, What is it? Does everyone agree? What is Real Impact vs. Hype?

With so many overlapping and self-serving definitions of XDR (Extended Detection and Response), we thought we would provide a perspective from some of us on the front lines of trying to embrace technology innovation while filtering vendor marketing noise. We agree with several industry analysts covering the space that XDR is a vendor push with no real customer demand, but the problem spaces within XDR are of significant customer interest.


The meaning behind XDR: A beginner's guide to extended detection and response

In the world of threat detection and response, alert fatigue and tool sprawl are real problems. Security professionals are struggling to manage different tools and control points and still relying on manual processes, which results in security that is fragmented and reactive. Analysts need better visibility and control, more context, and better use of automation so they can cut through the noise and respond to threats faster and more effectively.