Threat Detection

LimaCharlie Integrates with SnapAttack's Community Edition Powering Threat Detections

Dec 6, 2022 By Christopher Luft In LimaCharlie

LimaCharlie is pleased to announce an integration with SnapAttack’s Community Edition, a new offering from SnapAttack that gives organizations access to open-source intelligence objects and behaviorally-oriented detections developed by SnapAttack’s threat research team and highly skilled community researchers together with popular community tools, such as Atomic Red Team and Sigma.

Read Post

LimaCharlie

Read more about LimaCharlie Integrates with SnapAttack's Community Edition Powering Threat Detections

Zeek on Windows

Dec 5, 2022 By Tim Wojtulewicz In Corelight

As we shared at ZeekWeek 2022 in October, we’re thrilled to announce emerging support for Zeek on Windows, thanks to an open-source contribution from Microsoft. Part of its integration of Zeek into its Defender for Endpoint security platform, this contribution provides fully-native build support for Windows platforms and opens up a range of future technical possibilities in this vast ecosystem.

Read Post

Corelight

Read more about Zeek on Windows

CrowdStrike Falcon Platform Achieves 100% Detection and Protection Against MacOS Malware with Zero False Positives in Latest MacOS AV-TEST

Dec 1, 2022 By Sagar Gulhane - Brad Moon - Liviu Arsene In CrowdStrike

As organizations increasingly face malware attacks that target macOS, detecting and preventing attacks without disruption caused by false positives and false warning messages is increasingly important. That’s why we’re proud to share that the CrowdStrike Falcon® platform once again achieved 100% detection and prevention of macOS malware with ZERO false positives in the latest AV-TEST macOS evaluation.

Read Post

CrowdStrike

Read more about CrowdStrike Falcon Platform Achieves 100% Detection and Protection Against MacOS Malware with Zero False Positives in Latest MacOS AV-TEST

IoT/OT/ICS threats: Detecting vulnerable Boa web servers

Nov 30, 2022 By Corelight Labs Team In Corelight

On Nov. 22, 2022 Microsoft announced research findings about an ongoing supply chain attack against IoT devices running Boa web servers. The Boa web server, an open-source small-footprint web server suitable for embedded applications, was discontinued in 2005, but many software development kits still use this lightweight server on IoT hardware. Since being discontinued, vulnerabilities were discovered in Boa that make every version out there exploitable.

Read Post

Corelight

Read more about IoT/OT/ICS threats: Detecting vulnerable Boa web servers

Analyze security logs from Amazon Security Lake with Datadog

Nov 29, 2022 By Jordan Obey In Datadog

Amazon Security Lake allows customers to build security data lakes from integrated cloud and on-premises data sources as well as from their private applications. Directing your security telemetry into a unified data lake makes it easier to manage, analyze, and route security-log and event data to third-party SIEM solutions that leverage that telemetry.

Read Post

Datadog

Read more about Analyze security logs from Amazon Security Lake with Datadog

Protect Your Enterprise with Ecosystem Security

Nov 25, 2022 By IONIX

Cyberpion's Ecosystem Security platform enables security teams to identify and neutralize the rising threats stemming from vulnerabilities within the online assets throughout an enterprise's far-reaching, hyperconnected ecosystem.

Get White Paper

IONIX

Read more about Protect Your Enterprise with Ecosystem Security

Managed Detection and Response Buyer's Guide - Key Takeaways

Nov 23, 2022 By Kroll In Kroll

All organizations should have access to the skills needed to detect and contain threats. But typically, only the very largest enterprises can afford the millions in annual staff and infrastructure investments required to maintain a 24x7 Security Operations Center.

View Video

Kroll

Read more about Managed Detection and Response Buyer's Guide - Key Takeaways

Better detections with YARA + LimaCharlie (Part 1)

Nov 17, 2022 By Matt Bromiley In LimaCharlie

One of our core features at LimaCharlie is building an extensible platform that security teams can use to build a robust detection and response platform. One way we accomplish this is native integration with multiple types of detection engines and languages.

Read Post

LimaCharlie

Read more about Better detections with YARA + LimaCharlie (Part 1)

Trustwave Managed Detection & Response

Nov 11, 2022 By Trustwave In Trustwave

Don’t let complexity and cyber threats get in the way of moving your business forward. Trustwave Managed Detection and Response (MDR) is an industry-leading rapid threat detection and response service. We monitor, investigate, and respond to active threats to your business 24x7. Augment your team today with cyber experts for superior protection against the most sophisticated threats.

View Video

Trustwave

Read more about Trustwave Managed Detection & Response

Detecting 5 current APTs without heavy lifting

Nov 8, 2022 By Corelight Labs Team In Corelight

The Corelight Labs team prides itself on the ability to create novel Zeek and Suricata detection content that delves deep into packet streams by leveraging the full power of these tools. However this level of additional sophistication is not always required: sometimes there are straightforward approaches that only require queries over standard Zeek logs. It’s always valuable when developing detections to keep in mind that “sometimes simple does just fine.”

Read Post