Threat Detection

From Data to Deployment: How Human Expertise Maximizes Detection Efficacy Across the Machine Learning Lifecycle

Oct 27, 2022 By Calin Miron - Liviu Arsene In CrowdStrike

Security is a data problem. One of the most touted benefits of artificial intelligence (AI) and machine learning (ML) is the speed at which they can analyze potentially millions of events and derive patterns out of terabytes of files. Computational technology has progressed to the point where computers can process data millions of times faster than a human could.

Read Post

CrowdStrike

Read more about From Data to Deployment: How Human Expertise Maximizes Detection Efficacy Across the Machine Learning Lifecycle

Improve Response in the Threat Detection Response Equation - Webinar

Oct 24, 2022 By Torq In Torq

Operationalizing data at the same scale it’s collected is vital, yet 55% of organizations surveyed by analyst firm ESG said they don’t have the skills or the time to create automations or playbooks to manage all threat data at machine speed. @Enterprise Strategy Group ESG and @Torq will explore the landscape of EDR and XDR systems and show how teams can approach the challenges of operationalizing the threat data they provide with different approaches to automation.

View Video

Torq

Read more about Improve Response in the Threat Detection Response Equation - Webinar

"Easy" button for cloud NDR visibility

Oct 18, 2022 By Todd Morneau In Corelight

As organizations continue to rapidly adopt cloud services, they struggle to expand network detection and response (NDR) capabilities to their hybrid and multi-cloud environments. Network visibility is critical for security operations center (SOC) teams to secure their cloud environments and ensure they can elevate threat detection and incident investigation capabilities. However, traditional NDR solutions require management, configuration and often lack the security context needed.

Read Post

Corelight

Read more about "Easy" button for cloud NDR visibility

How to Reduce False Positives in Data Leak Detection - UpGuard

Oct 13, 2022 By Edward Kost In UpGuard

According to a 2021 study by UpGuard, over 51% of analyzed Fortune 500 companies were unknowingly leaking sensitive metadata in public documents - data leaks that could be very useful in a reconnaissance campaign preceding a major data breach. Without timely detection solutions, all corporate (and personal) accounts impacted by data leaks are at a critical risk of compromise, which also places any associated private internal networks at a high risk of unauthorized access and sensitive data theft.

Read Post

UpGuard

Read more about How to Reduce False Positives in Data Leak Detection - UpGuard

BOD 23-01: Better visibility to reduce risk

Oct 10, 2022 By Jean Schaffer In Corelight

“Knowing what’s on your network is the first step for any organization to reduce risk.” -CISA Director, Jen Easterly. On October 3, the Cybersecurity and Infrastructure Security Agency (CISA) issued Binding Operational Directive (BOD) 23-01: Improving Asset Visibility and Vulnerability Detection on Federal Networks.

Read Post

Corelight

Read more about BOD 23-01: Better visibility to reduce risk

Endpoint Detection and Response - you need it on mobile devices too

Oct 10, 2022 By Hank Schless In AT&T Cybersecurity

Welcome to the final episode in our blog series focused on Mobile Endpoint Security. The first two episodes detailed the protections necessary to secure data accessed by remote workers (Endpoint security and remote work) and best practices for combating the threat of ransomware 5 ways to prevent Ransomware attacks).

Read Post

AT&T Cybersecurity

Read more about Endpoint Detection and Response - you need it on mobile devices too

Better Together with CrowdStrike and Proofpoint

Oct 5, 2022 By CrowdStrike In CrowdStrike

CrowdStrike and Proofpoint have partnered to provide joint customers with an innovative approach to handling threats, offering enhanced security postures from email to the device itself. CrowdStrike and Proofpoint are focused on the shared vision of protecting people and their devices from today’s most sophisticated threats.

View Video

CrowdStrike

Read more about Better Together with CrowdStrike and Proofpoint

Threat hunt with network evidence with endpoint telemetry

Oct 5, 2022 By Corelight In Corelight

Corelight and Microsoft show the power of combining network evidence with endpoint telemetry using Defender365 and Sentinel to analyse, investigate, and understand the full breadth of an attack. During the session, we dive straight into the technology and how it can be applied using a simulated attack Demo.

View Video

Corelight

Read more about Threat hunt with network evidence with endpoint telemetry

The Power of Open-Source Tools for Network Detection & Incident Response

Oct 4, 2022 By Corelight In Corelight

When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivaled source of evidence and visibility. Open source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.

View Video

Corelight

Read more about The Power of Open-Source Tools for Network Detection & Incident Response

Privilege Escalation with DCShadow

Oct 4, 2022 By Jeff Warren In Netwrix

DCShadow is a feature in the open-source tool mimikatz. In another blog post, we cover without detection once they’ve obtained admin credentials. But DCShadow can also enable an attacker to elevate their privileges. How can a Domain Admin elevate their access even higher? By obtaining admin rights in other forests. Leveraging SID History, an attacker can add administrative SIDs to their user account and obtain admin level rights in other trusted domains and forests.

Read Post