Threat Detection

Spotting Log4j traffic in Kubernetes environments

May 10, 2022 By Stan Kiefer In Corelight

Editor’s note: This is the latest in a series of posts we have planned over the next several weeks where we explore topics such as network monitoring in Kubernetes, using sidecars to sniff and tunnel traffic, show a real-world example of detecting malicious traffic between containers, and more! Please subscribe to the blog, or come back for more each week.

Read Post

Corelight

Read more about Spotting Log4j traffic in Kubernetes environments

Datadog on Detecting Threats using Network Traffic Flows

May 9, 2022 By Datadog In Datadog

At Datadog’s scale, with over 18,000 customers sending trillions of data points per day, analyzing the volume of data coming in can be challenging. One of the largest log sources internally at Datadog are networking logs. Being able to analyze and make sense of them is critical to keep Datadog secure. To help with the task, we have built a flow analysis pipeline that alerts against network level Indicators of Compromise (IOCs) like IP address, port combinations, and data exchanged.

View Video

Datadog

Read more about Datadog on Detecting Threats using Network Traffic Flows

Network evidence for defensible disclosure

May 5, 2022 By Richard Bejtlich In Corelight

What do I say if my team discovers a breach of our digital assets? This is a question that requires understanding “defensible disclosure,” a term first employed in the statistical, medical, legal, and financial communities.* Understanding what this term means and how to live up to its expectations is key in an age where organizations regularly handle intrusions and, sometimes, suffer breaches.

Read Post

Corelight

Read more about Network evidence for defensible disclosure

Unify endpoint and network evidence

Apr 29, 2022 By Corelight In Corelight

Unmanaged endpoints, vendor security appliances, cloud instances, and IoT devices often lack endpoint protection, creating hiding places that attackers exploit. Using Humio to correlate Falcon endpoint data with Corelight network evidence improves detection capabilities for all of your devices, and makes investigators and hunters faster.

View Video

Corelight

Read more about Unify endpoint and network evidence

What does XDR mean for your organization?

Apr 29, 2022 By Corelight In Corelight

As one of the hottest new buzzwords in the infosec space, XDR means many things to many people. This talk will discuss all of the possible components of an XDR solution through the lens of SOC operations, laying out the pros and cons of various approaches such as SaaS vs on-premise, specialized vs general tooling, etc. for organizations of different size, funding, and maturity levels. Best practice suggestions will be provided throughout, from general principles to specific integration code.

View Video

Corelight

Read more about What does XDR mean for your organization?

CrowdStrike Introduces Adversary-Focused CNAPP Capabilities Designed to Secure and Protect Cloud Applications from Sophisticated Threats

Apr 28, 2022 By CrowdStrike In CrowdStrike

Falcon platform offers cloud security with agent-based and agentless protection, which provides organizations the flexibility they need to secure their cloud environments.

Read Post

CrowdStrike

Read more about CrowdStrike Introduces Adversary-Focused CNAPP Capabilities Designed to Secure and Protect Cloud Applications from Sophisticated Threats

Sidecars for network monitoring

Apr 21, 2022 By Al Smith In Corelight

Monitoring container traffic and extracting rich security-centric metadata provides SOC analysts an inviolable source of truth for threat detection and incident investigation. This data complements the deep visibility provided by container agents and broad visibility through monitoring audit logs.

Read Post

Corelight

Read more about Sidecars for network monitoring

Network Evidence For XDR

Apr 20, 2022 By Corelight In Corelight

XDR - Extended detection and response - promises to integrate data from any source to stop today's sophisticated and often automated attacks. The key is: Which source? Register for this exclusive session for insights on why network evidence must be a key part of your XDR strategy. Topics to be discussed include how to: Walk away with new ideas on how to stay ahead of ever-changing attacks by using a data-first strategy for detection and response.

View Video

Corelight

Read more about Network Evidence For XDR

Why Managed Detection and Response is a Key Component to any Security Plan

Apr 20, 2022 By Trustwave In Trustwave

The overnight move to remote and hybrid work models instantly created a more complex infrastructure for many organizations as they shifted their workers from corporate offices to their homes. The threat surface expanded exponentially as devices moved off-prem and into potentially unsecured environments and grew again as workers added their own devices to the mix.

Read Post

Trustwave

Read more about Why Managed Detection and Response is a Key Component to any Security Plan

Understanding Suspicious User Types With UEBA

Apr 19, 2022 By Logsign Team In Logsign

The cybersecurity threat landscape is evolving rapidly. Hackers and other malicious users are becoming increasingly sophisticated in their attack methods, rendering traditional security tools obsolete. Modern cybercriminals will use any means to break into firewalls, send emails with infected attachments, or even bribe employees to share login credentials. Businesses in all industries must identify and implement comprehensive IT security tools and strategies to protect their valuable assets.

Read Post