Threat Detection

VPNs are increasingly common - how much can you see?

Mar 24, 2022 By Vince Stoffer In Corelight

VPN tunnels are like shipping containers in that they are widely used (especially as the pandemic has moved more of the workforce to remote work), and they can be used to carry traffic for legitimate as well as malicious purposes. Establishing a tunnel between corporate offices, remote workers, or partners to transfer data is a legitimate and common use for VPNs.

Read Post

Corelight

Read more about VPNs are increasingly common - how much can you see?

SANS 2022 Cloud Security Survey

Mar 23, 2022 By Corelight In Corelight

The state of cloud security is evolving. Many organizations are implementing new and more advanced cloud security services that offer cloud-focused controls and capabilities, including services and tools that provide network connectivity and security for end users and office locations, security monitoring and policy controls, and identity services, among others.

View Video

Corelight

Read more about SANS 2022 Cloud Security Survey

[Webcast] Defending against nation-state actors

Mar 23, 2022 By Corelight In Corelight

With the threat of Russian cyberattacks on the rise, it’s essential for defenders of critical infrastructure to pressure test their cyber defense capabilities. In this webcast, Corelight's Alex Kirk reviews the specific techniques, tactics, and procedures that defenders should monitor in order to identify and disrupt attacks in their environment. Alex has a long and storied career as a cybersecurity professional, including a recent volunteer engagement training Ukrainian cyberdefenders this past fall.

View Video

Corelight

Read more about [Webcast] Defending against nation-state actors

6 Steps to Defend Against Advanced Persistent Threats

Mar 16, 2022 By David Buster In Egnyte

The cybersecurity community uses the term Advanced Persistent Threats to refer to threats that have extremely long persistence on a particular target—often lurking inside a target system for years. Their targets can include government agencies (at all levels), including contractors and suppliers far down the supply chain. Due to their passive nature, you may not even realize that your organization is a target for an APT. In fact, your infrastructure may already be infiltrated.

Read Post

Egnyte

Read more about 6 Steps to Defend Against Advanced Persistent Threats

How to automate workflows with Falcon Fusion and Real Time Response

Mar 15, 2022 By CrowdStrike In CrowdStrike

In this video, we will see how CrowdStrike customers can leverage Falcon Fusion and Real Time Response to create robust automated workflows that can reduce the burden on security teams and help prevent breaches.

View Video

CrowdStrike

Read more about How to automate workflows with Falcon Fusion and Real Time Response

LimaCharlie partners with SOC Prime to deliver continuous content streaming of detections

Mar 15, 2022 By Christopher Luft In LimaCharlie

The cybersecurity landscape is shifting because it has to. The breadth of challenges facing defenders is vast and we are constantly reminded about how unpredictable security can be with zero-days such as the recent Log4Shell vulnerability. New tools and a community-based approach offer a way forward in the face of overwhelming complexity.

Read Post

LimaCharlie

Read more about LimaCharlie partners with SOC Prime to deliver continuous content streaming of detections

46 days vs. 16 minutes: Detecting emerging threats and reducing dwell time with machine learning

Mar 14, 2022 By Craig Chamberlain In Elastic

Machine learning (ML) detections are a powerful tool for detecting emerging threats when we don’t yet know what we’re looking for. The power of anomaly detection is the ability to detect and provide early warning on new threat activity for which rules, indicators, or signatures are not yet available.

Read Post

Elastic

Read more about 46 days vs. 16 minutes: Detecting emerging threats and reducing dwell time with machine learning

SANS 2022 Ransomware Defense Report

Mar 11, 2022 By Corelight In Corelight

The years 2020 and 2021 were undoubtedly the years of ransomware. Threat actors wasted no time taking advantage of the chaos caused by the COVID-19 pandemic, launching attacks that netted millions (if not billions) of dollars in extortion fees and leaked a record amount of data from victim organizations. On this webcast, we will look at how ransomware defenses have changed from 2020 through 2022. The webcast will also explore ransomware threat actor changes, current trends, and how to implement defenses against those trends.

View Video

Corelight

Read more about SANS 2022 Ransomware Defense Report

Know your environment: Tenable/Corelight integration for prioritized IDS alerts

Mar 10, 2022 By Alex Kirk In Corelight

One of the major causes of alert fatigue for SOCs is a class of alerts that fall in between false positives and useful detections: when an actual attack has been launched, and the detection is working correctly, but the host on the receiving end is not vulnerable, guaranteeing that the attack will fail.

Read Post

Corelight

Read more about Know your environment: Tenable/Corelight integration for prioritized IDS alerts

Real-Time Threat Detection in the Cloud

Mar 9, 2022 By Loris Degioanni In Sysdig

Organizations have moved business-critical apps to the cloud and attackers have followed. 2020 was a tipping point; the first year where we saw more cloud asset breaches and incidents than on-premises ones. We know bad actors are out there; if you’re operating in the cloud, how are you detecting threats? Cloud is different. Services are no longer confined in a single place with one way in or one way out.

Read Post