Threat Detection

The Importance of Speed During Detection and Response: Iranian-Backed Hackers Targeting U.S. Companies with Ransomware

Nov 17, 2021 By Darren Van Booven In Trustwave

Iranian government-sponsored advanced persistent threat (APT) actors are exploiting known Microsoft and Fortinet vulnerabilities to attack targets with ransomware in the transportation, healthcare and public health sectors, according to an alert issued on Nov. 17 by the Cybersecurity and Infrastructure Security Agency (CISA).

Read Post

Trustwave

Read more about The Importance of Speed During Detection and Response: Iranian-Backed Hackers Targeting U.S. Companies with Ransomware

Corelight & Microsoft Defender for IoT: Through an XDR lens

Nov 16, 2021 By Brian Dye In Corelight

What is the XDR paradox? It’s the hottest term in security but there is no consensus yet on the right definition. Why is that? Many organizations have deployed EDR and are benefiting from it, but also looking to the gaps that EDR can’t address such as unmanaged / compromised devices or network-centric TTPs. Likewise, many vendors of EDR/SIEM products have realized they have the same general workflow (analyze data, present an alert, triage it, etc).

Read Post

Corelight

Read more about Corelight & Microsoft Defender for IoT: Through an XDR lens

Detecting CVE-2021-42292

Nov 10, 2021 By Corelight Labs Team In Corelight

On its surface, CVE-2021-42292 doesn’t look like the kind of vulnerability that a network-based tool can find reliably. Marked by Microsoft as a local file format vulnerability, security veterans would expect that between encryption and encoding, there would be a million different ways to evade network detection with a weaponized exploit.

Read Post

Corelight

Read more about Detecting CVE-2021-42292

ThreatQuotient Launches ThreatQ v5 to Support the SOC of the Future with Key Data Management Capabilities

Nov 9, 2021 By ThreatQuotient In ThreatQuotient

ThreatQ's data-driven approach, open integration architecture and balanced automation empowers teams to work faster and more thoroughly when defending against evolving threats.

Read Post

ThreatQuotient

Read more about ThreatQuotient Launches ThreatQ v5 to Support the SOC of the Future with Key Data Management Capabilities

Understanding The 2021 Gartner Market Guide for Managed Detection and Response Services

Nov 9, 2021 By Brian Burke In Arctic Wolf

We believe, a Market Guide defines a market and explains what clients can expect it to do in the short term. With the focus on early, more chaotic markets, a Market Guide does not rate or position vendors within the market, but rather more commonly outlines attributes of representative vendors that are providing offerings in the market to give further insight into the market itself. We feel the Gartner Market Guide helps organizations learn about the below.

Read Post

Arctic Wolf

Read more about Understanding The 2021 Gartner Market Guide for Managed Detection and Response Services

LogSentinel Webinar: Security Monitoring Beyond Logs

Nov 8, 2021 By LogSentinel In LogSentinel

ℹ FACT: #SIEM is a primary tool for security monitoring. ℹ ANOTHER FACT: SIEM is considered a failure in #detecting and responding to #threats. In this video, Bozhidar Bozhanov, CEO of LogSentinel, will explain why is SIEM important, and how to make use of it in terms of data protection, data breach prevention, threat detection, and response.

View Video

LogSentinel

Read more about LogSentinel Webinar: Security Monitoring Beyond Logs

Arctic Wolf Cloud Detection and Response

Nov 8, 2021 By Arctic Wolf In Arctic Wolf

The cloud has changed the way we work. Accelerate your cloud transformation and have confidence your business is secure–with Arctic Wolf Cloud Detection and Response. Built atop the cloud-native Arctic Wolf platform, Cloud Detection and Response allows you to experience an effective way to secure activity across both infrastructure as a service platforms–like AWS, Microsoft Azure, and Google Cloud Platform, and applications–such as Microsoft 365, Salesforce, Google Workspace, Box, and Workday.

View Video

Arctic Wolf

Read more about Arctic Wolf Cloud Detection and Response

Expanded Suricata detections with Dtection.io

Nov 4, 2021 By Alex Kirk In Corelight

One of the most common questions that Corelight customers and prospects who are using our Suricata integration ask is “what signatures should I run?” While our answer has always started with the industry-standard Emerging Threats Pro feed, we recognize that other feeds - like the ones from Crowdstrike or private industry groups - often make excellent additions to the ET Pro set.

Read Post

Corelight

Read more about Expanded Suricata detections with Dtection.io

Microsoft + Corelight partner to stop IoT attacks

Nov 2, 2021 By Ed Smith In Corelight

When you hear the term “Internet of Things,” (IoT) do you picture home devices like lightbulbs, smart assistants, and wifi-connected refrigerators? Perhaps you think of enterprise devices like video conferencing systems, smart sensors, or security cameras? Or maybe traditional office equipment like VoIP phones, printers, and smart TVs come to mind. No matter what devices you imagine, IoT represents an ever-expanding attack surface.

Read Post

Corelight

Read more about Microsoft + Corelight partner to stop IoT attacks

XDR marketing is fueling the cybersecurity problem for businesses

Nov 1, 2021 By Ian McShane, Field CTO In Arctic Wolf

If there is one positive we can take from the last sixteen months, it is businesses embracing a more flexible working culture for their employees. Fundamental changes to the traditional nine-to-five working day means that many companies, in part, have already successfully transformed some of their operations to meet the demands of a new hybrid working world that is now very much the norm.

Read Post