Security analytics and automation

How to use Wireshark OUI lookup for network security

Wireshark OUI lookup helps cyber defenders, pen testers and red teams identify and target network endpoints -- and it can be accessed from any browser. Continue Reading

XDR definitions don't matter, outcomes do

Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023. Continue Reading

7 steps to implementing a successful XDR strategy

There's still confusion around what extended detection and response is, but it will play a key role in enterprise security. To successfully implement XDR, follow these steps. Continue Reading

Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading

Industrial control system security needs ICS threat intelligence

Threat actors and nation-states constantly try to find ways to attack all-important industrial control systems. Organizations need specialized ICS threat intelligence to fight back. Continue Reading

Cryptomining campaign abused free GitHub account trials

Cloud security vendor Sysdig uncovered the largest cryptomining operation it's ever seen as threat actors used free account trials to shift the costs to service providers. Continue Reading

Mandiant launches Breach Analytics for Google's Chronicle

Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month. Continue Reading

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading

VMware aims to improve security visibility with new services

Unveiled at VMware Explore, the company's new security services include Project Trinidad, Project Watch and Project Northstar. All three offer customer visibility enhancements. Continue Reading

Compare SAST vs. DAST vs. SCA for DevSecOps

SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from. Continue Reading

U.S. sanctions another cryptocurrency mixer in Tornado Cash

The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds. Continue Reading

Top 10 UEBA enterprise use cases

The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading

5G networks vulnerable to adversarial ML attacks

A team of academic researchers introduced an attack technique that could disrupt 5G networks, requiring new ways to protect against adversarial machine learning attacks. Continue Reading

11 open source automated penetration testing tools

From Nmap to Wireshark to Jok3r, these open source automated pen testing tools help companies determine how successful their security strategies are at protecting their networks. Continue Reading

8 benefits of DevSecOps automation

DevSecOps automation can help organizations scale development while adding security, as well as uniformly adopt security features and reduce remedial tasks. Continue Reading

EDR vs. XDR vs. MDR: Which does your company need?

Explore the differences and similarities between EDR vs. XDR vs. MDR and the role they play to help improve behavioral analysis for better threat response. Continue Reading

The benefits and challenges of managed PKIs

Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization. Continue Reading

What is cybersecurity mesh and how can it help you?

The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading

Government officials: AI threat detection still needs humans

At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection. Continue Reading

Zimperium acquired by Liberty Strategic Capital for $525M

Zimperium is the latest cybersecurity investment for Liberty Strategic Capital, a private equity firm founded by former Treasury Secretary Steven Mnuchin. Continue Reading

The benefits and challenges of SBOMs

While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading

Review Microsoft Defender for endpoint security pros and cons

Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading

Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading

How to use PKI to secure remote network access

Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading

Shifting security left requires a GitOps approach

Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed. Continue Reading

Pros and cons of manual vs. automated penetration testing

Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization. Continue Reading

Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading

Protect APIs against attacks with this security testing guide

API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading

How AI can help security teams detect threats

AI and machine learning are reshaping modern threat detection. Learn how they help security teams efficiently and accurately detect malicious actors. Continue Reading

Introduction to automated penetration testing

Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading

Cloud-native security architecture principles and controls

Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier. Continue Reading

Cybersecurity asset management takes ITAM to the next level

Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading

5 ways to automate security testing in DevSecOps

Read up on five areas of DevSecOps that benefit from security testing automation, such as code quality checking, web application scanning and vulnerability scanning. Continue Reading

The importance of automated certificate management

Managing the plethora of digital certificates can no longer be done in a spreadsheet by hand. Discover the importance of automated certificate management here. Continue Reading

Elastic Stack Security tutorial: How to create detection rules

This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading

Elastic Security app enables affordable threat hunting

New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading

Tools to conduct security chaos engineering tests

Security teams are becoming curious about how chaos engineering can benefit them. Read about the security chaos engineering tools available for early adopters. Continue Reading

How to evaluate and deploy an XDR platform

Not all extended detection and response platforms are created equal. Don't take the XDR plunge before knowing exactly what to look for in an XDR platform. Continue Reading

Group-IB CEO Ilya Sachkov charged with treason in Russia

Group-IB maintains the innocence of CEO and founder Ilya Sachkov and said that co-founder and CTO Dmitry Volkov will assume leadership of the company. Continue Reading

SIEM vs. SOAR vs. XDR: Evaluate the differences

SIEM, SOAR and XDR share similar definitions, but each has distinct drawbacks. Learn what each offers and how they differ for help deciding which to deploy in your company. Continue Reading

SOAR vs. SIEM: What's the difference?

When it comes to the SOAR vs. SIEM debate, it's important to understand their fundamental differences to get the most benefit from your security data. Continue Reading

5 cyber threat intelligence feeds to evaluate

Cyber threat intelligence feeds help organizations up their security game. While the 'best' feeds vary depending on a company's needs, here are five leading services to consider. Continue Reading

How to address and prevent security alert fatigue

An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences. Continue Reading

Risk & Repeat: Diving into the dark web

This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there. Continue Reading

Adopting threat hunting techniques, tactics and strategy

Adopt threat hunting techniques that analyze the right data, detect anomalies, use frameworks and compare success metrics, combining manual techniques with AI and machine learning. Continue Reading

Try this cybersecurity quiz, test your cyberdefense smarts

Based on the November 2020 issue of Information Security magazine, this 10-question quiz lets you check your comprehensive knowledge of current security issues and earn CPE credit too. Continue Reading

AI in security analytics is the enhancement you need

AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits. Continue Reading

AI in security analytics is the enhancement you need

 Continue Reading

AI in cybersecurity ups your odds against persistent threats

AI capabilities can identify and take down cyberthreats in real time but are only part of what your team needs to come out on the winning side of the cybersecurity battle. Continue Reading

AI in cybersecurity ups your odds against persistent threats

 Continue Reading

AI threat intelligence is the future, and the future is now

Threat intelligence services and tools get a boost from advanced technology like AI and, specifically, machine learning. Learn how that works. Continue Reading

Uncover and overcome cloud threat hunting obstacles

You can be an effective cyberthreat hunter even if your organization's assets are in the cloud. Know the likely obstacles you'll face, then learn how to surmount them. Continue Reading

Volunteers join forces to tackle COVID-19 security threats

The COVID-19 Cyber Threat Coalition has amassed approximately 4,000 volunteers from the infosec community to monitor, analyze and block pandemic-themed threats across the globe. Continue Reading

How can security benefit from cyberthreat intelligence?

Cyberthreat intelligence is essential to understand common external-facing risks. Learn how to find the right threat intelligence feed and how the data can benefit cybersecurity. Continue Reading

Cisco launches SecureX platform for integrated security

At RSA Conference 2020, Cisco unveiled SecureX, which integrates the vendor's security portfolio into a single platform with enhanced visibility and automation. Continue Reading

AI-driven cybersecurity teams are all about human augmentation

AI is often associated with technology replacing humans. In the case of AI-based cybersecurity teams, however, AI will augment its human counterparts, not supplant them. Continue Reading

2 components of detection and threat intelligence platforms

Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool. Continue Reading

2 components of detection and threat intelligence platforms

 Continue Reading

Threat intelligence offers promise, but limitations remain

Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity. Continue Reading

Threat intelligence offers promise, but limitations remain

 Continue Reading

IT security threat management tools, services to combat new risks

Advances in tools and services are changing IT security threat management. Learn how infosec pros are using UTM platforms, AI and threat intelligence services to alleviate risk. Continue Reading

IBM Cloud Pak for Security aims to unify hybrid environments

IBM Security is shifting its strategy with a new Cloud Pak designed specifically to unify data from multiple security tools and vendors through accessing federated data. Continue Reading

Designing the future of cyber threat intelligence sharing

Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense. Continue Reading

Splunk Mission Control launch enables a unified SOC

Mission Control is intended to unify Splunk Enterprise Security, Splunk Phantom and Splunk User Behavior Analytics into the Splunk Security Operations Suite. Continue Reading

Sinkholed Magecart domains resurrected for advertising schemes

Security vendor RiskIQ discovered several old Magecart domains that had been sinkholed were re-registered under new owners and are now engaged in fraudulent advertising activity. Continue Reading

Network traffic analysis tools secure a new, crucial role

Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security. Continue Reading

D3 Security's Attackbot integrates Mitre ATT&CK in SOAR 2.0

With the Mitre ATT&CK framework, D3's SOAR 2.0 platform can identify and map security events, predict the kill chain and trigger automated responses to remediate threats. Continue Reading

Cisco engineer: Why we need more women in cybersecurity

Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap. Continue Reading

Building a threat intelligence framework: Here's how

A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know. Continue Reading

ReliaQuest's cybersecurity platform integrates technologies

ReliaQuest's security analytics platform, GreyMatter, claims to improve threat detection by up to four times and reduce system downtime by 98% by integrating AI and human analysis. Continue Reading

The future of SIEM: What needs to change for it to stay relevant?

Compared to security orchestration, automation and response (SOAR) software, SIEM systems are dated. Expert Andrew Froehlich explains how SIEM needs to adapt to keep up. Continue Reading

DHS-led agency works to visualize, share cyber-risk information

A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading

Chronicle dives into security telemetry with 'Backstory'

Alphabet's Chronicle looks to give enterprises a leg up with a new service called Backstory, which will bring context and insight to vast amounts of security telemetry. Continue Reading

A guide to SIEM platforms, benefits and features

Evaluate the top SIEM platforms before making a buying decision. Explore how the top SIEM platform tools protect enterprises by collecting security event data for centralized analysis. Continue Reading

Why McAfee CTO Steve Grobman is wary of AI models for cybersecurity

Artificial intelligence has become a dominant force in the cybersecurity industry, but McAfee CTO Steve Grobman said it's too easy to make AI models look more effective than they truly are. Continue Reading

Product roundup: Features of top SIEM software on the market

Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier. Continue Reading

Prepping your SIEM architecture for the future

Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates. Continue Reading

User behavior analytics tackles cloud, hybrid environments

Integration of user behavior analytics as a feature of other security technologies such as SIEM and data loss prevention shows no sign of slowing down. User behavior analytics tools develop baselines and then correlate threat events, user and entity context, and peer analytics to alert security analysts of unusual activity.

Gartner expects user entity and behavior analytics techniques to become embedded in roughly 80% of the threat detection and incident response market by 2022. But between now and then, it appears more user behavior analytics tools are headed for optimization in the cloud. This optimization involves not only the analytical models, but also performance and cost.

"When you properly optimize analytics, the bill that you get from Amazon can be orders of magnitude smaller," said Stephan Jou, CTO of Interset Software Inc., an OEM provider that also offers stand-alone security analytics tools.

In this issue of Information Security, we look at new functionality in user behavior analytics and security analytics, and how these machine learning tools are attempting to help security operations centers stay on top of insider threats, external dangers and cloud security monitoring.

 Continue Reading

Cloud-first? User and entity behavior analytics takes flight

 Continue Reading

Cloud-first? User and entity behavior analytics takes flight

The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud. Continue Reading

Seven criteria for evaluating today's leading SIEM tools

Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization. Continue Reading

Alphabet's Chronicle launches VirusTotal Enterprise

VirusTotal has a new look, thanks to Alphabet's Chronicle, including new enterprise features for faster malware searches, as well as the ability to keep submitted data private. Continue Reading

SIEM evaluation criteria: Choosing the right SIEM products

Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask. Continue Reading

SIEM benefits include efficient incident response, compliance

SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting. Continue Reading

Security data scientists on how to make your data useful

Data science and machine learning can reveal valuable security information that would otherwise remain hidden in large data sets. Security data scientists can be hard to find and may be out of reach for most organizations. Even without these skill sets, companies can make strides to take advantage of advanced analytics to improve their security posture.

In August 2017, Google data scientists revealed that they had worked in conjunction with academic researchers from Princeton and other universities to create a model for tracking ransomware payments on the bitcoin blockchain. The researchers tallied roughly 20,000 payments worth $16 million.

"Very large organizations can often build their own data storage and data analysis solutions, because they will often have security data scientists on staff to write code and identify patterns," said Joshua Saxe, chief data scientist at security software firm Sophos. "The vast majority of organizations do not have the resources to do that."

Data analytics and machine learning can help companies quickly reduce the amount of data they need to parse in order to highlight potential threats. Too much data noise can quickly overwhelm human analysts, however. In this issue of Information Security magazine, we talk to CISOs and security data scientists about effective use of data analytics, machine learning and their strategies for managing this information to advance threat research.

 Continue Reading

A comprehensive guide to SIEM products

Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security. Continue Reading

SOC services: How to find the right provider for your company

SOCs are the latest services you can now outsource rather than build in-house. But should you entrust them to a third party? Yes—but make sure you know how to pick the best. Continue Reading

Algorithmic discrimination: A coming storm for security?

Following several RSA Conference 2018 talks on machine learning and AI, it's worth asking how algorithmic discrimination might manifest in the infosec industry. Continue Reading

How machine learning anomaly detection works inside SAP

SAP CSO Justin Somaini discusses how SAP uses machine learning for security tasks, like anomaly detection, and compares supervised and unsupervised algorithms. Continue Reading

Binance bounty offered for info on attempted attack

A failed attack led to a Binance bounty offer of $250,000 for information that leads to the arrest of the threat actors responsible for the attempted cryptocurrency theft. Continue Reading

Behavioral analytics, security go hand in hand

This Security School explores behavioral analytics as a tool for enhancing the security of enterprise systems and data. Continue Reading

IT sabotage: Identifying and preventing insider threats

Preventing IT sabotage from insider threats can be a challenge. Peter Sullivan explains how enterprises should monitor for characteristics of insider threat behavior. Continue Reading

Security behavioral analytics: The impact of real-time BTA

Johna Till Johnson, CEO and founder of Nemertes Research, explains real-time threat analysis in terms of BTA and its next-generation security architecture. Continue Reading

The tug of war between user behavior analysis and SIEM

Information security technologies embrace user behavior analytics, and the trend is expected to continue. Should CISOs consider a standalone UBA component? Continue Reading

Will it last? The marriage between UBA tools and SIEM

The failure to detect insider threats and a growing need to store and sort through massive amounts of data have drawn attention to user behavior analytics, sometimes called user and entity behavior analytics. According to Gartner, UBA tools deliver value for use cases such as compromised accounts, including stolen and phished credentials. They can also be used to find compromised systems and data exfiltration.

Security platforms like data loss prevention, endpoint security and cloud access security brokers will increasingly layer or incorporate UBA features to help analyze alerts and make underlying technology more useful, according to analysts. SIEM and UBA are also converging, with SIEM vendors adding UBA tools and UBA vendors building SIEM systems.

In this issue of Information Security magazine, we look at the dynamics around UBA and strategies for CISOs going forward. UBA vendors are releasing product suites targeted at security operations centers, today built around SIEM. What does the future hold for standalone UBA tools? We look at time to value and use cases, and help you sift through the noise.

 Continue Reading

The tug of war between user behavior analysis and SIEM

 Continue Reading

Considerations for developing a cyber threat intelligence team

The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee. Continue Reading

Can the STIX security framework improve threat intelligence sharing?

Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework. Continue Reading

What SIEM features are essential for your company?

On the hunt for the best SIEM tool for your company? Learn how to evaluate the capabilties of the newest security information and event management products. Continue Reading

Machine learning in cybersecurity: How to evaluate offerings

Vendors are pitching machine learning for cybersecurity applications to replace traditional signature-based threat detection. But how can enterprises evaluate this new tech? Continue Reading