Security analytics and automation

Security analytics and automation provide enterprises the data needed to help defend against a barrage of cyber threats. A toolkit combining threat intelligence sharing and services with SIEM and SOAR systems as well as threat hunting is key to success.

Top Stories

Opinion 10 May 2023
2023 RSA Conference insights: Generative AI and more

Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways. Continue Reading
Podcast 02 May 2023
Risk & Repeat: Security industry bets on AI at RSA Conference

This podcast episode covers the focus on AI-powered security products and uses at RSA Conference 2023 in San Francisco last week, as well as other trends at the show. Continue Reading

News 28 Apr 2023

ChatGPT uses for cybersecurity continue to ramp up

The use of OpenAI's technology in cybersecurity products is growing as companies look to improve threat detection and assist short-staffed and fatigued security teams. Continue Reading
News 27 Apr 2023

Secureworks CEO weighs in on XDR landscape, AI concerns

Secureworks CEO Wendy Thomas talks with TechTarget Editorial about the evolution of the threat detection and response market, as well as the risks posed by new AI technology. Continue Reading
News 25 Apr 2023

RSAC panel warns AI poses unintended security consequences

A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
News 25 Apr 2023

Rising AI tide sweeps over RSA Conference, cybersecurity

AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity. Continue Reading
News 24 Apr 2023

IBM launches AI-powered security offering QRadar Suite

IBM aims to use QRadar Suite's AI features, which it calls the 'unified analyst experience,' to enable security analysts to focus on higher-priority work. Continue Reading
Tip 12 Apr 2023

How to prevent deepfakes in the era of generative AI

Businesses must be ever vigilant in detecting the increasingly sophisticated nuances of deepfakes by applying security techniques that range from the simple to the complex. Continue Reading
News 11 Apr 2023

Recorded Future launches OpenAI GPT model for threat intel

The new OpenAI GPT model was trained on Recorded Future's large data set and interprets evidence to help support enterprises struggling with cyberdefense. Continue Reading
Tutorial 10 Apr 2023

Automate firewall rules with Terraform and VMware NSX

In this hands-on tutorial, learn how infrastructure-as-code tools such as Terraform can streamline firewall management with automated, standardized configuration of firewall rules. Continue Reading
Opinion 06 Apr 2023

Top RSA Conference 2023 trends and topics

Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
News 28 Mar 2023

Microsoft launches AI-powered Security Copilot

Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model. Continue Reading
Tip 21 Mar 2023

4 ChatGPT cybersecurity benefits for the enterprise

As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
News 07 Mar 2023

Vishing attacks increasing, but AI's role still unclear

The volume of vishing attacks continues to rise. But threat researchers say it's difficult to attribute such threats to artificial intelligence tools and deepfake technology. Continue Reading
Feature 28 Feb 2023

Top benefits of SOAR tools, plus potential pitfalls to consider

To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
Feature 24 Feb 2023

Top incident response service providers, vendors and software

Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading
News 22 Feb 2023

How hackers can abuse ChatGPT to create malware

ChatGPT's capabilities for producing software code are limited. But researchers have observed cybercriminals bypassing the chatbot's safeguards to produce malicious content. Continue Reading
News 16 Feb 2023

Dynatrace security AI roots out Log4j, sets tone for roadmap

Dynatrace must prove itself beyond application security, but its AI's effectiveness against the Log4j vulnerability has some customers receptive to its product expansion plans. Continue Reading
Tip 15 Feb 2023

Incident response automation: What it is and how it works

Many of today's security operations teams are understaffed and overwhelmed. Learn how incident response automation can help them work smarter, instead of harder. Continue Reading
News 14 Feb 2023

Cribl Search marks fresh observability sortie for upstart

The Splunk nemesis begins new forays onto the turf of incumbent vendors with federated search that doesn't require data migration or indexing -- and big roadmap plans. Continue Reading
Answer 14 Feb 2023

SOAR vs. SIEM: What's the difference?

When it comes to the SOAR vs. SIEM debate, it's important to understand their fundamental differences to get the most benefit from your security data. Continue Reading
Opinion 08 Feb 2023

DevSecOps needs to improve to grow adoption rates, maturity

Organizations are adding security processes and oversight to DevOps, but there's still work ahead to truly marry cybersecurity with DevOps and create a functioning DevSecOps. Continue Reading
Tip 20 Jan 2023

How to select a security analytics platform, plus vendor options

Security analytics platforms aren't traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about these powerful and important tools. Continue Reading
Feature 19 Dec 2022

11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
Tutorial 07 Dec 2022

How to use Wireshark OUI lookup for network security

Wireshark OUI lookup helps cyber defenders, pen testers and red teams identify and target network endpoints -- and it can be accessed from any browser. Continue Reading
Opinion 02 Dec 2022

XDR definitions don't matter, outcomes do

Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023. Continue Reading
Opinion 02 Dec 2022

7 steps to implementing a successful XDR strategy

There's still confusion around what extended detection and response is, but it will play a key role in enterprise security. To successfully implement XDR, follow these steps. Continue Reading
Tip 18 Nov 2022

Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
Tip 17 Nov 2022

Industrial control system security needs ICS threat intelligence

Threat actors and nation-states constantly try to find ways to attack all-important industrial control systems. Organizations need specialized ICS threat intelligence to fight back. Continue Reading
Tip 31 Oct 2022

Why and how to use container malware scanning software

Malware is on the rise, and containers are potential attack vectors. Learn why it's crucial to check containers for vulnerabilities and compare container malware scanning tools. Continue Reading
News 25 Oct 2022

Cryptomining campaign abused free GitHub account trials

Cloud security vendor Sysdig uncovered the largest cryptomining operation it's ever seen as threat actors used free account trials to shift the costs to service providers. Continue Reading
News 19 Oct 2022

Mandiant launches Breach Analytics for Google's Chronicle

Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month. Continue Reading
Feature 12 Oct 2022

The history and evolution of zero-trust security

Before zero-trust security, enterprise insiders were trusted and outsiders weren't. Learn about the history of zero trust and the public and private sector efforts to adopt it. Continue Reading
Tip 01 Sep 2022

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
News 30 Aug 2022

VMware aims to improve security visibility with new services

Unveiled at VMware Explore, the company's new security services include Project Trinidad, Project Watch and Project Northstar. All three offer customer visibility enhancements. Continue Reading
Tip 22 Aug 2022

Why security chaos engineering works, and how to do it right

While 'chaos' doesn't sound like something software security managers would want, chaos engineering has an enticing amount of value when it comes to identifying potential threats. Continue Reading
Tip 10 Aug 2022

Compare SAST vs. DAST vs. SCA for DevSecOps

SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from. Continue Reading
News 08 Aug 2022

U.S. sanctions another cryptocurrency mixer in Tornado Cash

The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds. Continue Reading
Tip 01 Aug 2022

Top 10 UEBA enterprise use cases

The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading
Feature 01 Aug 2022

Proof of work vs. proof of stake: What's the difference?

Proof of work and proof of stake use algorithms to validate cryptocurrency on a blockchain network. The main difference is how they choose and qualify users to add transactions. Continue Reading
News 06 Jul 2022

5G networks vulnerable to adversarial ML attacks

A team of academic researchers introduced an attack technique that could disrupt 5G networks, requiring new ways to protect against adversarial machine learning attacks. Continue Reading
Tip 13 Jun 2022

11 open source automated penetration testing tools

From Nmap to Wireshark to Jok3r, these open source automated pen testing tools help companies determine how successful their security strategies are at protecting their networks. Continue Reading
Tip 07 Jun 2022

8 benefits of DevSecOps automation

DevSecOps automation can help organizations scale development while adding security, as well as uniformly adopt security features and reduce remedial tasks. Continue Reading
Tip 23 May 2022

Learn to work with the Office 365 unified audit log

Administrators who need to check on suspicious activities in the Office 365 platform can perform a unified audit log search to help with their investigation. Continue Reading
Tip 20 Apr 2022

EDR vs. XDR vs. MDR: Which does your company need?

Explore the differences and similarities between EDR vs. XDR vs. MDR and the role they play to help improve behavioral analysis for better threat response. Continue Reading
Tip 14 Apr 2022

The benefits and challenges of managed PKIs

Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization. Continue Reading
Tip 11 Apr 2022

What is cybersecurity mesh and how can it help you?

The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading
News 07 Apr 2022

Government officials: AI threat detection still needs humans

At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection. Continue Reading
News 01 Apr 2022

Zimperium acquired by Liberty Strategic Capital for $525M

Zimperium is the latest cybersecurity investment for Liberty Strategic Capital, a private equity firm founded by former Treasury Secretary Steven Mnuchin. Continue Reading
Guest Post 28 Mar 2022

The benefits and challenges of SBOMs

While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
Tip 25 Mar 2022

Review Microsoft Defender for endpoint security pros and cons

Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
Tip 15 Mar 2022

How to secure NetOps initiatives using Agile methodology

As more NetOps teams implement Agile methods, network and security testing must be part of a holistic approach that involves developers, networking and security teams working together. Continue Reading
Answer 10 Mar 2022

Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
Tip 23 Feb 2022

How to use PKI to secure remote network access

Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
Opinion 17 Feb 2022

Shifting security left requires a GitOps approach

Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed. Continue Reading
Feature 08 Feb 2022

Pros and cons of manual vs. automated penetration testing

Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization. Continue Reading
Feature 31 Jan 2022

Include defensive security in your cybersecurity strategy

Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
Tip 28 Jan 2022

Protect APIs against attacks with this security testing guide

API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
Guest Post 27 Jan 2022

How AI can help security teams detect threats

AI and machine learning are reshaping modern threat detection. Learn how they help security teams efficiently and accurately detect malicious actors. Continue Reading
Tip 20 Jan 2022

Introduction to automated penetration testing

Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
Tip 18 Jan 2022

Cloud-native security architecture principles and controls

Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier. Continue Reading
Tip 22 Dec 2021

Cybersecurity asset management takes ITAM to the next level

Security pros need to focus on cybersecurity asset management for devices, services and the vendors that can help. Use our checklist to find out how and where to start. Continue Reading
Tip 21 Dec 2021

5 ways to automate security testing in DevSecOps

Read up on five areas of DevSecOps that benefit from security testing automation, such as code quality checking, web application scanning and vulnerability scanning. Continue Reading
Guest Post 15 Dec 2021

The importance of automated certificate management

Managing the plethora of digital certificates can no longer be done in a spreadsheet by hand. Discover the importance of automated certificate management here. Continue Reading
Feature 09 Dec 2021

Enable automation with a network digital twin

Digital twin technology is a hot topic in IoT systems, but IT teams can also invest in digital twins to improve network visibility, plan for changes and enable automation. Continue Reading
Feature 29 Nov 2021

Elastic Stack Security tutorial: How to create detection rules

This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
Feature 29 Nov 2021

Elastic Security app enables affordable threat hunting

New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
Tip 23 Nov 2021

Start managing with these Microsoft Graph API features

Microsoft Graph offers several administrative advantages when handling jobs on Microsoft 365 and Azure AD, but be aware of some potential trouble spots when employing this technology. Continue Reading
Feature 11 Nov 2021

Tools to conduct security chaos engineering tests

Security teams are becoming curious about how chaos engineering can benefit them. Read about the security chaos engineering tools available for early adopters. Continue Reading
Tip 07 Oct 2021

How to evaluate and deploy an XDR platform

Not all extended detection and response platforms are created equal. Don't take the XDR plunge before knowing exactly what to look for in an XDR platform. Continue Reading
News 29 Sep 2021

Group-IB CEO Ilya Sachkov charged with treason in Russia

Group-IB maintains the innocence of CEO and founder Ilya Sachkov and said that co-founder and CTO Dmitry Volkov will assume leadership of the company. Continue Reading
Tip 14 Sep 2021

SIEM vs. SOAR vs. XDR: Evaluate the differences

SIEM, SOAR and XDR share similar definitions, but each has distinct drawbacks. Learn what each offers and how they differ for help deciding which to deploy in your company. Continue Reading
Tip 23 Feb 2021

5 cyber threat intelligence feeds to evaluate

Cyber threat intelligence feeds help organizations up their security game. While the 'best' feeds vary depending on a company's needs, here are five leading services to consider. Continue Reading
Tip 10 Feb 2021

How to address and prevent security alert fatigue

An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences. Continue Reading
Podcast 05 Feb 2021

Risk & Repeat: Diving into the dark web

This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there. Continue Reading
Tip 21 Jan 2021

Adopting threat hunting techniques, tactics and strategy

Adopt threat hunting techniques that analyze the right data, detect anomalies, use frameworks and compare success metrics, combining manual techniques with AI and machine learning. Continue Reading
Quiz 09 Nov 2020

Try this cybersecurity quiz, test your cyberdefense smarts

Based on the November 2020 issue of Information Security magazine, this 10-question quiz lets you check your comprehensive knowledge of current security issues and earn CPE credit too. Continue Reading
Feature 02 Nov 2020

AI in security analytics is the enhancement you need

AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits. Continue Reading
02 Nov 2020

AI in security analytics is the enhancement you need

Continue Reading
Opinion 02 Nov 2020

AI in cybersecurity ups your odds against persistent threats

AI capabilities can identify and take down cyberthreats in real time but are only part of what your team needs to come out on the winning side of the cybersecurity battle. Continue Reading
02 Nov 2020

AI in cybersecurity ups your odds against persistent threats

Continue Reading
Tip 26 May 2020

AI threat intelligence is the future, and the future is now

Threat intelligence services and tools get a boost from advanced technology like AI and, specifically, machine learning. Learn how that works. Continue Reading
Tip 26 May 2020

Uncover and overcome cloud threat hunting obstacles

You can be an effective cyberthreat hunter even if your organization's assets are in the cloud. Know the likely obstacles you'll face, then learn how to surmount them. Continue Reading
News 11 May 2020

Volunteers join forces to tackle COVID-19 security threats

The COVID-19 Cyber Threat Coalition has amassed approximately 4,000 volunteers from the infosec community to monitor, analyze and block pandemic-themed threats across the globe. Continue Reading
Tip 05 May 2020

How can security benefit from cyberthreat intelligence?

Cyberthreat intelligence is essential to understand common external-facing risks. Learn how to find the right threat intelligence feed and how the data can benefit cybersecurity. Continue Reading
News 24 Feb 2020

Cisco launches SecureX platform for integrated security

At RSA Conference 2020, Cisco unveiled SecureX, which integrates the vendor's security portfolio into a single platform with enhanced visibility and automation. Continue Reading
Tip 19 Feb 2020

AI-driven cybersecurity teams are all about human augmentation

AI is often associated with technology replacing humans. In the case of AI-based cybersecurity teams, however, AI will augment its human counterparts, not supplant them. Continue Reading
Opinion 03 Feb 2020

2 components of detection and threat intelligence platforms

Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool. Continue Reading
03 Feb 2020

2 components of detection and threat intelligence platforms

Continue Reading
Feature 03 Feb 2020

Threat intelligence offers promise, but limitations remain

Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity. Continue Reading
03 Feb 2020

Threat intelligence offers promise, but limitations remain

Continue Reading
Answer 05 Dec 2019

IT security threat management tools, services to combat new risks

Advances in tools and services are changing IT security threat management. Learn how infosec pros are using UTM platforms, AI and threat intelligence services to alleviate risk. Continue Reading
News 21 Nov 2019

IBM Cloud Pak for Security aims to unify hybrid environments

IBM Security is shifting its strategy with a new Cloud Pak designed specifically to unify data from multiple security tools and vendors through accessing federated data. Continue Reading
Feature 20 Nov 2019

Designing the future of cyber threat intelligence sharing

Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense. Continue Reading
News 30 Oct 2019

Splunk Mission Control launch enables a unified SOC

Mission Control is intended to unify Splunk Enterprise Security, Splunk Phantom and Splunk User Behavior Analytics into the Splunk Security Operations Suite. Continue Reading
News 20 Sep 2019

Sinkholed Magecart domains resurrected for advertising schemes

Security vendor RiskIQ discovered several old Magecart domains that had been sinkholed were re-registered under new owners and are now engaged in fraudulent advertising activity. Continue Reading
Tip 20 Aug 2019

Network traffic analysis tools secure a new, crucial role

Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security. Continue Reading
News 25 Jul 2019

D3 Security's Attackbot integrates Mitre ATT&CK in SOAR 2.0

With the Mitre ATT&CK framework, D3's SOAR 2.0 platform can identify and map security events, predict the kill chain and trigger automated responses to remediate threats. Continue Reading
Feature 16 Jul 2019

Cisco engineer: Why we need more women in cybersecurity

Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap. Continue Reading
Feature 09 Jul 2019

Building a threat intelligence framework: Here's how

A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know. Continue Reading
News 18 Jun 2019

ReliaQuest's cybersecurity platform integrates technologies

ReliaQuest's security analytics platform, GreyMatter, claims to improve threat detection by up to four times and reduce system downtime by 98% by integrating AI and human analysis. Continue Reading
Answer 30 May 2019

The future of SIEM: What needs to change for it to stay relevant?

Compared to security orchestration, automation and response (SOAR) software, SIEM systems are dated. Expert Andrew Froehlich explains how SIEM needs to adapt to keep up. Continue Reading

1
2

Networking

AI in network management poses challenges for network pros
Research shows that, while AI helps increase business success, network pros struggle to use it more than their peers. Find out ...
Enterprise 5G: Guide to planning, architecture and benefits
An enterprise 5G deployment requires extensive planning. Prepare for advances in wireless technology using this 5G guide that ...
9 ways to make network modernization work
More cloud computing, container networking and network capacity are some of the ways businesses could modernize their networks. ...

CIO

What are the 4 different types of blockchain technology?
Public, private, hybrid or consortium, each blockchain network has distinct pluses and minuses that largely drive its ideal uses ...
White House seeks public comment on national AI strategy
The White House wants to know about AI risks and benefits, as well as specific measures such as regulation that might help ...
Meta fine highlights EU, US data sharing challenges
Until the new EU-U.S. Data Privacy Framework is established, Meta's $1.2 billion euro fine should serve as a warning to U.S. ...

Enterprise Desktop

What does the new Microsoft Intune Suite include?
With all the recent name changes with Microsoft's endpoint management products and add-ons, IT teams need to know what Intune ...
Does macOS need third-party antivirus in the enterprise?
Macs are known for their security, but that doesn't mean they're safe from viruses and other threats. IT teams can look into ...
Are devices that run only Microsoft Teams in our future?
Microsoft Teams has consistently grown and added new functionality, so what's next for this feature-rich platform? Maybe a ...

Cloud Computing

Dell Apex updates support enterprise 'cloud to ground' moves
Dell's latest Apex updates puts the company in a position to capitalize on the hybrid, multicloud, and edge computing needs of ...
Prepare for the Azure Security Engineer Associate certification
Are you ready to boost your resume or further your cloud career path? Review this preparation guide to get ready for Exam AZ-500 ...
Dell takes edge deployment from the frontier to NativeEdge
At Dell Tech World, the vendor seeks to simplify deploying and managing up to thousands of edge devices in various locations, as ...

ComputerWeekly.com

Birmingham council leader admits £100m budget hole in ERP upgrade
City council’s plans to replace flagship SAP system, which has been running since 1999, is not going to plan
Cisco joins growing Manchester cyber security hub
Networking kingpin signs up to Greater Manchester Digital Security Hub to support centre’s work on security resilience and skills
Bumbling IT security analyst convicted of blackmail offences
A Hertfordshire man has been convicted of blackmail and other offences after piggybacking on an in-progress ransomware attack to ...

Close