Security analytics and automation
Security analytics and automation provide enterprises the data needed to help defend against a barrage of cyber threats. A toolkit combining threat intelligence sharing and services with SIEM and SOAR systems as well as threat hunting is key to success.
Top Stories
-
Feature
01 May 2025
4 lessons in the new era of AI-enabled cybercrime
Cyberattacks have evolved rapidly as GenAI use has become more widespread. An RSAC Conference 2025 panel shared what they've learned over the past two years. Continue Reading
-
News
28 Apr 2025
Cisco, former Google, Meta experts train cybersecurity LLM
Cisco's new Foundation AI group, which includes engineers from multiple companies, has released a compact AI reasoning model based on Llama 3 for cybersecurity to open source. Continue Reading
-
News
27 Apr 2023
Secureworks CEO weighs in on XDR landscape, AI concerns
Secureworks CEO Wendy Thomas talks with TechTarget Editorial about the evolution of the threat detection and response market, as well as the risks posed by new AI technology. Continue Reading
-
News
25 Apr 2023
RSAC panel warns AI poses unintended security consequences
A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
-
News
25 Apr 2023
Rising AI tide sweeps over RSA Conference, cybersecurity
AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity. Continue Reading
-
News
24 Apr 2023
IBM launches AI-powered security offering QRadar Suite
IBM aims to use QRadar Suite's AI features, which it calls the 'unified analyst experience,' to enable security analysts to focus on higher-priority work. Continue Reading
-
News
11 Apr 2023
Recorded Future launches OpenAI GPT model for threat intel
The new OpenAI GPT model was trained on Recorded Future's large data set and interprets evidence to help support enterprises struggling with cyberdefense. Continue Reading
-
Tutorial
10 Apr 2023
Automate firewall rules with Terraform and VMware NSX
In this hands-on tutorial, learn how infrastructure-as-code tools such as Terraform can streamline firewall management with automated, standardized configuration of firewall rules. Continue Reading
-
Opinion
06 Apr 2023
Top RSA Conference 2023 trends and topics
Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
-
News
28 Mar 2023
Microsoft launches AI-powered Security Copilot
Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model. Continue Reading
-
Definition
23 Mar 2023
forensic image
A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space. Continue Reading
-
Tip
21 Mar 2023
4 ChatGPT cybersecurity benefits for the enterprise
As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
-
News
07 Mar 2023
Vishing attacks increasing, but AI's role still unclear
The volume of vishing attacks continues to rise. But threat researchers say it's difficult to attribute such threats to artificial intelligence tools and deepfake technology. Continue Reading
-
Definition
24 Feb 2023
sudo (su 'do')
Sudo is a command-line utility for Unix and Unix-based operating systems such as Linux and macOS. Continue Reading
-
News
22 Feb 2023
How hackers can abuse ChatGPT to create malware
ChatGPT's capabilities for producing software code are limited. But researchers have observed cybercriminals bypassing the chatbot's safeguards to produce malicious content. Continue Reading
-
Definition
21 Feb 2023
AWS Key Management Service (AWS KMS)
AWS Key Management Service (KMS) is a managed service provided by Amazon Web Services (AWS) that allows companies to create, control and manage the cryptographic keys that encrypt and protect their data. Continue Reading
-
News
16 Feb 2023
Dynatrace security AI roots out Log4j, sets tone for roadmap
Dynatrace must prove itself beyond application security, but its AI's effectiveness against the Log4j vulnerability has some customers receptive to its product expansion plans. Continue Reading
-
News
14 Feb 2023
Cribl Search marks fresh observability sortie for upstart
The Splunk nemesis begins new forays onto the turf of incumbent vendors with federated search that doesn't require data migration or indexing -- and big roadmap plans. Continue Reading
-
Opinion
08 Feb 2023
DevSecOps needs to improve to grow adoption rates, maturity
Organizations are adding security processes and oversight to DevOps, but there's still work ahead to truly marry cybersecurity with DevOps and create a functioning DevSecOps. Continue Reading
-
Tip
20 Jan 2023
How to select a security analytics platform, plus vendor options
Security analytics platforms aren't traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about these powerful and important tools. Continue Reading
-
Feature
19 Dec 2022
11 cybersecurity predictions for 2023
Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
-
Tutorial
07 Dec 2022
How to use Wireshark OUI lookup for network security
Wireshark OUI lookup helps cyber defenders, pen testers and red teams identify and target network endpoints -- and it can be accessed from any browser. Continue Reading
-
Opinion
02 Dec 2022
XDR definitions don't matter, outcomes do
Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023. Continue Reading
-
Opinion
02 Dec 2022
7 steps to implementing a successful XDR strategy
There's still confusion around what extended detection and response is, but it will play a key role in enterprise security. To successfully implement XDR, follow these steps. Continue Reading
-
Tip
17 Nov 2022
Industrial control system security needs ICS threat intelligence
Threat actors and nation-states constantly try to find ways to attack all-important industrial control systems. Organizations need specialized ICS threat intelligence to fight back. Continue Reading
-
Tip
31 Oct 2022
Why and how to use container malware scanning software
Malware is on the rise, and containers are potential attack vectors. Learn why it's crucial to check containers for vulnerabilities and compare container malware scanning tools. Continue Reading
-
News
25 Oct 2022
Cryptomining campaign abused free GitHub account trials
Cloud security vendor Sysdig uncovered the largest cryptomining operation it's ever seen as threat actors used free account trials to shift the costs to service providers. Continue Reading
-
News
19 Oct 2022
Mandiant launches Breach Analytics for Google's Chronicle
Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month. Continue Reading
-
Feature
12 Oct 2022
The history and evolution of zero-trust security
Before zero-trust security, enterprise insiders were trusted and outsiders weren't. Learn about the history of zero trust and the public and private sector efforts to adopt it. Continue Reading
-
Tip
01 Sep 2022
Cybersecurity budget breakdown and best practices
Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
-
News
30 Aug 2022
VMware aims to improve security visibility with new services
Unveiled at VMware Explore, the company's new security services include Project Trinidad, Project Watch and Project Northstar. All three offer customer visibility enhancements. Continue Reading
-
Tip
22 Aug 2022
Why security chaos engineering works, and how to do it right
While 'chaos' doesn't sound like something software security managers would want, chaos engineering has an enticing amount of value when it comes to identifying potential threats. Continue Reading
-
Tip
10 Aug 2022
Compare SAST vs. DAST vs. SCA for DevSecOps
SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from. Continue Reading
-
News
08 Aug 2022
U.S. sanctions another cryptocurrency mixer in Tornado Cash
The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds. Continue Reading
-
Tip
01 Aug 2022
Top 10 UEBA enterprise use cases
The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading
-
Feature
01 Aug 2022
Proof of work vs. proof of stake: What's the difference?
Proof of work and proof of stake use algorithms to validate cryptocurrency on a blockchain network. The main difference is how they choose and qualify users to add transactions. Continue Reading
-
News
06 Jul 2022
5G networks vulnerable to adversarial ML attacks
A team of academic researchers introduced an attack technique that could disrupt 5G networks, requiring new ways to protect against adversarial machine learning attacks. Continue Reading
-
Tip
07 Jun 2022
8 benefits of DevSecOps automation
DevSecOps automation can help organizations scale development while adding security, as well as uniformly adopt security features and reduce remedial tasks. Continue Reading
-
Tip
23 May 2022
Learn to work with the Office 365 unified audit log
Administrators who need to check on suspicious activities in the Office 365 platform can perform a unified audit log search to help with their investigation. Continue Reading
-
Definition
21 Apr 2022
security information management (SIM)
Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources. Continue Reading
-
Tip
14 Apr 2022
The benefits and challenges of managed PKIs
Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization. Continue Reading
-
News
07 Apr 2022
Government officials: AI threat detection still needs humans
At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection. Continue Reading
-
News
01 Apr 2022
Zimperium acquired by Liberty Strategic Capital for $525M
Zimperium is the latest cybersecurity investment for Liberty Strategic Capital, a private equity firm founded by former Treasury Secretary Steven Mnuchin. Continue Reading
-
Guest Post
28 Mar 2022
The benefits and challenges of SBOMs
While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
-
Tip
25 Mar 2022
Review Microsoft Defender for endpoint security pros and cons
Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
-
Tip
15 Mar 2022
How to secure NetOps initiatives using Agile methodology
As more NetOps teams implement Agile methods, network and security testing must be part of a holistic approach that involves developers, networking and security teams working together. Continue Reading
-
Answer
10 Mar 2022
Use microsegmentation to mitigate lateral attacks
Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
-
Tip
23 Feb 2022
How to use PKI to secure remote network access
Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
-
Opinion
17 Feb 2022
Shifting security left requires a GitOps approach
Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed. Continue Reading
-
Feature
08 Feb 2022
Pros and cons of manual vs. automated penetration testing
Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
Tip
28 Jan 2022
Protect APIs against attacks with this security testing guide
API security cannot be overlooked. Learn how security testing can detect API vulnerabilities and weaknesses before attackers can take advantage of them. Continue Reading
-
Guest Post
27 Jan 2022
How AI can help security teams detect threats
AI and machine learning are reshaping modern threat detection. Learn how they help security teams efficiently and accurately detect malicious actors. Continue Reading
-
Tip
20 Jan 2022
Introduction to automated penetration testing
Automated penetration testing, which speeds up the process for companies and vendors, is maturing. Is it ready to close the time gap between vulnerability discovery and mitigation? Continue Reading
-
Tip
18 Jan 2022
Cloud-native security architecture principles and controls
Building a sound cloud security framework is challenging, and it's even more so when implementing a cloud-native architecture. Here are steps you can take to make the job easier. Continue Reading
-
Tip
21 Dec 2021
5 ways to automate security testing in DevSecOps
Read up on five areas of DevSecOps that benefit from security testing automation, such as code quality checking, web application scanning and vulnerability scanning. Continue Reading
-
Guest Post
15 Dec 2021
The importance of automated certificate management
Managing the plethora of digital certificates can no longer be done in a spreadsheet by hand. Discover the importance of automated certificate management here. Continue Reading
-
Feature
09 Dec 2021
Enable automation with a network digital twin
Digital twin technology is a hot topic in IoT systems, but IT teams can also invest in digital twins to improve network visibility, plan for changes and enable automation. Continue Reading
-
Feature
29 Nov 2021
Elastic Stack Security tutorial: How to create detection rules
This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
-
Feature
29 Nov 2021
Elastic Security app enables affordable threat hunting
New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
-
Tip
23 Nov 2021
Start managing with these Microsoft Graph API features
Microsoft Graph offers several administrative advantages when handling jobs on Microsoft 365 and Azure AD, but be aware of some potential trouble spots when employing this technology. Continue Reading
-
Feature
11 Nov 2021
Tools to conduct security chaos engineering tests
Security teams are becoming curious about how chaos engineering can benefit them. Read about the security chaos engineering tools available for early adopters. Continue Reading
-
Tip
07 Oct 2021
How to evaluate and deploy an XDR platform
Not all extended detection and response platforms are created equal. Don't take the XDR plunge before knowing exactly what to look for in an XDR platform. Continue Reading
-
News
29 Sep 2021
Group-IB CEO Ilya Sachkov charged with treason in Russia
Group-IB maintains the innocence of CEO and founder Ilya Sachkov and said that co-founder and CTO Dmitry Volkov will assume leadership of the company. Continue Reading
-
Tip
23 Feb 2021
5 cyber threat intelligence feeds to evaluate
Cyber threat intelligence feeds help organizations up their security game. While the 'best' feeds vary depending on a company's needs, here are five leading services to consider. Continue Reading
-
Tip
10 Feb 2021
How to address and prevent security alert fatigue
An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences. Continue Reading
-
Podcast
05 Feb 2021
Risk & Repeat: Diving into the dark web
This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there. Continue Reading
-
Tip
21 Jan 2021
Adopting threat hunting techniques, tactics and strategy
Adopt threat hunting techniques that analyze the right data, detect anomalies, use frameworks and compare success metrics, combining manual techniques with AI and machine learning. Continue Reading
-
Quiz
09 Nov 2020
Try this cybersecurity quiz, test your cyberdefense smarts
Based on the November 2020 issue of Information Security magazine, this 10-question quiz lets you check your comprehensive knowledge of current security issues and earn CPE credit too. Continue Reading
-
Feature
02 Nov 2020
AI in security analytics is the enhancement you need
AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits. Continue Reading
- 02 Nov 2020
-
Opinion
02 Nov 2020
AI in cybersecurity ups your odds against persistent threats
AI capabilities can identify and take down cyberthreats in real time but are only part of what your team needs to come out on the winning side of the cybersecurity battle. Continue Reading
- 02 Nov 2020
-
Tip
26 May 2020
AI threat intelligence is the future, and the future is now
Threat intelligence services and tools get a boost from advanced technology like AI and, specifically, machine learning. Learn how that works. Continue Reading
-
Tip
26 May 2020
Uncover and overcome cloud threat hunting obstacles
You can be an effective cyberthreat hunter even if your organization's assets are in the cloud. Know the likely obstacles you'll face, then learn how to surmount them. Continue Reading
-
News
11 May 2020
Volunteers join forces to tackle COVID-19 security threats
The COVID-19 Cyber Threat Coalition has amassed approximately 4,000 volunteers from the infosec community to monitor, analyze and block pandemic-themed threats across the globe. Continue Reading
-
Tip
05 May 2020
How can security benefit from cyberthreat intelligence?
Cyberthreat intelligence is essential to understand common external-facing risks. Learn how to find the right threat intelligence feed and how the data can benefit cybersecurity. Continue Reading
-
News
24 Feb 2020
Cisco launches SecureX platform for integrated security
At RSA Conference 2020, Cisco unveiled SecureX, which integrates the vendor's security portfolio into a single platform with enhanced visibility and automation. Continue Reading
-
Tip
19 Feb 2020
AI-driven cybersecurity teams are all about human augmentation
AI is often associated with technology replacing humans. In the case of AI-based cybersecurity teams, however, AI will augment its human counterparts, not supplant them. Continue Reading
-
Opinion
03 Feb 2020
2 components of detection and threat intelligence platforms
Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool. Continue Reading
- 03 Feb 2020
-
Feature
03 Feb 2020
Threat intelligence offers promise, but limitations remain
Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity. Continue Reading
- 03 Feb 2020
-
Answer
05 Dec 2019
IT security threat management tools, services to combat new risks
Advances in tools and services are changing IT security threat management. Learn how infosec pros are using UTM platforms, AI and threat intelligence services to alleviate risk. Continue Reading
-
News
21 Nov 2019
IBM Cloud Pak for Security aims to unify hybrid environments
IBM Security is shifting its strategy with a new Cloud Pak designed specifically to unify data from multiple security tools and vendors through accessing federated data. Continue Reading
-
Feature
20 Nov 2019
Designing the future of cyber threat intelligence sharing
Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense. Continue Reading
-
News
30 Oct 2019
Splunk Mission Control launch enables a unified SOC
Mission Control is intended to unify Splunk Enterprise Security, Splunk Phantom and Splunk User Behavior Analytics into the Splunk Security Operations Suite. Continue Reading
-
News
20 Sep 2019
Sinkholed Magecart domains resurrected for advertising schemes
Security vendor RiskIQ discovered several old Magecart domains that had been sinkholed were re-registered under new owners and are now engaged in fraudulent advertising activity. Continue Reading
-
Tip
20 Aug 2019
Network traffic analysis tools secure a new, crucial role
Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security. Continue Reading
-
News
25 Jul 2019
D3 Security's Attackbot integrates Mitre ATT&CK in SOAR 2.0
With the Mitre ATT&CK framework, D3's SOAR 2.0 platform can identify and map security events, predict the kill chain and trigger automated responses to remediate threats. Continue Reading
-
Feature
16 Jul 2019
Cisco engineer: Why we need more women in cybersecurity
Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap. Continue Reading
-
Feature
09 Jul 2019
Building a threat intelligence framework: Here's how
A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know. Continue Reading
-
News
18 Jun 2019
ReliaQuest's cybersecurity platform integrates technologies
ReliaQuest's security analytics platform, GreyMatter, claims to improve threat detection by up to four times and reduce system downtime by 98% by integrating AI and human analysis. Continue Reading
-
Answer
30 May 2019
The future of SIEM: What needs to change for it to stay relevant?
Compared to security orchestration, automation and response (SOAR) software, SIEM systems are dated. Expert Andrew Froehlich explains how SIEM needs to adapt to keep up. Continue Reading
-
Feature
09 Apr 2019
DHS-led agency works to visualize, share cyber-risk information
A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading
-
News
05 Mar 2019
Chronicle dives into security telemetry with 'Backstory'
Alphabet's Chronicle looks to give enterprises a leg up with a new service called Backstory, which will bring context and insight to vast amounts of security telemetry. Continue Reading
-
News
18 Dec 2018
Why McAfee CTO Steve Grobman is wary of AI models for cybersecurity
Artificial intelligence has become a dominant force in the cybersecurity industry, but McAfee CTO Steve Grobman said it's too easy to make AI models look more effective than they truly are. Continue Reading
-
Feature
11 Dec 2018
Product roundup: Features of top SIEM software on the market
Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier. Continue Reading
-
Tip
10 Oct 2018
Prepping your SIEM architecture for the future
Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates. Continue Reading
-
E-Zine
02 Oct 2018
User behavior analytics tackles cloud, hybrid environments
Integration of user behavior analytics as a feature of other security technologies such as SIEM and data loss prevention shows no sign of slowing down. User behavior analytics tools develop baselines and then correlate threat events, user and entity context, and peer analytics to alert security analysts of unusual activity.
Gartner expects user entity and behavior analytics techniques to become embedded in roughly 80% of the threat detection and incident response market by 2022. But between now and then, it appears more user behavior analytics tools are headed for optimization in the cloud. This optimization involves not only the analytical models, but also performance and cost.
"When you properly optimize analytics, the bill that you get from Amazon can be orders of magnitude smaller," said Stephan Jou, CTO of Interset Software Inc., an OEM provider that also offers stand-alone security analytics tools.
In this issue of Information Security, we look at new functionality in user behavior analytics and security analytics, and how these machine learning tools are attempting to help security operations centers stay on top of insider threats, external dangers and cloud security monitoring.
Continue Reading - 02 Oct 2018
-
Feature
02 Oct 2018
Cloud-first? User and entity behavior analytics takes flight
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud. Continue Reading
