Security analytics and automation
Security analytics and automation provide enterprises the data needed to help defend against a barrage of cyber threats. A toolkit combining threat intelligence sharing and services with SIEM and SOAR systems as well as threat hunting is key to success.
Top Stories
-
Tip
27 Oct 2023
9 tips to measure and improve digital transformation ROI
Amid a rapidly changing business landscape and competing priorities, a compelling ROI is all the more critical to justify and secure funding for digital transformation projects. Continue Reading
-
News
24 Oct 2023
JPMorgan Chase CISO explains why he's an 'AI optimist'
Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
-
Tip
23 Feb 2021
5 cyber threat intelligence feeds to evaluate
Cyber threat intelligence feeds help organizations up their security game. While the 'best' feeds vary depending on a company's needs, here are five leading services to consider. Continue Reading
-
Tip
10 Feb 2021
How to address and prevent security alert fatigue
An influx of false positive security alerts can lead infosec pros to overlook real threats. Learn how to avoid security alert fatigue and avoid its potential consequences. Continue Reading
-
Podcast
05 Feb 2021
Risk & Repeat: Diving into the dark web
This week's Risk & Repeat podcast discusses the state of the dark web in 2021, how it has changed and what enterprises should know about the threats that exist there. Continue Reading
-
Tip
21 Jan 2021
Adopting threat hunting techniques, tactics and strategy
Adopt threat hunting techniques that analyze the right data, detect anomalies, use frameworks and compare success metrics, combining manual techniques with AI and machine learning. Continue Reading
-
Quiz
09 Nov 2020
Try this cybersecurity quiz, test your cyberdefense smarts
Based on the November 2020 issue of Information Security magazine, this 10-question quiz lets you check your comprehensive knowledge of current security issues and earn CPE credit too. Continue Reading
-
Feature
02 Nov 2020
AI in security analytics is the enhancement you need
AI-powered analytics is critical to an effective, proactive security strategy. Learn how AI-enabled tools work and what your organization needs to do to reap their benefits. Continue Reading
- 02 Nov 2020
-
Opinion
02 Nov 2020
AI in cybersecurity ups your odds against persistent threats
AI capabilities can identify and take down cyberthreats in real time but are only part of what your team needs to come out on the winning side of the cybersecurity battle. Continue Reading
- 02 Nov 2020
-
Tip
26 May 2020
AI threat intelligence is the future, and the future is now
Threat intelligence services and tools get a boost from advanced technology like AI and, specifically, machine learning. Learn how that works. Continue Reading
-
Tip
26 May 2020
Uncover and overcome cloud threat hunting obstacles
You can be an effective cyberthreat hunter even if your organization's assets are in the cloud. Know the likely obstacles you'll face, then learn how to surmount them. Continue Reading
-
News
11 May 2020
Volunteers join forces to tackle COVID-19 security threats
The COVID-19 Cyber Threat Coalition has amassed approximately 4,000 volunteers from the infosec community to monitor, analyze and block pandemic-themed threats across the globe. Continue Reading
-
Tip
05 May 2020
How can security benefit from cyberthreat intelligence?
Cyberthreat intelligence is essential to understand common external-facing risks. Learn how to find the right threat intelligence feed and how the data can benefit cybersecurity. Continue Reading
-
News
24 Feb 2020
Cisco launches SecureX platform for integrated security
At RSA Conference 2020, Cisco unveiled SecureX, which integrates the vendor's security portfolio into a single platform with enhanced visibility and automation. Continue Reading
-
Tip
19 Feb 2020
AI-driven cybersecurity teams are all about human augmentation
AI is often associated with technology replacing humans. In the case of AI-based cybersecurity teams, however, AI will augment its human counterparts, not supplant them. Continue Reading
-
Opinion
03 Feb 2020
2 components of detection and threat intelligence platforms
Deploying threat detection and intelligence platforms is one of the smartest ways to protect your organization's valuable assets. Make sure you know how to choose the best tool. Continue Reading
- 03 Feb 2020
-
Feature
03 Feb 2020
Threat intelligence offers promise, but limitations remain
Do you know how to use threat intelligence feeds to best effect in your company? Learn what this valuable yet often confusing resource can and can't do for cybersecurity. Continue Reading
- 03 Feb 2020
-
Answer
05 Dec 2019
IT security threat management tools, services to combat new risks
Advances in tools and services are changing IT security threat management. Learn how infosec pros are using UTM platforms, AI and threat intelligence services to alleviate risk. Continue Reading
-
News
21 Nov 2019
IBM Cloud Pak for Security aims to unify hybrid environments
IBM Security is shifting its strategy with a new Cloud Pak designed specifically to unify data from multiple security tools and vendors through accessing federated data. Continue Reading
-
Feature
20 Nov 2019
Designing the future of cyber threat intelligence sharing
Attendees at the ACSC conference strategized about what ideal threat intelligence sharing looks like. Learn more about the future of collaborative cyberdefense. Continue Reading
-
News
30 Oct 2019
Splunk Mission Control launch enables a unified SOC
Mission Control is intended to unify Splunk Enterprise Security, Splunk Phantom and Splunk User Behavior Analytics into the Splunk Security Operations Suite. Continue Reading
-
News
20 Sep 2019
Sinkholed Magecart domains resurrected for advertising schemes
Security vendor RiskIQ discovered several old Magecart domains that had been sinkholed were re-registered under new owners and are now engaged in fraudulent advertising activity. Continue Reading
-
Tip
20 Aug 2019
Network traffic analysis tools secure a new, crucial role
Gartner just produced its first-ever guide to network traffic analytics security tools. Learn how the analysis of network traffic is broadening to include network security. Continue Reading
-
News
25 Jul 2019
D3 Security's Attackbot integrates Mitre ATT&CK in SOAR 2.0
With the Mitre ATT&CK framework, D3's SOAR 2.0 platform can identify and map security events, predict the kill chain and trigger automated responses to remediate threats. Continue Reading
-
Feature
16 Jul 2019
Cisco engineer: Why we need more women in cybersecurity
Progress on the cybersecurity gender gap has been slow but steadier recently. Cisco engineer Michele Guel explains how to hack the gender gap. Continue Reading
-
Feature
09 Jul 2019
Building a threat intelligence framework: Here's how
A robust threat intelligence framework is a critical part of a cybersecurity plan. A top researcher discusses what companies need to know. Continue Reading
-
News
18 Jun 2019
ReliaQuest's cybersecurity platform integrates technologies
ReliaQuest's security analytics platform, GreyMatter, claims to improve threat detection by up to four times and reduce system downtime by 98% by integrating AI and human analysis. Continue Reading
-
Answer
30 May 2019
The future of SIEM: What needs to change for it to stay relevant?
Compared to security orchestration, automation and response (SOAR) software, SIEM systems are dated. Expert Andrew Froehlich explains how SIEM needs to adapt to keep up. Continue Reading
-
Feature
09 Apr 2019
DHS-led agency works to visualize, share cyber-risk information
A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain. Continue Reading
-
News
05 Mar 2019
Chronicle dives into security telemetry with 'Backstory'
Alphabet's Chronicle looks to give enterprises a leg up with a new service called Backstory, which will bring context and insight to vast amounts of security telemetry. Continue Reading
-
Buyer's Guide
20 Dec 2018
A guide to SIEM platforms, benefits and features
Evaluate the top SIEM platforms before making a buying decision. Explore how the top SIEM platform tools protect enterprises by collecting security event data for centralized analysis. Continue Reading
-
News
18 Dec 2018
Why McAfee CTO Steve Grobman is wary of AI models for cybersecurity
Artificial intelligence has become a dominant force in the cybersecurity industry, but McAfee CTO Steve Grobman said it's too easy to make AI models look more effective than they truly are. Continue Reading
-
Feature
11 Dec 2018
Product roundup: Features of top SIEM software on the market
Explore the top SIEM software and vendors currently on the market to make your decision-making process just a little bit easier. Continue Reading
-
Tip
10 Oct 2018
Prepping your SIEM architecture for the future
Is your SIEM ready to face the future? Or is it time for a major tune-up or at least some tweaks around the edges? Learn how to approach your SIEM assessment and updates. Continue Reading
-
E-Zine
02 Oct 2018
User behavior analytics tackles cloud, hybrid environments
Integration of user behavior analytics as a feature of other security technologies such as SIEM and data loss prevention shows no sign of slowing down. User behavior analytics tools develop baselines and then correlate threat events, user and entity context, and peer analytics to alert security analysts of unusual activity.
Gartner expects user entity and behavior analytics techniques to become embedded in roughly 80% of the threat detection and incident response market by 2022. But between now and then, it appears more user behavior analytics tools are headed for optimization in the cloud. This optimization involves not only the analytical models, but also performance and cost.
"When you properly optimize analytics, the bill that you get from Amazon can be orders of magnitude smaller," said Stephan Jou, CTO of Interset Software Inc., an OEM provider that also offers stand-alone security analytics tools.
In this issue of Information Security, we look at new functionality in user behavior analytics and security analytics, and how these machine learning tools are attempting to help security operations centers stay on top of insider threats, external dangers and cloud security monitoring.
Continue Reading - 02 Oct 2018
-
Feature
02 Oct 2018
Cloud-first? User and entity behavior analytics takes flight
The power and cost savings associated with software as a service are tempting companies to consider applications for security analytics both on premises and in the public cloud. Continue Reading
-
Feature
02 Oct 2018
Seven criteria for evaluating today's leading SIEM tools
Using criteria and comparison, expert Karen Scarfone examines the best SIEM software on the market to help you determine which one is right for your organization. Continue Reading
-
News
28 Sep 2018
Alphabet's Chronicle launches VirusTotal Enterprise
VirusTotal has a new look, thanks to Alphabet's Chronicle, including new enterprise features for faster malware searches, as well as the ability to keep submitted data private. Continue Reading
-
Feature
21 Aug 2018
SIEM evaluation criteria: Choosing the right SIEM products
Establishing solid SIEM evaluation criteria and applying them to an organization's business needs goes far when selecting the right SIEM products. Here are the questions to ask. Continue Reading
-
Feature
08 Aug 2018
SIEM benefits include efficient incident response, compliance
SIEM tools enable centralized reporting, which is just one of the many SIEM benefits. Others include real-time incident response, as well as insight for compliance reporting. Continue Reading
-
E-Zine
01 Aug 2018
Security data scientists on how to make your data useful
Data science and machine learning can reveal valuable security information that would otherwise remain hidden in large data sets. Security data scientists can be hard to find and may be out of reach for most organizations. Even without these skill sets, companies can make strides to take advantage of advanced analytics to improve their security posture.
In August 2017, Google data scientists revealed that they had worked in conjunction with academic researchers from Princeton and other universities to create a model for tracking ransomware payments on the bitcoin blockchain. The researchers tallied roughly 20,000 payments worth $16 million.
"Very large organizations can often build their own data storage and data analysis solutions, because they will often have security data scientists on staff to write code and identify patterns," said Joshua Saxe, chief data scientist at security software firm Sophos. "The vast majority of organizations do not have the resources to do that."
Data analytics and machine learning can help companies quickly reduce the amount of data they need to parse in order to highlight potential threats. Too much data noise can quickly overwhelm human analysts, however. In this issue of Information Security magazine, we talk to CISOs and security data scientists about effective use of data analytics, machine learning and their strategies for managing this information to advance threat research.
Continue Reading -
Feature
26 Jul 2018
A comprehensive guide to SIEM products
Expert Karen Scarfone examines security information and event management systems and explains why SIEM systems and SIEM products are crucial for enterprise security. Continue Reading
-
Feature
10 May 2018
SOC services: How to find the right provider for your company
SOCs are the latest services you can now outsource rather than build in-house. But should you entrust them to a third party? Yes—but make sure you know how to pick the best. Continue Reading
-
Blog Post
30 Apr 2018
Algorithmic discrimination: A coming storm for security?
Following several RSA Conference 2018 talks on machine learning and AI, it's worth asking how algorithmic discrimination might manifest in the infosec industry. Continue Reading
-
Feature
21 Mar 2018
How machine learning anomaly detection works inside SAP
SAP CSO Justin Somaini discusses how SAP uses machine learning for security tasks, like anomaly detection, and compares supervised and unsupervised algorithms. Continue Reading
-
News
13 Mar 2018
Binance bounty offered for info on attempted attack
A failed attack led to a Binance bounty offer of $250,000 for information that leads to the arrest of the threat actors responsible for the attempted cryptocurrency theft. Continue Reading
-
Security School
15 Jan 2018
Behavioral analytics, security go hand in hand
This Security School explores behavioral analytics as a tool for enhancing the security of enterprise systems and data. Continue Reading
-
Tip
11 Jan 2018
IT sabotage: Identifying and preventing insider threats
Preventing IT sabotage from insider threats can be a challenge. Peter Sullivan explains how enterprises should monitor for characteristics of insider threat behavior. Continue Reading
-
Video
11 Jan 2018
Security behavioral analytics: The impact of real-time BTA
Johna Till Johnson, CEO and founder of Nemertes Research, explains real-time threat analysis in terms of BTA and its next-generation security architecture. Continue Reading
-
Opinion
01 Dec 2017
The tug of war between user behavior analysis and SIEM
Information security technologies embrace user behavior analytics, and the trend is expected to continue. Should CISOs consider a standalone UBA component? Continue Reading
-
E-Zine
01 Dec 2017
Will it last? The marriage between UBA tools and SIEM
The failure to detect insider threats and a growing need to store and sort through massive amounts of data have drawn attention to user behavior analytics, sometimes called user and entity behavior analytics. According to Gartner, UBA tools deliver value for use cases such as compromised accounts, including stolen and phished credentials. They can also be used to find compromised systems and data exfiltration.
Security platforms like data loss prevention, endpoint security and cloud access security brokers will increasingly layer or incorporate UBA features to help analyze alerts and make underlying technology more useful, according to analysts. SIEM and UBA are also converging, with SIEM vendors adding UBA tools and UBA vendors building SIEM systems.
In this issue of Information Security magazine, we look at the dynamics around UBA and strategies for CISOs going forward. UBA vendors are releasing product suites targeted at security operations centers, today built around SIEM. What does the future hold for standalone UBA tools? We look at time to value and use cases, and help you sift through the noise.
Continue Reading - 28 Nov 2017
-
Tip
10 Oct 2017
Considerations for developing a cyber threat intelligence team
The use of a cyber threat intelligence team can greatly help organizations. Learn the best practices for team location and selection from expert Robert M. Lee. Continue Reading
-
Answer
29 Sep 2017
Can the STIX security framework improve threat intelligence sharing?
Can Structured Threat Information eXpression improve threat intelligence sharing? Nick Lewis breaks down the evolution of the STIX security framework. Continue Reading
-
Feature
28 Sep 2017
What SIEM features are essential for your company?
On the hunt for the best SIEM tool for your company? Learn how to evaluate the capabilties of the newest security information and event management products. Continue Reading
-
Feature
26 Sep 2017
Machine learning in cybersecurity: How to evaluate offerings
Vendors are pitching machine learning for cybersecurity applications to replace traditional signature-based threat detection. But how can enterprises evaluate this new tech? Continue Reading
-
Tip
11 Jul 2017
Tactics for security threat analysis tools and better protection
Threat analysis tools need to be in top form to counter a deluge of deadly security issues. Here are tips for getting the most from your analytics tool. Continue Reading
-
News
30 Jun 2017
Q&A: How the Cyber Threat Alliance solved threat intelligence sharing
Palo Alto Networks CSO Rick Howard talks with SearchSecurity about his experiences with the Cyber Threat Alliance and how the group approaches threat intelligence sharing. Continue Reading
-
Security School
06 Jun 2017
How threat intelligence feeds aid organizations' security posture
This Security School explores how threat intelligence feeds works and discusses the types of vendor services that exist now. Continue Reading
-
Tip
07 Apr 2017
Incorporating user behavior analytics into enterprise security programs
User behavior analytics can be used for a number of different objectives within an enterprise. Expert Ajay Kumar examines some of the most important features and capabilities. Continue Reading
-
Tip
03 Apr 2017
User behavior analytics: Building a business case for enterprises
User behavior analytics can be beneficial to enterprises, but there are complexities involved. Expert Ajay Kumar explains what companies should know about this new technology. Continue Reading
-
Security School
14 Mar 2017
Securing big data is a growing infosec responsibility
Learn the ins and out of securing big data, from the key risks facing big data environments to the skills infosec pros need to master to handle this growing responsibility. Continue Reading
-
E-Zine
01 Mar 2017
Machine learning in security explodes: Does it work?
Machine learning in security is continuing to advance, and many companies now claim to have introduced artificial intelligence techniques into their platforms. With the high volume of data that most security teams have to prioritize, machine learning in security technology is increasingly being adopted as a way to reduce the noise that traditional security products produce.
Smaller companies, such as Keen Footwear, have turned to threat platforms that incorporate machine learning and AI techniques -- and soon automated defense -- to solve a variety of problems. "I don't need to go hire someone dedicated to security," said Clark Flannery, director of IT at Keen's headquarters in Portland, Ore. "It just feels like a whole team back there -- who are way more qualified than [staff] I would be able to pay."
With security professionals in short supply, companies like Keen are relying on these technologies to make it easier to spot and respond to attacks. While machine learning and artificial intelligence are often used interchangeably, the concepts are different. In this issue of Information Security magazine, we discuss the nuances and dive into the current state of the technology. Machine learning in security offers information security analysts more depth of knowledge, helping to detect patterns and related analysis they may not otherwise have known about.
Continue Reading -
Opinion
01 Mar 2017
AI or not, machine learning in cybersecurity advances
As more companies promote machine learning and artificial intelligence technologies, chief information security officers need to ask some tough questions to get past the hype. Continue Reading
-
Feature
01 Mar 2017
Security looks to machine learning technology for a cognitive leg up
Advances in machine learning technology and artificial intelligence have proven to work well for some information security tasks such as malware detection. What's coming next? Continue Reading
- 24 Feb 2017
- 24 Feb 2017
-
Feature
15 Sep 2016
RSA NetWitness Logs and Packets: Security analytics product overview
Expert Dan Sullivan examines RSA's NetWitness Logs and Packets, security analytics tools that collect and review logs, packets and behavior to detect enterprise threats. Continue Reading
-
Feature
18 Nov 2015
Hewlett Packard Enterprise's ArcSight ESM: SIEM product overview
Expert Karen Scarfone analyzes HPE's ArcSight Enterprise Security Management (ESM), a security information and event management (SIEM) tool used for collecting security log data. Continue Reading
-
Feature
18 Nov 2015
EMC RSA Security Analytics: SIEM product overview
Expert Karen Scarfone examines EMC RSA Security Analytics, a SIEM product for harvesting, analyzing and reporting on security log data across the enterprise. Continue Reading
-
Feature
18 Nov 2015
AlienVault OSSIM: SIEM Product overview
Expert Karen Scarfone checks out AlienVault's Open Source SIEM and Unified Security Management products for collecting event data from various security logs within an organization. Continue Reading
-
Feature
18 Nov 2015
Splunk Enterprise: SIEM product overview
Expert Karen Scarfone examines Splunk Enterprise, a security information and event management (SIEM) product for collecting and analyzing event data to identify malicious activity. Continue Reading
-
Feature
18 Nov 2015
SolarWinds Log and Event Manager: SIEM product overview
Expert Karen Scarfone examines SolarWinds Log and Event Manager, a security information and event management (SIEM) tool for collecting and analyzing event data to identify malicious activity. Continue Reading
-
Feature
18 Nov 2015
IBM Security QRadar: SIEM product overview
Expert Karen Scarfone takes a look at IBM Security QRadar, a security information and event management (SIEM) tool used for collecting and analyzing security log data. Continue Reading
-
Feature
18 Nov 2015
LogRhythm's Security Intelligence Platform: SIEM product overview
Expert Karen Scarfone examines LogRhythm's Security Intelligence Platform, a SIEM tool for analyzing collected data. Continue Reading
-
Answer
25 Mar 2015
What are the secrets to SIEM deployment success?
Many organizations deploy security information and event management systems without the proper planning and therefore can't reap the proper rewards. Expert Kevin Beaver offers tips for a successful implementation. Continue Reading
-
Feature
03 Mar 2015
Beyond the Page: New SIEM Battleground Unfolds with Advanced Analytics
Robert Lemos looks at next-generation security information and event management analytic tools and cloud-based systems. Continue Reading
-
Tip
03 Mar 2015
SIEM systems: Using analytics to reduce false positives
Combining data from a variety of sources with better analytics can reduce workloads. Continue Reading
-
Tip
17 Feb 2015
Benefits of the Cisco OpenSOC security analytics framework
Cisco's open source security analytics framework aims to help enterprises address visibility and incident management challenges. Expert Kevin Beaver discusses OpenSOC and what to consider when integrating it into an enterprise security strategy. Continue Reading
-
Tip
02 Feb 2015
How emerging threat intelligence tools affect network security
Up and coming threat intelligence tools aim to improve data security and even standardize threat intelligence across the industry. Expert Kevin Beaver explains how. Continue Reading
-
Tip
22 Jul 2014
Big data security analytics: Facebook's ThreatData framework
Expert Kevin Beaver explains how enterprises can take a page from Facebook's ThreatData framework security analytics to boost enterprise defense. Continue Reading
-
Guide
22 Jul 2013
How to define SIEM strategy, management and success in the enterprise
Enterprise SIEM technology is as functional, manageable and affordable as it's ever been. Learn how to achieve success with SIEM in your organization. Continue Reading
-
Quiz
29 Apr 2013
Quiz: Using SIEM technology to improve security management processes
In this five question quiz, test your knowledge of our Security School lesson on using SIEM technology to improve security management processes. Continue Reading
-
Answer
11 Mar 2008
Is centralized logging worth all the effort?
Network log records play an extremely important role in any well-constructed security program. Expert Mike Chapple explains how to implement a centralized logging infrastructure. Continue Reading