Threat detection and response

Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.

December 06, 2021 06 Dec'21
One year later, SolarWinds hackers targeting cloud providers

The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers.
December 03, 2021 03 Dec'21
Hundreds of new vulnerabilities found in SOHO routers

Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks.
December 02, 2021 02 Dec'21
Former Ubiquiti engineer arrested for inside threat attack

Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million.
December 01, 2021 01 Dec'21
CISA taps CrowdStrike for endpoint security

The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul.

Bring yourself up to speed with our introductory content

Elastic Stack Security tutorial: How to create detection rules

This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
intrusion detection system (IDS)

An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such activity is discovered. Continue Reading
sandbox (software testing and security)

A sandbox is an isolated testing environment that enables users to run programs or open files without affecting the application, system or platform on which they run. Continue Reading

Weigh the pros and cons of technologies, products and projects you are considering.

Elastic Security app enables affordable threat hunting

New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
3 components to consider when selecting an MDR service

In the market for an MDR service? Read up on three considerations to keep in mind and questions to ask potential providers before making a decision. Continue Reading
Network security in the return-to-work era

IT teams are dealing with the challenge of reconnecting devices to office networks as employees return to work. Here's how your organization can overcome that challenge. Continue Reading

Learn to apply best practices and optimize your operations.

Security log management and logging best practices

Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
How to achieve security observability in complex environments

Security observability is a novel approach to incident detection that goes beyond traditional monitoring. Read on to learn if this emerging strategy is right for your enterprise. Continue Reading
How to prevent port scan attacks

The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and prevent port scanning attacks. Continue Reading

We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.

How to defend against TCP port 445 and other SMB exploits

Keeping TCP port 445 and other SMB ports open is necessary for resource sharing, yet this can create an easy target for attackers without the proper protections in place. Continue Reading
8 challenges every security operations center faces

Staffing shortages, budget allocation issues, and inadequate analytics and filtering are among the challenges organizations will face as they implement a security operations center. Continue Reading
Use network traffic analysis to detect next-gen threats

Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting new breeds of low-and-slow threats. Continue Reading