Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
Tip
15 Apr 2025
How to effectively respond to a ransomware attack
Does your organization know what to do if its systems are suddenly struck by a ransomware attack? To be ready, prepare your ransomware response well ahead of time. Continue Reading
-
Conference Coverage
15 Apr 2025
RSA Conference 2025
Follow SearchSecurity's RSAC 2025 guide for insightful pre-conference insights and reports on notable presentations and breaking news at the world's biggest infosec event. Continue Reading
-
Feature
11 Apr 2025
Ransomware negotiation: Does it work, and should you try it?
Negotiating with the criminals who are holding your data for ransom is a daunting and stressful endeavor. Experts weigh in on the risks and the potential outcomes. Continue Reading
-
Tip
09 Apr 2025
How to prevent and protect against ransomware
Organizations sometimes learn difficult lessons about gaps in their cybersecurity defenses. Here's what to know about ransomware preparation, detection, response and recovery. Continue Reading
-
Feature
09 Apr 2025
How to create a data breach response plan, with free template
A data breach response plan outlines how a business reacts to a breach. Follow these six steps, and use our free template to develop your organization's plan. Continue Reading
-
Feature
07 Apr 2025
Explaining AI's impact on ransomware attacks and security
Experts say AI and LLMs will make ransomware attacks more dangerous, but those same tools could be turned against criminals by bolstering ransomware protections. Continue Reading
-
Tip
03 Apr 2025
How to detect and remove malware from an Android device
Mobile malware can come in many forms, but users might not know how to identify it. Understand the signs to be wary of on Android devices, as well as what to do to remove malware. Continue Reading
-
Feature
03 Apr 2025
4 ransomware detection techniques to catch an attack
While prevention is key, it's not enough to protect a company's systems from ransomware. Learn how early detection with these four methods helps reduce damage from attacks. Continue Reading
-
Opinion
01 Apr 2025
How ESET is using AI PCs to boost endpoint security
While AI PCs show legitimate promise, the rock-solid use cases haven't been as prominent. However, security vendor ESET is showing more concrete applications of this technology. Continue Reading
-
Tip
31 Mar 2025
How quantum cybersecurity changes the way you protect data
Here's a full guide to the threats quantum computers pose to today's encryption algorithms -- and how to prepare now to become "crypto-agile" enough to stay ahead of bad actors. Continue Reading
-
Feature
20 Mar 2025
3 types of deepfake detection technology and how they work
Think you're talking to your boss on Zoom? You might want to think again. Deepfake technology has already cost enterprises millions of dollars. Here's how to fight fire with fire. Continue Reading
-
News
20 Mar 2025
Cloudflare unveils tools for safeguarding AI deployment
The cybersecurity vendor's new suite helps businesses, developers and content creators deploy AI technology at scale safely and securely. Continue Reading
-
Definition
14 Mar 2025
What is pharming?
Pharming is a scamming practice in which malicious code is installed on a PC or server, misdirecting users to fraudulent websites without their knowledge or consent. Continue Reading
-
Feature
11 Mar 2025
Incident response for web application attacks
Web app security is like learning to ride a bike -- expect to struggle before getting it right. But don't be disheartened; learn from prior incidents to improve controls. Continue Reading
-
Feature
06 Mar 2025
Treasury Department hacked: Explaining how it happened
Another major cyberattack hit the U.S. Treasury, allegedly by Chinese state-sponsored hackers. Exploiting BeyondTrust software, they accessed sensitive unclassified documents. Continue Reading
-
Definition
28 Feb 2025
What is the NSA and how does it work?
The National Security Agency (NSA) is a federal government surveillance and intelligence agency that's part of the U.S. Department of Defense and is managed under the authority of the director of national intelligence (DNI). Continue Reading
-
News
27 Feb 2025
CrowdStrike: China hacking has reached 'inflection point'
In its 2025 Global Threat Report, CrowdStrike observed an increase in China's cyber capabilities, with a focus on espionage and 'pre-positioning' itself in critical environments. Continue Reading
-
Tip
26 Feb 2025
How to improve third-party API integration security
External API integrations are critical, but so is managing third-party API risks to maintain customer trust, remain compliant and ensure long-term operational resilience. Continue Reading
-
Tip
25 Feb 2025
How to enhance OSINT investigations using AI
As the amount of data publicly available online continues to grow, AI-driven tools are becoming indispensable companions for intelligence gathering and analysis. Continue Reading
-
Definition
24 Feb 2025
What is red teaming?
Red teaming is the practice of rigorously challenging plans, policies, systems and assumptions with an adversarial approach. Continue Reading
-
News
21 Feb 2025
Palo Alto Networks vulnerabilities exploited in chained attack
The cybersecurity vendor urges customers to take immediate action to mitigate recently disclosed vulnerabilities that are being actively exploited in the wild. Continue Reading
-
Definition
21 Feb 2025
What is a network packet?
A network packet is a basic unit of data that is transferred over a computer network, typically a packet-switched network, such as the internet. Continue Reading
-
Podcast
20 Feb 2025
Risk & Repeat: Salt Typhoon hasn't stopped hacking
Although the Salt Typhoon telecom breaches from last year appear to have been remediated, the Chinese state-sponsored threat group continues to target critical organizations. Continue Reading
-
News
20 Feb 2025
CISA, FBI warn of Ghost/Cring ransomware attacks
Ghost is a China-based financially motivated ransomware group that has launched attacks against organizations in more than 70 countries -- including its own. Continue Reading
-
Tip
20 Feb 2025
Penetration testing vs. vulnerability scanning: What's the difference?
Confused by the distinctions between penetration testing and vulnerability scanning? You're not alone. Learn the key differences between the two and when to use each. Continue Reading
-
Definition
18 Feb 2025
What are social engineering attacks?
Social engineering is an attack vector that relies heavily on human interaction and often involves psychological manipulation of people into breaking normal security procedures and best practices to gain unauthorized access. Continue Reading
-
Definition
18 Feb 2025
What is a botnet?
A botnet is a collection of internet-connected devices -- including PCs, servers, mobile devices and internet of things (IoT) devices -- infected and controlled by a common type of malware, often unbeknownst to their owners. Continue Reading
-
News
13 Feb 2025
Salt Typhoon compromises telecom providers' Cisco devices
Salt Typhoon's latest campaign exploits older vulnerabilities in Cisco edge devices to gain access to the networks of several telecom companies, including two based in the U.S. Continue Reading
-
Definition
13 Feb 2025
What is a denial-of-service attack?
A denial-of-service (DoS) attack is a security threat that occurs when an attacker makes it impossible for legitimate users to access computer systems, networks, services or other IT resources. Continue Reading
-
Definition
12 Feb 2025
What is cyber hijacking?
Cyber hijacking, or computer hijacking, is a type of network security attack in which the threat actor takes control of computer systems, software programs and network communications. Continue Reading
-
Definition
12 Feb 2025
What is antimalware?
Antimalware is a software program created to protect IT systems and individual computers from malicious software, or malware. Continue Reading
-
Definition
11 Feb 2025
What is a honeypot? How it protects against cyberattacks
A honeypot is a network-attached system set up as a decoy to lure cyberattackers and to help organizations detect, deflect and study hacking attempts to gain unauthorized access to IT. Continue Reading
-
Tip
07 Feb 2025
Top 21 Kali Linux tools and how to use them
Kali Linux includes many tools tailored to beefing up network security. Getting familiar with them takes a lot of work, but the benefits they provide can be wide-ranging. Continue Reading
-
News
06 Feb 2025
Unpatched.ai: Who runs the vulnerability discovery platform?
There is limited information on the AI-powered vulnerability discovery platform that emerged in December after it reported Microsoft vulnerabilities Continue Reading
-
Definition
05 Feb 2025
What is a cyberthreat hunter (cybersecurity threat analyst)?
A cyberthreat hunter, also called a cybersecurity threat analyst, proactively identifies security incidents that might go undetected using automated security tools such as malware detectors and firewalls. Continue Reading
-
Tip
05 Feb 2025
How to build an effective purple team playbook
Enterprises across a wide variety of vertical industries can benefit from purple team exercises that harness red and blue teams toward a common goal: reducing vulnerabilities. Continue Reading
-
News
05 Feb 2025
Chainalysis records 35% decrease in ransom payments in 2024
While the first half of 2024 was on pace to surpass 2023's record-setting numbers, Chainalysis found that the volume of ransom payments dropped in the second half of the year. Continue Reading
-
News
03 Feb 2025
NSFocus: DeepSeek AI hit with 'well planned' DDoS attacks
Cybersecurity vendor NSFocus said AI startup DeepSeek endured multiple waves of DDoS attacks from attackers since its reasoning model was released Jan. 20. Continue Reading
-
News
30 Jan 2025
German police disrupt Cracked, Nulled cybercrime forums
Cracked and Nulled had a combined community of approximately 10 million users who used the sites to discuss cybercrime and sell malware and hacking tools. Continue Reading
-
News
24 Jan 2025
DOJ indicts 5 individuals in North Korea IT worker scam
An unsealed indictment revealed threat actors working for North Korea tricked at least 64 U.S. businesses into hiring fake IT workers for financial and propriety data gains. Continue Reading
-
Definition
23 Jan 2025
What is threat modeling?
Threat modeling is the systematic process of identifying threats to and vulnerabilities in software applications, and then defining countermeasures to mitigate those threats and vulnerabilities to better protect business processes, networks, systems and data. Continue Reading
-
News
23 Jan 2025
Zero-day vulnerability in SonicWall SMA series under attack
SonicWall released a hotfix for a critical pre-authentication remote code execution vulnerability in Secure Mobile Access 1000 products amidst reports of zero-day exploitation. Continue Reading
-
Feature
23 Jan 2025
PowerSchool data breach: Explaining how it happened
Hackers are going to school (literally) as the education sector has become an increasingly attractive target for cybercriminals. Continue Reading
-
Podcast
21 Jan 2025
Risk & Repeat: What is the future of CISA?
South Dakota Gov. Kristi Noem, who is President Donald Trump's nominee for DHS secretary, said during a recent confirmation hearing that CISA should be 'smaller.' Continue Reading
-
News
21 Jan 2025
Threat actors abusing Microsoft Teams in ransomware attacks
Sophos researchers observed two separate threat campaigns in which attackers used Microsoft Teams to pose as IT support personnel and gain access to victims' systems. Continue Reading
-
Tip
21 Jan 2025
How to prevent living-off-the-land attacks
Living-off-the-land attacks have been around since the dawn of modern computing, but they're drawing new attention from threat actors eager to find ways to penetrate defenses. Continue Reading
-
News
17 Jan 2025
Treasury Department sanctions company tied to Salt Typhoon
The sanctions were in response to significant cyberattacks by Chinese nation-state threat groups against the U.S. government and critical infrastructure in recent months. Continue Reading
-
Feature
16 Jan 2025
The mystery of the $75M ransom payment to Dark Angels
The Dark Angels gang stole 100 TB of data from a Fortune 50 company last year for a record-setting ransom payment. But the victim organization still hasn't disclosed those details. Continue Reading
-
News
15 Jan 2025
FBI removes Chinese PlugX malware from 4,258 U.S. computers
The FBI did not inform individuals that it deleted PlugX malware from users' computers beforehand, citing the possibility of Chinese state-sponsored hackers making adjustments. Continue Reading
-
News
14 Jan 2025
Attackers exploiting critical Fortinet zero-day vulnerability
Fortinet disclosed another zero-day vulnerability in its FortiOS and FortiProxy products days after Arctic Wolf detailed a threat campaign targeting the vendor's devices. Continue Reading
-
News
14 Jan 2025
CISA: BeyondTrust flaw CVE-2024-12686 exploited in the wild
BeyondTrust discovered the flaw last month while investigating breaches of a 'limited number' of SaaS customers at the hands of Chinese state-sponsored threat actors. Continue Reading
-
News
14 Jan 2025
Ivanti zero-day patching increases amid ongoing attacks
Recent scans conducted by the Shadowserver Foundation show many organizations have patched Ivanti instances vulnerable to CVE-2025-0282 over the last week. Continue Reading
-
Tip
13 Jan 2025
How to avoid and remove malvertising
Malvertising is an up-and-coming cybersecurity threat, but marketing and IT teams alike can take several important steps to avoid and remove this threat. Continue Reading
-
Feature
13 Jan 2025
9 secure email gateway options for 2025
Finding the best email security gateway is vital to protect companies from cyberattacks. Here's a look at some current market leaders and their standout features. Continue Reading
-
News
09 Jan 2025
Mandiant links Ivanti zero-day exploitation to Chinese hackers
Mandiant warned users to be prepared for widespread exploitation of CVE-2025-0282 as Ivanti products have become a popular target for attackers in recent years. Continue Reading
-
News
07 Jan 2025
CISA: BeyondTrust breach affected Treasury Department only
The government cybersecurity agency says fallout from a breach against BeyondTrust last month has not affected other federal agencies, although the investigation is ongoing. Continue Reading
-
Tip
06 Jan 2025
Top 4 incident response certifications to consider in 2025
Cybersecurity professionals pursuing an incident response track should consider the following certifications to bolster their knowledge and advance their career. Continue Reading
-
News
31 Dec 2024
Treasury Department breached through BeyondTrust service
The Treasury Department said Chinese government hackers gained access to a key for BeyondTrust's Remote Support service and used it to breach the federal agency. Continue Reading
-
Feature
30 Dec 2024
Navigate the 2025 threat landscape with expert insights
AI technology and company employees can serve as both gateways and buffers against cyberthreats. Learn more from expert thought leaders on how to protect your environment in 2025. Continue Reading
-
Podcast
23 Dec 2024
Risk & Repeat: The state of ransomware in 2024
Ransomware made major headlines in 2024, from the massive Change Healthcare attack to the creative takedown of the notorious LockBit ransomware-as-a-service gang. Continue Reading
-
News
23 Dec 2024
10 of the biggest cybersecurity stories of 2024
Some of the biggest stories of the year include a massive IT outage, a record-setting ransom payment and devastating breaches at several U.S. telecommunications companies. Continue Reading
-
Guest Post
19 Dec 2024
Add gamification learning to your pen testing training playbook
Organizations that embrace gamification in their pen testing training are better positioned to build and maintain the skilled security teams needed to address evolving threats. Continue Reading
-
News
16 Dec 2024
Blackberry sells Cylance to Arctic Wolf for $160M
After exiting the mobile device market, Blackberry acquired Cylance for $1.4 billion in 2018 to expand its presence in enterprise security. Continue Reading
-
News
16 Dec 2024
ESET: RansomHub most active ransomware group in H2 2024
The antimalware vendor says law enforcement operations against the LockBit ransomware gang were successful, but a new prolific group has emerged in its place. Continue Reading
-
Tip
12 Dec 2024
5 common malvertising examples
Malvertising is relatively new in the world of cyberthreats and can be the hardest to spot. Here are five examples of these malicious ads. Continue Reading
-
News
05 Dec 2024
Police bust cybercrime marketplace, phishing network
As part of Europol's announcement of the cybercriminal marketplace's disruption, the agency included an image of a takedown notice referencing the 'Manson Market.' Continue Reading
-
News
04 Dec 2024
FBI: Criminals using AI to commit fraud 'on a larger scale'
As AI technology becomes more widely adopted, attackers are abusing it for their scams, which the FBI says are becoming increasingly more difficult to detect. Continue Reading
-
News
02 Dec 2024
AWS launches automated service for incident response
AWS Security Incident Response, which launched ahead of the re:Invent 2024 conference this week, can automatically triage and remediate events detected in Amazon GuardDuty. Continue Reading
-
Tip
27 Nov 2024
How AI is reshaping threat intelligence
As promising as AI technology is for threat intelligence, organizations grapple with a long learning curve and other challenges that could impede successful adoption. Continue Reading
-
News
26 Nov 2024
AWS CISO details automated cybersecurity tools for customers
Chris Betz, CISO at AWS, discusses how three internal tools are designed to automatically identify and mitigate threats for the cloud giant's customers. Continue Reading
-
Definition
22 Nov 2024
What is endpoint detection and response (EDR)?
Endpoint detection and response (EDR) is a system that gathers and analyzes security threat-related information from computer workstations and other endpoints. Continue Reading
-
Definition
21 Nov 2024
What is a threat intelligence feed?
A threat intelligence feed, also known as a TI feed, is an ongoing stream of data related to potential or current threats to an organization's security. Continue Reading
-
News
21 Nov 2024
Cyber insurers address ransom reimbursement policy concerns
In a recent op-ed for The Financial Times, U.S. Deputy National Security Advisor Anne Neuberger wrote that reimbursing ransom payments is a 'troubling practice that must end.' Continue Reading
-
News
21 Nov 2024
DOJ charges 5 alleged Scattered Spider members
The defendants, charged for conducting alleged phishing scams across the U.S., are suspected members of a prolific threat group responsible for last year's casino attacks. Continue Reading
-
Podcast
20 Nov 2024
Risk & Repeat: China hacks major telecom companies
The FBI and CISA confirmed reports that Salt Typhoon breached several major telecom companies and accessed data related to law enforcement requests. Continue Reading
-
News
20 Nov 2024
Apple warns 2 macOS zero-day vulnerabilities under attack
The macOS Sequoia vulnerabilities are the latest to be targeted and exploited by threat actors as cybersecurity vendors report a shift in the landscape. Continue Reading
-
News
19 Nov 2024
2 Palo Alto Networks zero-day vulnerabilities under attack
CVE-2024-9474 marks the second zero-day vulnerability in Palo Alto Networks' PAN-OS firewall management interface to come under attack in the last week. Continue Reading
-
News
15 Nov 2024
Palo Alto Networks PAN-OS management interfaces under attack
Palo Alto Networks confirmed that threat actors are exploiting a vulnerability in PAN-OS firewall management interfaces after warning customers to secure them for nearly a week. Continue Reading
-
News
13 Nov 2024
Most widely exploited vulnerabilities in 2023 were zero days
While zero-day exploitation surged throughout 2023, CISA said threat actors continue to exploit known vulnerabilities that were disclosed and patched as far back as 2017. Continue Reading
-
Tip
12 Nov 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences
SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
-
Tip
12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits
One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
-
News
06 Nov 2024
CISA on 2024 election security: 'Good news' for democracy
CISA Director Jen Easterly says that despite disruptions including bomb threats in multiple states, Election Day 2024 was a success story from a security standpoint. Continue Reading
-
Definition
06 Nov 2024
What is machine identity management?
Machine identity management focuses on the machines connected to and accessing resources on a network. Continue Reading
-
News
05 Nov 2024
Canadian authorities arrest alleged Snowflake hacker
Alexander Moucka was arrested last week and is expected to appear in court Tuesday for allegedly breaching dozens of Snowflake customers. Continue Reading
-
News
04 Nov 2024
CISA: U.S. election disinformation peddled at massive scale
CISA said the U.S. cybersecurity agency has seen small-scale election incidents 'resulting in no significant impacts to election infrastructure,' such as low-level DDoS attacks. Continue Reading
-
Definition
01 Nov 2024
What is unified threat management (UTM)?
Unified threat management (UTM) is an information security system that provides a single point of protection against cyberthreats, including viruses, worms, spyware and other malware, as well as network attacks. Continue Reading
-
News
31 Oct 2024
China-based APTs waged 5-year campaign on Sophos firewalls
For years, several advanced persistent threat groups tied to the Chinese government targeted Sophos firewall products with custom malware and zero-day exploits. Continue Reading
-
Tip
30 Oct 2024
How to create an incident response playbook with template
Using an incident response playbook can speed up an organization's responses to cyberattacks. Find out how to build repeatable playbooks to use for different types of incidents. Continue Reading
-
News
30 Oct 2024
Play ransomware attack tied to North Korean nation-state actor
A relationship between North Korean actor Jumpy Pisces and Play ransomware would be unprecedented, as the former has not collaborated with cybercrime gangs previously. Continue Reading
-
Podcast
29 Oct 2024
Risk & Repeat: SEC cracks down on cybersecurity disclosures
The SEC's charges against Unisys, Avaya, Check Point Software Technologies and Mimecast have raised questions about expectations for transparency in cybersecurity. Continue Reading
-
News
29 Oct 2024
REvil convictions unlikely to curb Russian cybercrime
In a rare action against cybercrime, a court in Russia sentenced four individuals tied to the Revil ransomware gang for money laundering and malware distribution charges. Continue Reading
-
Feature
29 Oct 2024
How to configure and customize Kali Linux settings
Learning how to use Kali Linux for ethical hacking and penetration testing? Read step by step how to configure and customize the distribution. Continue Reading
-
Tip
28 Oct 2024
Insider threat hunting best practices and tools
Detecting threats coming from inside the organization presents unique challenges. Insider threat hunting helps identify potential threat actors and proactively deal with them. Continue Reading
-
News
24 Oct 2024
Cisco ASA and FTD zero day used in password spraying attacks
One day after Cisco disclosed a zero-day vulnerability discovered in its VPN software, CISA added the flaw to its Known Exploited Vulnerabilities catalog. Continue Reading
-
Tip
24 Oct 2024
EDR vs. SIEM: Key differences, benefits and use cases
Endpoint detection and response and security information and event management tools offer organizations benefits, but each plays a specific role, so it's worth having both. Continue Reading
-
News
24 Oct 2024
Fortinet FortiManager zero-day flaw exploited since June
Mandiant researchers first observed exploitation activity against CVE-2024-47575 on June 27, with more than 50 FortiManager devices compromised since. Continue Reading
-
Tip
24 Oct 2024
EDR vs. EPP: How are they different and which is right for you?
Endpoint detection and response tools and endpoint protection platforms offer similar security features. Which is better for your organization: EDR, EPP or both? Continue Reading
-
Guide
24 Oct 2024
SolarWinds breach news center
The massive SolarWinds supply chain attack continues to invade networks. Here's the latest news on the breach, how the malware infiltrates systems and the IT industry response. Continue Reading
-
Tip
22 Oct 2024
Threat intelligence vs. threat hunting: Better together
Understanding and using threat intelligence and threat hunting together provides enterprises with a well-rounded security posture. Find out how to build your plan. Continue Reading
-
News
22 Oct 2024
Thoma Bravo-owned Sophos to acquire Secureworks for $859M
Sophos said it plans to integrate Secureworks' products into a broader portfolio that serves both large enterprises and small and medium-sized businesses. Continue Reading
-
News
21 Oct 2024
Cisco confirms attackers stole data from DevHub environment
While Cisco said its systems were not breached, the vendor did confirm that attackers stole sensitive information from the public-facing portal. Continue Reading
-
News
17 Oct 2024
DOJ charges alleged Anonymous Sudan ringleaders
Two Sudanese brothers are accused of leading the cybercriminal group that caused significant damage to healthcare organizations as well as other high-profile victims. Continue Reading