Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
Feature
30 May 2023
Vendors: Threat actor taxonomies are confusing but essential
Despite concern about the proliferation of naming taxonomies used to identify threat groups, vendors say they are crucial their understanding and visibility into threat activity. Continue Reading
-
News
25 May 2023
Chinese hackers targeting U.S. critical infrastructure
Microsoft uncovered a Chinese nation-state threat group that is compromising Fortinet FortiGuard devices to gain access to critical infrastructure entities in the U.S. and Guam. Continue Reading
-
News
03 Feb 2022
Distrust, feuds building among ransomware groups
In an industry that operates in anonymity, trust is everything -- but recent accusations of ransomware actors working with or being law enforcement is threatening that work model. Continue Reading
-
Feature
02 Feb 2022
A day in the life of a cybersecurity manager
The role of a cybersecurity leader is often misunderstood. Experience a day in the life of a cybersecurity manager with this breakdown of a security leader's typical schedule. Continue Reading
-
Feature
02 Feb 2022
Top cybersecurity leadership challenges and how to solve them
Security isn't always a top business priority. This creates challenges for the cybersecurity managers and teams that hope to integrate security into their company's agenda. Continue Reading
-
Feature
02 Feb 2022
What's the status of AI in networking?
The use cases for AI are expanding, but despite the advantages, network pros have yet to implement AI fully. Three analysts explain the status of AI in enterprise networks. Continue Reading
-
News
02 Feb 2022
More than 1,000 malware packages found in NPM repository
Researchers with WhiteSource were able to find some 1,300 examples of malware hiding under the guise of legitimate JavaScript packages on the NPM repository. Continue Reading
-
News
01 Feb 2022
Iranian hacking groups pick up the pace with new attacks
Two security vendors are reporting a fresh wave of targeted attacks and malware outbreaks believed to be the work of Iranian state-sponsored threat groups. Continue Reading
-
News
01 Feb 2022
Ransomware attacks continue to plague public services
Ransomware this year has picked up right where 2021 left off, with several local governments, schools and health services across the U.S. suffering attacks. Continue Reading
-
Feature
31 Jan 2022
Include defensive security in your cybersecurity strategy
Is your company's cybersecurity strategy comprehensive enough to protect against an expanding threat landscape? Learn how developing defensive security strategies can help. Continue Reading
-
Feature
28 Jan 2022
Nmap use cases, tools and product comparisons
Nmap is historically known for port scanning, but thanks to several subprojects, its use cases have expanded. Learn how Nmap is used, along with other comparable tools. Continue Reading
-
News
27 Jan 2022
SolarWinds hackers still active, using new techniques
CrowdStrike has tracked the latest threat activity and novel techniques from the SolarWinds hackers, a Russian state-sponsored group known as Cozy Bear. Continue Reading
-
Feature
27 Jan 2022
How to use Nmap to scan for open ports
One of Nmap's primary functions is conducting port scans. In this walkthrough, learn how to launch a default scan, along with other options that affect Nmap port scan behavior. Continue Reading
-
Guest Post
27 Jan 2022
How AI can help security teams detect threats
AI and machine learning are reshaping modern threat detection. Learn how they help security teams efficiently and accurately detect malicious actors. Continue Reading
-
News
26 Jan 2022
New vulnerability rating framework aims to fill in CVSS gaps
The CVSS vulnerability scale doesn't always give a clear picture of the risk of a vulnerability, but experts hope the emerging standard called EPSS will provide more clarity. Continue Reading
-
News
25 Jan 2022
Sophos: Log4Shell impact limited, threat remains
Sophos threat researcher Chet Wisniewski detailed the unexpectedly limited impact Log4Shell had on organizations but warned of future exploitation and risks. Continue Reading
-
News
25 Jan 2022
Bernalillo County ransomware attack still felt weeks later
A ransomware attack in early January disrupted government systems in New Mexico's largest county, which stalled operations at county offices and the county detention center. Continue Reading
-
Feature
24 Jan 2022
Enterprises reluctant to report cyber attacks to authorities
Despite some successful law enforcement operations, including the seizure of a ransom payment, infosec experts say many enterprises are still unlikely to report cyber attacks. Continue Reading
-
News
20 Jan 2022
Crypto.com confirms $35M lost in cyber attack
The cryptocurrency exchange had claimed no customer funds were lost in the recent cyber attack, but now admits 4,836.26 ETH and 443.93 bitcoin was stolen. Continue Reading
-
News
20 Jan 2022
Cisco: Patching bugs is about more than CVSS numbers
Cisco's Kenna Security advised enterprises to consider more than just CVSS scores and update advisories when deciding when and how to address security vulnerabilities. Continue Reading
-
News
19 Jan 2022
FireEye, McAfee Enterprise relaunch as XDR-focused Trellix
Though the new company is a combination of two high-profile security vendors, private equity firm STG relaunched the merger under an entirely different name. Continue Reading
-
News
18 Jan 2022
Cryptocurrency exchange Crypto.com hit by cyber attack
The cryptocurrency exchange said it detected unauthorized activity on some user accounts over the weekend, but questions remain on the severity of the attacks. Continue Reading
-
News
18 Jan 2022
Ukraine hit with destructive malware attacks amidst turmoil
A new type of destructive malware was discovered by Microsoft after public and private organizations in Ukraine endured a series of cyber attacks as tensions with Russia grow. Continue Reading
-
News
12 Jan 2022
New RAT campaign abusing AWS, Azure cloud services
Cisco Talos discovered threat actors taking advantage of public cloud services to spread remote administration tools such as NanoCore, NetWire and AsyncRAT. Continue Reading
-
News
06 Jan 2022
New Zloader attacks thwarting Microsoft signature checks
Check Point Software Technologies found a long-known trick of injecting code into valid file signatures remains effective for spreading malware such as Zloader. Continue Reading
-
News
05 Jan 2022
MicroStrategy enhances security, embedded analytics features
The vendor recently upgraded its products to the latest version of Log4j's software while also adding a new viewing experience and embedded BI capabilities to its platform. Continue Reading
-
Feature
04 Jan 2022
Is quantum computing ready to disrupt cybersecurity?
Quantum computing isn't here yet, but now is the time for companies to start considering how it may affect their business -- both negatively and positively -- in the next decade. Continue Reading
-
News
30 Dec 2021
Threat actors target HPE iLO hardware with rootkit attack
Integrated Lights Out, HPE's remote server management platform, has been compromised by intruders who are using it to install a hard-to-detect rootkit in the wild. Continue Reading
-
News
20 Dec 2021
5 Russians charged in hacking, illegal trading scheme
A group of hackers based in Russia and tied to the GRU stand accused of breaking into companies and using confidential data to profit from illegal stock trades. Continue Reading
-
Podcast
17 Dec 2021
Risk & Repeat: Log4Shell shakes infosec industry
This Risk & Repeat podcast episode looks at the latest developments with Log4Shell and the efforts to mitigate the critical remote code executive vulnerability. Continue Reading
-
Tip
16 Dec 2021
Top 4 cloud misconfigurations and best practices to avoid them
Cloud security means keeping a close eye on how cloud resources and assets are configured. Some simple steps can keep you safe from hackers and other malicious activities. Continue Reading
-
Tip
15 Dec 2021
Where do PSIM systems fit into disaster recovery?
Organizations that use multiple security platforms can look to PSIM systems to be better prepared for an incident. Read on for more about how they work. Continue Reading
-
News
15 Dec 2021
Log4j gets a second update as security woes pile up
Administrators who were already scrambling to patch up the Log4Shell flaw are now being advised to update to Log4j version 2.16.0 following the discovery of issues in 2.15.0. Continue Reading
-
News
15 Dec 2021
'Insane' spread of Log4j exploits won't abate anytime soon
Experts say that the explosion in exploits for CVE-2021-44228 is only the early phase of what will be a long and tedious road to remediation for the critical vulnerability. Continue Reading
-
News
13 Dec 2021
Fixes for Log4j flaw arise as attacks soar
Exploits against the Log4j security vulnerability are already commonplace just days after its disclosure, but some vendors are already offering mitigations and detection tools. Continue Reading
-
News
10 Dec 2021
Dark web posts shed light on Panasonic breach
A network breach at Japanese electronics giant Panasonic was possibly set up as far back as January, according to researchers who were monitoring dark web forums. Continue Reading
-
Tip
10 Dec 2021
Cybersecurity employee training: How to build a solid plan
Cybersecurity training often misses the mark, while threats continue to grow. Succeed where others have failed by keeping training fresh, current and real. Here's how. Continue Reading
-
News
09 Dec 2021
Rubrik's ransomware tools put detection in line with protection
To better protect against ransomware, Rubrik has expanded the capabilities of its core platform and added new features including cyber threat hunting and Rubrik Cloud Vault. Continue Reading
-
Tip
09 Dec 2021
How to train agents on call center fraud detection
Poorly trained call center agents are easy targets for bad actors. Organizations must prepare for call center fraud with proper agent training and anti-fraud technologies. Continue Reading
-
Feature
08 Dec 2021
Browse 9 email security gateway options for your enterprise
Finding the best email security gateway is vital to protect companies from cyber attacks. Here's a look at the current market leaders and their standout features. Continue Reading
-
News
07 Dec 2021
USB-over-Ethernet bugs put cloud services at risk
SentinelOne says vulnerabilities in the Eltima SDK, which connects USB devices on virtual workstations, can put enterprises at risk of privilege escalation attacks. Continue Reading
-
Guest Post
07 Dec 2021
Why image-based phishing emails are difficult to detect
Image-based phishing emails are becoming increasingly popular with attackers. Learn how these hard-to-detect scams bypass email filters to infiltrate victims' systems. Continue Reading
-
News
06 Dec 2021
One year later, SolarWinds hackers targeting cloud providers
The hacking crew accused of breaking into SolarWinds a year ago is back at it and is trying to get to their targets through attacks on the networks of cloud computing providers. Continue Reading
-
Tip
06 Dec 2021
How to get started with attack surface reduction
Attack surface reduction and management are vital to any security team's toolbox. Learn what ASR is and how it complements existing vulnerability management products. Continue Reading
-
Tip
06 Dec 2021
Security log management and logging best practices
Learn how to conduct security log management that provides visibility into IT infrastructure activities and traffic, improves troubleshooting and prevents service disruptions. Continue Reading
-
News
03 Dec 2021
Hundreds of new vulnerabilities found in SOHO routers
Researchers credited vendors for their swift response to reports of widespread security vulnerabilities but warned users to make sure firmware is updated to avoid attacks. Continue Reading
-
News
02 Dec 2021
Former Ubiquiti engineer arrested for inside threat attack
Nickolas Sharp is accused of attacking his former employer, stealing confidential data and attempting to extort the company into paying him approximately $2 million. Continue Reading
-
News
01 Dec 2021
CISA taps CrowdStrike for endpoint security
The U.S. government's cybersecurity authority will be watched over by security vendor CrowdStrike as part of the larger government IT security overhaul. Continue Reading
-
News
29 Nov 2021
Hack 'Sabbath': Elusive new ransomware detected
A newly uncovered ransomware operation, dubbed UNC2190 or "Sabbath," has roots in a previous ransomware group but has so far been able to operate mostly undetected. Continue Reading
-
Feature
29 Nov 2021
Elastic Stack Security tutorial: How to create detection rules
This excerpt from 'Threat Hunting with Elastic Stack' provides step-by-step instructions to create detection rules and monitor network security events data. Continue Reading
-
Feature
29 Nov 2021
Elastic Security app enables affordable threat hunting
New to threat hunting in cybersecurity? Consider using the open code Elastic Stack suite to gather security event data and create visualizations for decision-makers. Continue Reading
-
News
23 Nov 2021
Apple files lawsuit against spyware vendor NSO Group
Apple sued the Israeli technology vendor, whose Pegasus spyware has been implicated in several malicious attacks on journalists, activists and government officials. Continue Reading
-
News
22 Nov 2021
GoDaddy discloses breach of 1.2M customer account details
Web hosting provider GoDaddy said an attacker broke into its Managed WordPress service and accessed the account details and SSL keys of 1.2 million customers. Continue Reading
-
News
19 Nov 2021
How enterprises need to prepare for 'cyberwar' conflicts
Infosec expert Tarah Wheeler said increasing international conflicts are posing new compliance and regulatory standards, but adapting the changes may be difficult for enterprises. Continue Reading
-
News
18 Nov 2021
CISA, Microsoft warn of rise in cyber attacks from Iran
CISA and Microsoft this week issued alerts about increased threat activity Iranian nation-state hacking groups, including ransomware attacks on enterprises. Continue Reading
-
News
18 Nov 2021
New side channel attack resurrects DNS poisoning threat
A new side channel attack would potentially allow attackers to poison DNS servers and reroute traffic to malicious sites. Continue Reading
-
Podcast
17 Nov 2021
Risk & Repeat: Are ransomware busts having an effect?
International law enforcement agencies this year have stepped up efforts to address the ransomware threat with arrests, indictments and multimillion-dollar rewards. Continue Reading
-
News
15 Nov 2021
FBI email system compromised to issue fake alerts
An unknown threat actor sent emails warning of a supply chain attack through an FBI portal used by law enforcement agencies to communicate with one another. Continue Reading
-
News
11 Nov 2021
Citrix DDOS bug leaves networks vulnerable
Citrix patched a critical bug in its Application Delivery Controller and Gateway software that left networks open to DDOS attacks. It also fixed a less-severe SD-WAN WANOP bug. Continue Reading
-
News
11 Nov 2021
'King of Fraud' sentenced for Methbot botnet operation
Aleksandr Zhukov was sentenced to 10 years in prison for the theft of $7 million in a massive digital advertising fraud operation using his 'Methbot' botnet. Continue Reading
-
Guest Post
10 Nov 2021
4 concepts that help balance business and security goals
The goal of enterprise security is to maintain connectivity, while remaining protected. Use these four concepts to balance business and security goals. Continue Reading
-
News
09 Nov 2021
Medical devices at risk from Siemens Nucleus vulnerabilities
Thirteen bugs, including a critical security flaw, have been patched in the Siemens Nucleus TCP/IP stack, a vital component for millions of connected medical devices. Continue Reading
-
Guest Post
21 Sep 2021
3 components to consider when selecting an MDR service
In the market for an MDR service? Read up on three considerations to keep in mind and questions to ask potential providers before making a decision. Continue Reading
-
News
08 Sep 2021
Microsoft zero-day flaw exploited in the wild
Microsoft and the Cybersecurity and Infrastructure Security Agency have issued advisories warning users to mitigate against a zero-day flaw, as no patch has been released. Continue Reading
-
Guest Post
02 Aug 2021
Network security in the return-to-work era
IT teams are dealing with the challenge of reconnecting devices to office networks as employees return to work. Here's how your organization can overcome that challenge. Continue Reading
-
Answer
07 Jul 2021
What are port scan attacks and how can they be prevented?
Port scans provide data on how networks operate. In the wrong hands, this info could be part of a larger malicious scheme. Learn how to detect and defend against port scan attacks. Continue Reading
-
Report
01 Apr 2021
Ultimate guide to cybersecurity incident response
Learn actionable incident response strategies that your IT and enterprise security teams can use to meet today's security threats and vulnerabilities more effectively. Continue Reading
-
News
11 Mar 2021
Cisco found cryptomining activity within 69% of customers
Cisco found cryptomining malware affected a vast majority of customers in 2020, generating massive amounts of malicious DNS traffic while sucking up precious computing resources. Continue Reading
-
Feature
04 Mar 2021
How to become a threat hunter
Top threat hunters are creative and slightly contrarian, enabling them to think outside the box -- much like the best cybercriminals, according to one expert. Continue Reading
-
Tip
23 Feb 2021
How to achieve security observability in complex environments
Security observability is a novel approach to incident detection that goes beyond traditional monitoring. Read on to learn if this emerging strategy is right for your enterprise. Continue Reading
-
Feature
12 Feb 2021
Threat detection and response tools evolve and mature
A variety of threat detection and response tools, such as XDR, are evolving into platforms to help enterprises share information and stay ahead of cybersecurity threats. Continue Reading
-
Tip
08 Dec 2020
Pros and cons of an outsourced SOC vs. in-house SOC
Security operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource SOC capabilities. Continue Reading
-
Tip
03 Dec 2020
8 challenges every security operations center faces
Staffing shortages, budget allocation issues, and inadequate analytics and filtering are among the challenges organizations will face as they implement a security operations center. Continue Reading
-
Feature
27 Oct 2020
Zero-trust network policies should reflect varied threats
Role-based access systems create enormous pools of responsibility for administrators. Explore how to eliminate these insecure pools of trust with zero-trust network policies. Continue Reading
-
Tip
29 Jul 2020
As network security analysis proves invaluable, NDR market shifts
IT infrastructure threat detection and response have emerged as critical elements of enterprise cybersecurity as network security analysis proves invaluable to protecting data. Continue Reading
-
Quiz
28 Jul 2020
IDS/IPS quiz: Intrusion detection and prevention systems
Want a baseline of your intrusion detection and prevention system knowledge? Test your insights with this IDS/IPS quiz. Continue Reading
-
News
24 Mar 2020
Cisco security GM discusses plan for infosec domination
At RSA Conference 2020, Gee Rittenhouse, senior vice president and general manager of Cisco's security group, talks about the company's strategy to reshape the infosec industry. Continue Reading
-
News
06 Feb 2020
Forescout acquired by private equity firm for $1.9 billion
Network security vendor Forescout Technologies was acquired for $1.9 billion by Advent International, a private equity firm looking to increase its cybersecurity investments. Continue Reading
-
Answer
10 Dec 2019
How to prevent port scan attacks
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and prevent port scanning attacks. Continue Reading
-
Tip
18 Nov 2019
Use network traffic analysis to detect next-gen threats
Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting new breeds of low-and-slow threats. Continue Reading
-
News
01 Oct 2019
Sophos launches Managed Threat Response service
The new offering is built on Sophos' endpoint security platform Intercept X Advanced, with capabilities supported by the company's recent acquisition of Rook Security and DarkBytes. Continue Reading
-
News
05 Sep 2019
Awake Security adds adversarial model to security platform
The new feature is meant to enable companies to identify attackers faster. Other updates to the security system include extending cloud capabilities to Amazon Web Services. Continue Reading
-
News
26 Aug 2019
Puppet launches its first vulnerability remediation product
Puppet Remediate is a vulnerability remediation product that shares data between security and IT ops, provides risk-based prioritization and offers agentless remediation. Continue Reading
-
News
06 Aug 2019
LogicHub introduces automation updates to its SOAR platform
Security vendor LogicHub introduced new features to its SOAR platform that intend to automate tedious threat detection and response processes and save security teams time. Continue Reading
-
Tip
23 Jul 2019
Which is better: anomaly-based IDS or signature-based IDS?
Even as vendors improve IDS by incorporating both anomaly-based IDS and signature-based IDS, understanding the difference will aid intrusion protection decisions. Continue Reading
-
Answer
31 May 2019
How can SIEM and SOAR software work together?
Many security pros initially thought SOAR software could replace SIEM. Our security expert advocates learning how SIEM and SOAR can work together. Continue Reading
-
Tip
29 Apr 2019
2019's top 5 free enterprise network intrusion detection tools
Snort is one of the industry's top network intrusion detection tools, but plenty of other open source alternatives are available. Discover new and old favorites for packet sniffing and more. Continue Reading
-
News
15 Apr 2019
Blue Hexagon bets on deep learning AI in cybersecurity
Cybersecurity startup Blue Hexagon uses deep learning to detect network threats. Security experts weigh in on the limitations of AI technologies in cybersecurity. Continue Reading
-
Answer
14 Feb 2019
Why did a Cisco patch for Webex have to be reissued?
Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch with Judith Myerson. Continue Reading
-
Tip
10 Dec 2018
5 actionable deception-tech steps to take to fight hackers
Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture. Continue Reading
-
Opinion
03 Dec 2018
Ron Green: Keeping the payment ecosystem safe for Mastercard
"We have invested a billion dollars over the last couple of years just in security," says Ron Green, Mastercard's chief of security, who joined the company in 2014. Continue Reading
- 03 Dec 2018
-
Feature
03 Dec 2018
Threat hunting techniques move beyond the SOC
Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated. Continue Reading
- 03 Dec 2018
-
Opinion
03 Dec 2018
The threat hunting process is missing the human element
Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt? Continue Reading
- 03 Dec 2018
- E-Zine 03 Dec 2018
-
Tip
29 Nov 2018
Is network traffic monitoring still relevant today?
An increase in DNS protocol variants has led to a higher demand for network traffic monitoring. The SANS Institute's Johannes Ullrich explains what this means for enterprises. Continue Reading
-
Answer
22 Nov 2018
How was a black box attack used to exploit ATM vulnerabilities?
Researchers from Positive Technologies found flaws affecting NCR ATMs. Discover how these ATM vulnerabilities work and how a patch can mitigate this attack. Continue Reading
-
Tip
05 Nov 2018
How deception technologies improve threat hunting, response
Deception tech tools enable more effective threat hunting and incident response. Learn how these tools can give security pros an edge in defending their company systems and data. Continue Reading
-
Answer
07 Aug 2018
What does the expansion of MANRS mean for BGP security?
The Internet Society expanded MANRS to crack down on BGP security. Expert Michael Cobb explains what MANRS is and its implications for BGP server security. Continue Reading
-
Tip
07 Jun 2018
Where machine learning for cybersecurity works best now
Need to up your endpoint protection endgame? Learn how applying machine learning for cybersecurity aids in the fight against botnets, evasive malware and more. Continue Reading