Threat Detection
In this Refcard, you will learn about the evolving threat landscape, key challenges of emerging technologies, as well as basic and advanced threat detection techniques to integrate into your overall security strategy.
Tips, Expertise, Articles and Advice from the Pro's for Your Website or Blog to Succeed
The recent invasion of Ukraine has prompted many people to warn that cyberattacks will become more common around the world. F1000 corporations have issued alerts for their employees and urged them to be on the lookout for phishing emails that could result in the ingestion of malware that will jeopardize company networks and infrastructure.
Here are five steps developers and SecOps professionals can take to improve their threat hunting program and make it more effective.
We’re living in a world where technology advances at a breathtaking pace, and cybercriminals are always looking for the latest ways to target organizations and individuals alike. In such a turbulent digital transformation, security experts need to keep up with the latest trends and address the latest potential threats in innovative ways.
The world of cyber security is an incredibly fast-moving sector, with both security providers and hackers trying to constantly outsmart each other. Simply put, it’s a constant cycle of coming up with new attack strategies and threats while trying to find new and innovative ways to combat them or eradicate them before they gain more ground.
SIEM tools have become more challenging to set up, manage, and use on a day-to-day basis. Busy security teams find themselves overwhelmed by the SIEM solution itself, and this takes their focus away from the actual threats they need to identify and stop. The solution is to offload key threat detection capabilities from the in-house team to a SIEM solution, or service provider. This frees up the in-house security team to focus on strategic initiatives, and importantly, results in more secure systems.
A SIEM solution should excel at helping teams identify threats and mitigate them. In recent years, there has been a focus on mitigation, and neglect of actually identifying threats. SIEM has become all about operations and compliance, and less about security. Security teams have reflected this trend. They spend a bulk of their time collecting logs, parsing them, storing them for three months or more, dealing with alerts when they come up, and bringing down the meantime to recovery/response.
You've probably never heard any company tout the fact that theirs is a "legacy solution." Of course not. The term legacy carries a negative connotation — it's the opposite of "new and improved" in the language of marketers. But, in reality, some solutions indeed are legacy, and others represent the next generation of technology.
Both next-gen and legacy are overused terms that have no consistently precise meaning. Marketing folks can use them however they choose. So how do you determine which SIEM platforms are deserving of either the legacy or next-gen moniker?
Server-side request forgery (SSRF) attacks are yet another form of cyber-crime, and they are designed to specifically target a server by sending back-end requests from vulnerable web applications. These attacks can threaten not only servers, but other connected confidential information such as cloud services in AWS, Azure, and OpenStack as well. They can be especially challenging to battle since they are generally used to target internal systems protected by firewalls that are inaccessible from the external network; by directing these strikes, the attacker has the potential to gain full or partial control of the requests sent by a web application.
There are multiple approaches that the malicious user may take in a typical SSRF attack; a frequently seen example is by inducing the server to create a connection back to itself or external third-party services. From here, the attacker can seize control of the third-party service URL to which the web application makes a request. Other examples include making requests to internal resources, running port scans on internal IPs, and more. These attacks exploit relationships that your server has built, inciting trust only to strike the vulnerable application and carry out their own agenda.
There are many ways that artificial intelligence and machine learning can make a difference. Consider the situations below:
All of these have Artificial Intelligence (AI) and Machine Learning (ML) at play. It’s a wonder how technology has evolved, and the speed at which it has, that these accomplishments were made possible in the past decade. Application and adoption of AI increased exponentially during 2020 as the Covid-19 pandemic forced people, organizations, and governments to rethink everyday tasks.
In the realm of cybersecurity, risk management refers to the process in which organizations identify, analyze, and address various types of cyber risks that they may face in case their IT systems fail as a result of internal and external threats. These risks include the possibility of losing sensitive, private corporate data, experiencing disruptions in their day-to-day business operations, suffering reputational damages, and more.
Cyber risk management enables security teams to spot, measure, and evaluate vulnerabilities in their IT environment. Its connected systems and applications allow users to implement strategic ways to fix potential issues, thereby allowing organizations to avoid or reduce the impact of potential cyber risks. Unfortunately, many organizations find it difficult to implement cyber risk management effectively.