Detection, Evasion, and the Pursuit of Immutable Artifacts
You’re probably familiar with the classic thought experiment: If a tree falls in a forest and no one is around to hear it, does it make a sound? In cybersecurity, we can ask a similar
Blog
-
-
Monitoring Granular SOC Metrics: Peak Network Traffic and Initial User Logins
When considering KPIs for your SOC, mean time to detect, contain, and remediate (MTTR, MTTC, and MTTR); incident and alert volumes; and false positive rates get most of the attention. Regularly monitoring these higher-level metrics
-
Leveraging Metrics in Google SecOps SIEM for Enhanced Threat Detection
Google Security Operations (SecOps) SIEM offers powerful tools for threat detection, and one of its most valuable features is the use of metrics within YARA-L rules. Metrics allow you to aggregate historical data over extended
-
Webinar Highlights — Detection Engineering Maturity: Helping SIEMs Find Their Adulting Skills
Jay Lillie, CardinalOps VP of Customer Success, and Dr. Anton Chuvakin from the Google Office of the CISO engage in a fascinating conversation on the Do’s and Dont’s of SIEM at various stages of maturity.
-
Rethinking Threat Exposure Management: A Unified Approach to Reducing Risk
By Michael Mumcuoglu, Co-Founder and CEO, CardinalOps In today’s rapidly evolving threat landscape, organizations face an overwhelming challenge: understanding and addressing the many types of security exposures that put them at risk. These exposures include
-
Optimize Security Controls with Continuous Threat Exposure Management (CTEM)
In the dynamic landscape of cybersecurity, staying ahead of threats requires an evolved approach to managing security tools, and preventing and detecting potential attacks. Traditional vulnerability management and breach-and-attack simulation tools have proven to be
-
Enhancing Cyber Defense Through Automated Security Control Assessment (ASCA)
A chaotic threat landscape and rapidly changing attack techniques has organizations facing increased pressure to deal with persistent threats by developing and deploying new security controls and being able to identify and manage misconfigured controls.
-
Detection Posture Management: Reduce your organization’s exposure to threats
Even the best, most mature security teams must plan for worst-case scenarios – when an attack has slipped past their defensive and preventative technologies and becomes a threat. Detection is the last line of defense
-
CardinalOps Launches TI-Ops to Operationalize Adversary Intelligence through AI and Automation
Turn real adversary behaviors (TTPs) into actionable detection Organizations are struggling to keep up with an evolving threat landscape and security teams are increasingly burdened with the pressure to build an effective cyber defense against
-
Safeguarding Azure Blobs: Detecting Public Network Access Configurations
Microsoft Azure utilizes blobs to house large amounts of unstructured data. An Azure blob can be configured to be accessed from specific IP addresses only. This is the common configuration and a known best practice
-
The Importance of Proactive Detection Engineering in Light of Ivanti’s VPN Vulnerabilities
Ivanti’s recent disclosure of a new high-severity flaw in its Connect Secure VPN devices marks the fifth such vulnerability revealed over the past couple of months. This alarming trend sheds light on a broader issue
-
SIEM Migration: Challenges and Strategies
In this exploration, we delve into the intricacies of SIEM migration, focusing on critical aspects like the SIEM style, data acquisition, correlation methods, securing the SIEM, and the imperative task of migrating SIEM detection coverage.