
Detection, Evasion, and the Pursuit of Immutable Artifacts
You’re probably familiar with the classic thought experiment: If a tree falls in a forest and no one is around to hear it, does it make a sound? In cybersecurity, we can ask a similar
Blog
You’re probably familiar with the classic thought experiment: If a tree falls in a forest and no one is around to hear it, does it make a sound? In cybersecurity, we can ask a similar
When considering KPIs for your SOC, mean time to detect, contain, and remediate (MTTR, MTTC, and MTTR); incident and alert volumes; and false positive rates get most of the attention. Regularly monitoring these higher-level metrics
Google Security Operations (SecOps) SIEM offers powerful tools for threat detection, and one of its most valuable features is the use of metrics within YARA-L rules. Metrics allow you to aggregate historical data over extended
Jay Lillie, CardinalOps VP of Customer Success, and Dr. Anton Chuvakin from the Google Office of the CISO engage in a fascinating conversation on the Do’s and Dont’s of SIEM at various stages of maturity.
By Michael Mumcuoglu, Co-Founder and CEO, CardinalOps In today’s rapidly evolving threat landscape, organizations face an overwhelming challenge: understanding and addressing the many types of security exposures that put them at risk. These exposures include
In the dynamic landscape of cybersecurity, staying ahead of threats requires an evolved approach to managing security tools, and preventing and detecting potential attacks. Traditional vulnerability management and breach-and-attack simulation tools have proven to be
A chaotic threat landscape and rapidly changing attack techniques has organizations facing increased pressure to deal with persistent threats by developing and deploying new security controls and being able to identify and manage misconfigured controls.
Even the best, most mature security teams must plan for worst-case scenarios – when an attack has slipped past their defensive and preventative technologies and becomes a threat. Detection is the last line of defense
Turn real adversary behaviors (TTPs) into actionable detection Organizations are struggling to keep up with an evolving threat landscape and security teams are increasingly burdened with the pressure to build an effective cyber defense against
Microsoft Azure utilizes blobs to house large amounts of unstructured data. An Azure blob can be configured to be accessed from specific IP addresses only. This is the common configuration and a known best practice
Ivanti’s recent disclosure of a new high-severity flaw in its Connect Secure VPN devices marks the fifth such vulnerability revealed over the past couple of months. This alarming trend sheds light on a broader issue
In this exploration, we delve into the intricacies of SIEM migration, focusing on critical aspects like the SIEM style, data acquisition, correlation methods, securing the SIEM, and the imperative task of migrating SIEM detection coverage.