Blog Archives - Page 2 of 3

Why MITRE ATT&CK Has Taken Over the SOC World

I recently listened to an excellent summary about why MITRE ATT&CK has taken over the SOC world (sorry, it’s behind a paywall called “CSO Perspectives,” but this blog post is intended to summarize the key

Leveraging AI and Automation with MITRE ATT&CK to Eliminate Detection Coverage Gaps in Your SOC

At Black Hat 2022, our VP of Cyber Defense Strategy was interviewed on Security Guy TV to discuss why MITRE ATT&CK has become a standard way of describing your defensive posture to management as well

SIEM Detections for Okta PassBleed (Splunk, Microsoft Sentinel, IBM QRadar, Sumo Logic)

Summary This blog post summarizes new password stealing and impersonation risks recently discovered for Okta, along with recommended SIEM detection rules and associated MITRE ATT&CK techniques for SIEM solutions including Splunk, Microsoft Sentinel, IBM QRadar,

Splunk and other SIEM detections for Follina, a clever MS-Office 0-day

Summary This blog post summarizes Follina, an RCE zero-day discovered in Microsoft Office. It provides recommended detections in the native query languages for Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic, along with associated MITRE

Enterprise SIEMs Detect Fewer Than 5 of Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild

“Organizations need to become more intentional about detection in their SOCs. What should we detect? Do we have use cases for those scenarios? Do they actually work? Do they help my SOC analysts effectively triage

Dr. Anton Chuvakin answers questions about SIEM, EDR, and XDR — from our recent SANS webinar on the future of SIEM

Dr. Anton Chuvakin Discusses “20 Years of SIEM – What’s Next?” Learn what Dr. Anton Chuvakin, Head of Security Solution Strategy at Google Cloud and former Gartner Research VP, has to say about questions like:

Spring into action (with SIEM detection rules for Spring4shell)

Spring into action (with SIEM detection rules for Spring4shell) The Spring Framework is an open source application framework that provides infrastructure support for developing Java applications. The framework can be used by any Java application

Lapsus$ vs the world: SIEM detection rules with ATT&CK mapping

Image credit: World of Dictionary A new player has entered the game The ”Lapsus$” group, unknown before December 2021, has made multiple headlines in recent weeks, following multiple data breaches in big companies such as

How do Russian threat groups avoid “friendly cyber fire”? (TL;DR – By installing a Russian language pack)

Welcome to cyber-physical conflict The current situation in Ukraine demonstrates once again how the lines have blurred between cyber and physical conflict.

What Anton Chuvakin is Saying About SOC Threat Coverage

Anton Chuvakin, SIEM expert and former Gartner analyst (now at Google Chronicle) has written a thought-provoking blog post titled “SOC Threat Coverage Analysis — Why/How?“.

Why Detection for Log4j Vulnerabilities is Both Important and Difficult

In the last few weeks we’ve heard a lot about the Log4j vulnerabilities, with the most prominent being log4shell, and unfortunately, this is just the beginning. The situation is very serious, as the recommendations from

Broken Glam: How healthy is your SIEM?

Threats are constant. Organizations are trying to always stay ahead of new methods of attack, APT groups, and other known vulnerabilities. A key component of any SOC is a well-functioning SIEM. However, the SIEM is