Blog Archives - Page 2 of 6

Compensating Controls for Exposure Management: The Ultimate Guide

In a perfect world, you’d have enough time and resources to address every vulnerability and exposure. You could carefully implement tailored remediations that address specific security gaps. Patches would have little to no impact on

CardinalOps in the Preemptive Exposure Management Gartner Report

Security teams aren’t just asking “are we vulnerable?” anymore. They’re asking, “Where are we exposed…. and what can we do about it before something happens?” That’s the future Gartner lays out in their June 2025

Detection Pitfalls You Might Be Sleeping On

Detection engineering isn’t just about finding bad behavior. It’s about understanding how attackers appear normal—on accident or by design. Some of the most successful evasion techniques don’t involve zero-days or encryption. They rely on you writing

Polymorphic AI Malware: A Real-World POC and Detection Walkthrough

What Is Polymorphic AI Malware? Polymorphic AI malware refers to a new class of malicious software. It leverages artificial intelligence models, such as GPT-based language models, to dynamically generate, obfuscate, or modify its own code

The Analyst Who Cried Malware: Rethinking False Positives and Alert Fatigue

False positives aren’t just annoying. They’re corrosive. Every unnecessary alert chips away at the analyst’s attention span. Every poorly designed rule teaches the SOC to distrust its own tools. Every noisy detection makes it harder

Closing the Gaps in Linux Auditing & Detection Strategies

Linux systems are often overlooked when setting up security auditing and threat detection strategies. The main reason is that Linux auditing is far less explored by the security community than Windows auditing. A survey done

SANS Webinar Highlights — Detection, Meet Prevention: Enriching Defenses with MITRE Mitigations

During the SANS Spring Cyber Solutions Fest’s Detection & Response track, Jay Lillie, CardinalOps VP of Customer Success, and Dr. Anton Chuvakin, Advisor to the Google Office of the CISO, discussed ways to improve SOC

The CardinalOps RSA Conference 2025 Hype Guide

Soon over 40,000 people will gather in San Francisco for this year’s RSA conference. Many consider RSAC the industry’s most significant event (though Black Hat / DEF CON would disagree…). Legions of vendors, practitioners, investors,

Detection, Evasion, and the Pursuit of Immutable Artifacts

You’re probably familiar with the classic thought experiment: If a tree falls in a forest and no one is around to hear it, does it make a sound? In cybersecurity, we can ask a similar

Monitoring Granular SOC Metrics: Peak Network Traffic and Initial User Logins

When considering KPIs for your SOC, mean time to detect, contain, and remediate (MTTR, MTTC, and MTTR); incident and alert volumes; and false positive rates get most of the attention. Regularly monitoring these higher-level metrics

Leveraging Metrics in Google SecOps SIEM for Enhanced Threat Detection

Google Security Operations (SecOps) SIEM offers powerful tools for threat detection, and one of its most valuable features is the use of metrics within YARA-L rules. Metrics allow you to aggregate historical data over extended

Webinar Highlights — Detection Engineering Maturity: Helping SIEMs Find Their Adulting Skills

Jay Lillie, CardinalOps VP of Customer Success, and Dr. Anton Chuvakin from the Google Office of the CISO engage in a fascinating conversation on the Do’s and Dont’s of SIEM at various stages of maturity.