Colonial Pipeline Ransomware Attack: Lessons for Technologists
Eliminate monitoring blind spots in your SIEM using MITRE ATT&CK.
-
-
Enterprise SIEMs Fall Short on Detecting Attacks
75% of organizations that forward identity logs such as Active Directory and Okta to their SIEM, do not use them.
-
Enterprise SIEMs are Missing Detections for 4 out of 5 of All MITRE ATT&CK Techniques
Second annual report analyzed production SIEM instances to understand SOC preparedness to detect latest adversary techniques in MITRE ATT&CK.
-
Data Shows Enterprise SIEMs Detect Fewer Than 5 of the Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild
Actual coverage remains far below what most organizations expect; organizations unaware of gap between their assumed security and defenses actually in place.
-
SolarWinds Data Breach Lawsuit Takeaways for CISOs
What the lawsuit about the SolarWinds attack teaches us about minimum standards of due care.
-
CISA, Int’l Cybersecurity Bodies Issue Advisory to MSPs
Why going after MSPs is an increasingly common type of supply chain attack
-
Better Cybercrime Metrics Act Signed Into Law
How standard frameworks like VERIS and MITRE ATT&CK enable a standard language and taxonomy about cyberattacks
-
FBI Director Warns of Chinese Espionage Threats
Use MITRE ATT&CK to ensure you have detections for the latest adversary techniques employed by APT groups like Deep Panda.
-
Devo Technology and the Autonomous SOC
Automation is critical for addressing constant change in threat landscape — plus exponential increase in volume of data collected to spot suspicious activities.
-
What It Takes to Become an Information Security Analyst
A natural curiosity for how things work, such as what the database logs tell you or what does a specific cloud permission let you do.
-
Patch, Remediation Advice Emerges for Spring4Shell Vulnerability
Monitor suspicious processes spawned by Java. Avoid false positives by investigating logs at least 90 days back and whitelisting known child-process.
-
New Imminent Threats to The Power Grid
Industrial control systems are juicy targets for nation-state attackers because they typically don’t have the same level of monitoring as corporate IT networks.