Threat Management Archives

Lessons from the Stryker Cyberattack: Closing Critical Detection Gaps

Recent news of a cyberattack targeting global medical technology manufacturer Stryker is another reminder that even highly sophisticated organizations remain vulnerable to modern cyber threats. The attack reportedly disrupted corporate systems and forced employees offline

The Year of the Evasive Adversary: What CrowdStrike’s 2026 Global Threat Report Means for Detection Engineering

CrowdStrike’s 2026 Global Threat Report calls 2025 “the year of the evasive adversary” (see the full report here: https://www.crowdstrike.com/en-us/global-threat-report/) — and for anyone leading detection engineering, that phrase should land heavily. What the report ultimately

It’s Not a Bug, It’s Feature Abuse: A Deep Dive Into Azure Web App Logs and Attack Visibility

Azure makes it easy to spin up serverless functions and web apps, a convenience that often comes with security blind spots. Logs are fragmented across services, authentication defaults may leave endpoints exposed, and preview environments

Living off WinRM: Abusing Complexity in Remote Management

Key Context: What Is LOLBAS Anyway? LOLBAS (Living Off The Land Binaries, Scripts, and Libraries) are legitimate Windows tools and binaries that attackers abuse to perform malicious actions without using custom malware. One of the

Polymorphic AI Malware: A Real-World POC and Detection Walkthrough

What Is Polymorphic AI Malware? Polymorphic AI malware refers to a new class of malicious software. It leverages artificial intelligence models, such as GPT-based language models, to dynamically generate, obfuscate, or modify its own code

Closing the Gaps in Linux Auditing & Detection Strategies

Linux systems are often overlooked when setting up security auditing and threat detection strategies. The main reason is that Linux auditing is far less explored by the security community than Windows auditing. A survey done

Detection, Evasion, and the Pursuit of Immutable Artifacts

You’re probably familiar with the classic thought experiment: If a tree falls in a forest and no one is around to hear it, does it make a sound? In cybersecurity, we can ask a similar

Monitoring Granular SOC Metrics: Peak Network Traffic and Initial User Logins

When considering KPIs for your SOC, mean time to detect, contain, and remediate (MTTR, MTTC, and MTTR); incident and alert volumes; and false positive rates get most of the attention. Regularly monitoring these higher-level metrics

Leveraging Metrics in Google SecOps SIEM for Enhanced Threat Detection

Google Security Operations (SecOps) SIEM offers powerful tools for threat detection, and one of its most valuable features is the use of metrics within YARA-L rules. Metrics allow you to aggregate historical data over extended

CardinalOps Expands AI-Powered Threat Exposure Management Platform, Unifying Prevention and Detection for Enhanced Cyber Risk Reduction

Michael Mumcuoglu, Co-Founder and CEO of CardinalOps says, “With this launch, we are enabling organizations to rethink how they approach threat exposure management.”

SANS 2024 Detection and Response Survey – Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response

Download the SANS 2024 Detection and Response Survey to discover insights from cybersecurity professionals on navigating today’s detection and response challenges. Key findings include:

Enhancing Cyber Defense Through Automated Security Control Assessment (ASCA)

A chaotic threat landscape and rapidly changing attack techniques has organizations facing increased pressure to deal with persistent threats by developing and deploying new security controls and being able to identify and manage misconfigured controls.