Threat Management Archives

Security Layers — Measuring MITRE ATT&CK Detection Coverage Across Your Entire Attack Surface, Linked to Business Outcomes

If you’re like most of us in the defender community, you’re probably tired of seeing all the colored heat maps used to represent MITRE ATT&CK detection coverage.

Detecting Microsoft Outlook Vulnerability CVE-2023-23397 in Splunk, IBM QRadar & Microsoft Sentinel

Summary Discovered by the Ukrainian CERT and attributed to APT28 (aka Fancy Bear or Strontium, the Russian GRU threat actor), CVE-2023-23397 is being actively exploited in targeted attacks against government, transportation, energy, and military sectors

CardinalOps CEO Discusses the State of Today’s SOC Teams on Silo Busting Podcast

Michael Mumcuoglu, CEO and Founder of CardinalOps, recently join the EPAM Continuum podcast, Silo Busting, for a discussion assessing the state of today’s SOC teams. Also featured on the podcast were Sam Rehman, EPAM’s Chief

CardinalOps Named as Winner in 2023 Cybersecurity Excellence Awards for Detection Posture Management

TEL-AVIV, Israel and BOSTON, March 9, 2023 — CardinalOps, the detection posture management company, today announced that the 2023 Cybersecurity Excellence Awards have selected the CardinalOps platform as gold winner of the Continuous Detection Posture Management (CDPM) category. Past

How Detection Posture Management Can Help CISOs Track the Right Metrics

In a recent SC Media column, Michael Mumcuoglu – CEO of CardinalOps, writes that instead of manually identifying gaps in MITRE ATT&CK coverage, it should be automated so that security teams always have a clear

What CISOs Don’t Know About Their SOCs

In a recent SC Media column, Michael Mumcuoglu – CEO of CardinalOps, wrote how continuous improvement techniques can help CISOs more effectively manage the growing threat landscape and improve the visibility and effectiveness of their

Why MITRE ATT&CK Has Taken Over the SOC World

I recently listened to an excellent summary about why MITRE ATT&CK has taken over the SOC world (sorry, it’s behind a paywall called “CSO Perspectives,” but this blog post is intended to summarize the key

Leveraging AI and Automation with MITRE ATT&CK to Eliminate Detection Coverage Gaps in Your SOC

At Black Hat 2022, our VP of Cyber Defense Strategy was interviewed on Security Guy TV to discuss why MITRE ATT&CK has become a standard way of describing your defensive posture to management as well

SIEM Detections for Okta PassBleed (Splunk, Microsoft Sentinel, IBM QRadar, Sumo Logic)

Summary This blog post summarizes new password stealing and impersonation risks recently discovered for Okta, along with recommended SIEM detection rules and associated MITRE ATT&CK techniques for SIEM solutions including Splunk, Microsoft Sentinel, IBM QRadar,

Splunk and other SIEM detections for Follina, a clever MS-Office 0-day

Summary This blog post summarizes Follina, an RCE zero-day discovered in Microsoft Office. It provides recommended detections in the native query languages for Splunk, Microsoft Sentinel, IBM QRadar, and Sumo Logic, along with associated MITRE

Enterprise SIEMs Detect Fewer Than 5 of Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild

“Organizations need to become more intentional about detection in their SOCs. What should we detect? Do we have use cases for those scenarios? Do they actually work? Do they help my SOC analysts effectively triage

Dr. Anton Chuvakin answers questions about SIEM, EDR, and XDR — from our recent SANS webinar on the future of SIEM

Dr. Anton Chuvakin Discusses “20 Years of SIEM – What’s Next?” Learn what Dr. Anton Chuvakin, Head of Security Solution Strategy at Google Cloud and former Gartner Research VP, has to say about questions like: