Threat Detection


Signal Sciences brings real-time web attack visibility to Datadog

Signal Sciences is proud to announce our integration with the Datadog platform. This integration furthers our mission of producing the leading application security offering that empowers operations and development teams to proactively see and respond to web attacks—wherever and however they deploy their apps, APIs, and microservices.


Using data science to improve threat analysis | AT&T ThreatTraq

Every week, the AT&T Chief Security Office produces a set of videos with helpful information and news commentary for InfoSec practitioners and researchers. I really enjoy them, and you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. Watch the video here.


Who's phishing in your cloud? And, some suggestions for detecting it

A comprehensive, six-month study released by Proofpoint, in March reports that (oh, to our surprise), attackers are “leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale.” Yikes!! At SCALE! Threat actors design threats aiming at platforms or services which will provide the greatest ROI for them.


How to Use Data to Identify Trends, Attack Profiles, And Possible Threats?

Data is a raw material, which is often unstructured, extracted in massive quantity, and requires processing before calling it an information and actionable intelligence. A good example is the Indicators of Compromise (IoCs). A big list of domain names or IP addresses can be ingested into the SIEM system to identify whether this list contains any malicious IP or not.


The Importance of Threat Intelligence Feeds

Threat Intelligence Feeds, in fact, are an actionable threat data related to artifacts or indicators collected from any third-party vendors in order to learn from other company’s visibility and access to enhance your own cyber threat response and awareness. The example of these third-party vendors includes Kaspersky Threat Intelligence and Alient Vault OTX. Threat Intelligence Feeds concentrate on a single area of interest and they are delivered online.


How to Initiate a Threat Hunting Program (Part 2)?

In the previous steps, analysts have gathered enough data to answer their hypothesis. Two types of situations can occur. Either the real threat is found or the vulnerability is detected. In both cases, analysts action is necessary. The analysts must respond immediately when a real threat is identified. However, if there is any vulnerability, they should also resolve this before it becomes a really big nightmare.


The what, why, and how of unified endpoint management

IT management has become a department that exists in every business ecosystem, irrespective of verticals. Those who are responsible for taking care of IT management need to work around the clock to secure and maintain servers, computers, smartphones, tablets, iPads, IoT devices, virtual machines, and more. The technician alone is like a modern puppeteer controlling and manipulating all these devices from one, central location in a unified way.


Security Events Logging at Bell Canada

Bell Canada, one of Canada’s largest telecommunications companies, offers mobile phone, television, internet, and landline services to big corporations, small and medium-sized businesses, and individuals across the country. Bell Canada’s security operations center (SOC) covers every Bell office and business unit coast to coast and they rely on logs to detect cybersecurity threats.