Threat Detection


Protect Your Applications With Cleafy Plugin for Kong

When protecting your online services, the weakest link is represented by the endpoints – that is, by the end-user devices running web or mobile applications or by external systems leveraging open APIs. As a matter of fact, there is a growing number of targeted attacks leveraging sophisticated techniques such as malicious web injections, mobile overlay and API abuse attacks to perform identity hijacking, account takeover, transaction tampering and payment frauds.


Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1)

Last month, we hosted a webinar, Hunting for persistence using Elastic Security, where we examined some techniques that attackers use in the wild to maintain presence in their victim’s environment. In this two-part blog series, we’ll share the details of what was covered during our webinar with the goal of helping security practitioners improve their visibility of these offensive persistence techniques and help to undermine the efficacy of these attacks against their organization.


Mac system extensions for threat detection: Part 3

This is the third and final post of a three-part series on understanding kernel extension frameworks for Mac systems. In part 1, we reviewed the existing kernel extension frameworks and the information that these frameworks can provide. In part 2 we covered techniques that could be used in kernel to gather even more details on system events. In this post, we will go into the new EndpointSecurity and SystemExtensions frameworks.


Why should you use correlation rules on top of traditional signatures?

The AT&T Cybersecurity Alien Labs team is in charge of writing correlation rules and releasing threat intelligence updates on a day-to-day basis. When researchers in the team find new malware families or threats, we always try to find the best approach to keep our customers protected. In this blog, we will look into some of the differences between signatures and correlation rules.


How Threat Intelligence Can Improve Your Security

A new cyberattack occurs roughly every 39 seconds. Each of these attacks leaves behind a variety of evidence, including IP addresses, log events and malicious files. This evidence can be incredibly valuable to security teams but only if it’s analyzed and placed in context. There is simply too much attack data from too many sources to be useful when data is in a raw format. Threat intelligence is the solution for making raw data actionable.


Mac system extensions for threat detection: Part 1

When it comes to having visibility and detecting threats on macOS, one of the best sources of information for file system events, process events, and network events is the kernel. MacOS kernel extensions provide the ability to receive data about these events in real time with great detail. This is good for providing quick visibility into detecting anomalies and identifying possible threats.

5 Ways to Detect Malicious Activity & Protect Your Kubernetes Workloads

Organizations are rapidly moving more and more mission-critical applications to Kubernetes and the cloud to reduce costs, achieve faster deployment times, and improve operational efficiencies. But security teams struggle to achieve a strong security posture with Kubernetes and cloud-based resources because of the inability to apply conventional security practices in the cloud environment.

The Path Forward: Mitigating Cyber Threats in Banking with Next-Generation Platforms

Cybersecurity is one of the hottest topics in the financial services industry today. If left unchecked, cyberattacks pose an existential threat to financial institutions and their customers on a daily basis. Threats aimed at financial institutions are constant, where attacks take multiple forms, are focused on different parts of a bank, and seek to achieve various aims, chief among them, financial gain… after all, that’s where the money is!


Protect the Business from Edge to AI with Cloudera Cybersecurity

Gartner estimates 30x connected device growth by 2020. Faster 5G networks bringing an explosion of inexpensive, connected devices. This enables new and more innovative applications and capabilities to improve customer experience. However, all these new applications and connections also broaden the network attack surface. This increases the risk of data breaches and cyber-attacks.