Threat Detection


Why should you use correlation rules on top of traditional signatures?

The AT&T Cybersecurity Alien Labs team is in charge of writing correlation rules and releasing threat intelligence updates on a day-to-day basis. When researchers in the team find new malware families or threats, we always try to find the best approach to keep our customers protected. In this blog, we will look into some of the differences between signatures and correlation rules.


How Threat Intelligence Can Improve Your Security

A new cyberattack occurs roughly every 39 seconds. Each of these attacks leaves behind a variety of evidence, including IP addresses, log events and malicious files. This evidence can be incredibly valuable to security teams but only if it’s analyzed and placed in context. There is simply too much attack data from too many sources to be useful when data is in a raw format. Threat intelligence is the solution for making raw data actionable.


Mac system extensions for threat detection: Part 1

When it comes to having visibility and detecting threats on macOS, one of the best sources of information for file system events, process events, and network events is the kernel. MacOS kernel extensions provide the ability to receive data about these events in real time with great detail. This is good for providing quick visibility into detecting anomalies and identifying possible threats.

5 Ways to Detect Malicious Activity & Protect Your Kubernetes Workloads

Organizations are rapidly moving more and more mission-critical applications to Kubernetes and the cloud to reduce costs, achieve faster deployment times, and improve operational efficiencies. But security teams struggle to achieve a strong security posture with Kubernetes and cloud-based resources because of the inability to apply conventional security practices in the cloud environment.

The Path Forward: Mitigating Cyber Threats in Banking with Next-Generation Platforms

Cybersecurity is one of the hottest topics in the financial services industry today. If left unchecked, cyberattacks pose an existential threat to financial institutions and their customers on a daily basis. Threats aimed at financial institutions are constant, where attacks take multiple forms, are focused on different parts of a bank, and seek to achieve various aims, chief among them, financial gain… after all, that’s where the money is!


Protect the Business from Edge to AI with Cloudera Cybersecurity

Gartner estimates 30x connected device growth by 2020. Faster 5G networks bringing an explosion of inexpensive, connected devices. This enables new and more innovative applications and capabilities to improve customer experience. However, all these new applications and connections also broaden the network attack surface. This increases the risk of data breaches and cyber-attacks.


Physical threats to Cybersecurity that you must address

Over 90% of data breach is attributed to human error costing a company anywhere from $1.25 million to $8.19 million. Tackling cybersecurity does not only entail non-physical risks, but also includes an assessment of physical threats such as human, internal, and external hazards. Only then can an appropriate and effective security plan to dissuade hackers and thieves be devised.


Cyber Threat Intelligence Framework

Undoubtedly, today’s cyber threats are very fast and sophisticated. Even their detection and prevention is no longer an easy task. To prevent organizations from being a victim of cyber threats and attacks, a proactive cybersecurity approach must be used. That is the reason the Cyber Threat Intelligence (CTI) framework comes into place. CTI has become a critical tool for organizations trying to protect their networks and infrastructure.