Operations | Monitoring | ITSM | DevOps | Cloud

Threat Hunting

Cribl

Threat Hunting with Cribl Search

Oct 28, 2024 By Robert Lackey In Cribl
Imagine you’re the protector of a castle. Your walls are tall, the gates are strong, and the guards are well-trained. But what if an intruder was still able to slip past your defenses? Even with the best security tools, not every threat will be caught. Threat hunting is the proactive approach to finding attackers that might have bypassed your defenses.
Read Post
Sponsored Post
chaossearch

Improving Patch and Vulnerability Management with Proactive Security Analysis

Jul 30, 2024 By David Bunting In ChaosSearch
Vulnerability management is the continuous process of identifying and addressing vulnerabilities in an organization's IT infrastructure, while patch management is the process of accessing, testing, and installing patches that fix bugs or address known security vulnerabilities in software applications. Vulnerability management and patch management are crucial SecOps processes that protect IT assets against cyber threats and prevent unauthorized access to secure systems. Effectiveness in patch management and vulnerability management depends on a proactive approach to cybersecurity where enterprise SecOps teams take steps to anticipate and prevent cyber attacks before they happen.
Read Post
Sponsored Post
chaossearch

How to Threat Hunt in Amazon Security Lake

Apr 29, 2024 By David Bunting In ChaosSearch
Establishing a proactive security posture involves a data-driven approach to threat detection, investigation, and response. In the past, this was challenging because there wasn't a centralized way to collect and analyze security data across sources, but with Amazon Security Lake it is much simpler. Whether you're a security company improving and refining your threat intelligence for customers, or you're investigating security threats within your own environment, there are a few important things you need to know. This blog will cover the tools, frameworks and data types you'll need to threat hunt in Amazon Security Lake.
Read Post
Sponsored Post
chaossearch

5 Proactive Security Engineering Techniques for Cloud-Native Teams

Mar 28, 2024 By David Bunting In ChaosSearch
Developing a proactive security strategy can potentially save an organization millions of dollars per year. According to IBM, the average cost of a data breach in 2023 added up to a staggering $4.45 million, up 15% over the last three years. This is especially true for cloud-native environments, which face unique security challenges due to their dynamic nature. Instead of waiting to respond to cybersecurity incidents after they happen, it's much better to embrace a proactive approach, and prevent them in the first place.
Read Post
Sponsored Post
chaossearch

Threat Hunting Frameworks and Methodologies: An Introductory Guide

Feb 27, 2024 By Thomas Hazel In ChaosSearch
Establishing an effective cyber threat hunting program is among the top priorities of enterprise security leaders seeking a proactive approach to detecting and counteracting potential threats. Furthermore, implementing a proactive threat hunting program, security teams that leverage formalized frameworks or threat hunting methodologies are far more likely to detect vulnerabilities or in-process malicious activities in their environments than those that do not. However, data from a 2023 threat hunting survey revealed that while 73% of organizations have adopted a defined threat hunting framework, only 38% actually follow it.
Read Post
Cribl

Using Cribl Search to Aid in Threat Hunting by Enriching Data in Motion

Oct 31, 2023 By Raanan Dagan In Cribl

Cribl Search is reshaping the data search paradigm, empowering users to uncover and analyze data directly from its source. Cribl Search can easily reach out and query data already collected in Amazon S3 (or S3 compatible), Amazon Security Lake, Azure Blob, Google Cloud Storage, and more. By searching data where it lives, you can dramatically speed up your search process by avoiding the need to move data before analyzing it.

Read Post
N-able

How to develop a successful threat-hunting program

Jul 21, 2022 By Emma Nistor In N-able

According to the 2021 Cost of Data Breach report, the average attack “dwell time”—the period between an attacker’s breach of an organization’s network and the point at which the organization finds out about it—is 287 days. During this time, the attacker can stealthily look to gather valuable information to steal or compromise data, incurring huge costs for affected companies.

Read Post
Torq

Automated Threat Hunting: A Closer Look

Apr 27, 2022 By Faith Kilonzi In Torq

Proactively finding and eliminating advanced threats through threat hunting is a growing necessity for many organizations, yet few have enough resources or skilled employees to do it effectively. For those who do have an active threat hunting program, the process is often manual and time consuming. With cloud security automation, however, you can implement rules that automatically adjust your security policies based on the latest threat data.

Read Post
graylog

Tools for Threat Hunting and IT Service Risk Monitoring

Apr 19, 2022 By Jeff Darrington In Graylog

Cybersecurity can often seem intimidating for IT teams. After all, things like “threat hunting,” “red teaming,” and “blue teaming” are not used in IT operations. On the other hand, just because these words are terms of art doesn’t mean that they’re activities you don’t do already. You’re probably already using log data as part of your IT operations incident response.

Read Post
graylog

Building Your Security Analytics Use Cases

Mar 31, 2022 By Graylog Security Team In Graylog

It’s time again for another meeting with senior leadership. You know that they will ask you the hard questions, like “how do you know that your detection and response times are ‘good enough’?” You think you’re doing a good job securing the organization. You haven’t had a security incident yet. At the same time, you also know that you have no way to prove your approach to security is working. You’re reading your threat intelligence feeds.

Read Post

Copyright © 2024 OpsMatters™. All rights reserved.