Threat Detection

datadog

Signal Sciences brings real-time web attack visibility to Datadog

Signal Sciences is proud to announce our integration with the Datadog platform. This integration furthers our mission of producing the leading application security offering that empowers operations and development teams to proactively see and respond to web attacks—wherever and however they deploy their apps, APIs, and microservices.

alienvault

Using data science to improve threat analysis | AT&T ThreatTraq

Every week, the AT&T Chief Security Office produces a set of videos with helpful information and news commentary for InfoSec practitioners and researchers. I really enjoy them, and you can subscribe to the Youtube channel to stay updated. This is a transcript of a recent feature on ThreatTraq. Watch the video here.

alienvault

Who's phishing in your cloud? And, some suggestions for detecting it

A comprehensive, six-month study released by Proofpoint, in March reports that (oh, to our surprise), attackers are “leveraging legacy protocols and credential dumps to increase the speed and effectiveness of brute force account compromises at scale.” Yikes!! At SCALE! Threat actors design threats aiming at platforms or services which will provide the greatest ROI for them.

logsign

How to Use Data to Identify Trends, Attack Profiles, And Possible Threats?

Data is a raw material, which is often unstructured, extracted in massive quantity, and requires processing before calling it an information and actionable intelligence. A good example is the Indicators of Compromise (IoCs). A big list of domain names or IP addresses can be ingested into the SIEM system to identify whether this list contains any malicious IP or not.

logsign

The Importance of Threat Intelligence Feeds

Threat Intelligence Feeds, in fact, are an actionable threat data related to artifacts or indicators collected from any third-party vendors in order to learn from other company’s visibility and access to enhance your own cyber threat response and awareness. The example of these third-party vendors includes Kaspersky Threat Intelligence and Alient Vault OTX. Threat Intelligence Feeds concentrate on a single area of interest and they are delivered online.

logsign

How to Initiate a Threat Hunting Program (Part 2)?

In the previous steps, analysts have gathered enough data to answer their hypothesis. Two types of situations can occur. Either the real threat is found or the vulnerability is detected. In both cases, analysts action is necessary. The analysts must respond immediately when a real threat is identified. However, if there is any vulnerability, they should also resolve this before it becomes a really big nightmare.

manageengine

The what, why, and how of unified endpoint management

IT management has become a department that exists in every business ecosystem, irrespective of verticals. Those who are responsible for taking care of IT management need to work around the clock to secure and maintain servers, computers, smartphones, tablets, iPads, IoT devices, virtual machines, and more. The technician alone is like a modern puppeteer controlling and manipulating all these devices from one, central location in a unified way.

elastic

Security Events Logging at Bell Canada

Bell Canada, one of Canada’s largest telecommunications companies, offers mobile phone, television, internet, and landline services to big corporations, small and medium-sized businesses, and individuals across the country. Bell Canada’s security operations center (SOC) covers every Bell office and business unit coast to coast and they rely on logs to detect cybersecurity threats.