Threat Detection


Practical security engineering: Stateful detection

Detection engineering at Elastic is both a set of reliable principles — or methodologies — and a collection of effective tools. In this series, we’ll share some of the foundational concepts that we’ve discovered over time to deliver resilient detection logic. In this blog post, we will share a concept we call stateful detection and explain why it's important for detection.

Email security in the post-COVID-19 era

Following the outbreak of COVID-19, organizations around the world have rapidly adopted remote work policies, making email communication more important than ever for disparate teams to collaborate. This has made it convenient for threat actors to launch email-based cyberattacks. The FBI has issued a public service announcement in which it revealed that it is anticipating business email compromise (BEC) attacks related to the COVID-19 crisis to increase. Hence, it's imperative for businesses to strengthen email security to mitigate email-borne threats.

4 Reasons Why IT Risk Detection is Critical in the Service Desk

In the previous blog, I discussed how IT risks can infiltrate the service desk if proper incident, problem, and change management aren’t applied. But, IT risk detection in the service desk can act as a safeguard to avoid this. It can help notify service technicians of “prohibited” or questionable items that could cause problems. Here are four reasons why IT risk detection should be incorporated and is critical for successful use of the service desk.


Protecting Fleet Data from Security Threats

Big data is revolutionizing fleet management — specifically in the form of telematics. From engine diagnostics that track fuel efficiency and mileage to sensors that detect aggressive driving behavior and interior vehicle activity, this information is so valuable that we’re quickly approaching the point where connected technology will come standard in every vehicle. Telematics is an operational goldmine.


Best Practices for Scoring Your Environment's Security Measures

For most practical uses today, a combination of hardening and vulnerability detection is required to secure even the most basic digital environment. In each area it is important to see the progress you’re making in these competencies so that you can improve and build on the work you and your team have done over time. But with so many assets in your digital environment, how do you score the effectiveness of these security measures?


OSINT - Using Threat Intelligence to Secure Your Organisation

In my first article on Cyber Security Threat Intelligence Analysts, (CTI analysts) we covered what a CTI analyst is and discussed how they can bridge the gaps between IT, Security, and the Business. We discussed how this is beneficial to the maturity of the business, but what exactly did we mean by this? In the second article of our CTI analyst series, we’ll cover the unique benefits a CTI analyst brings to an organization by enhancing.


Protect Your Applications With Cleafy Plugin for Kong

When protecting your online services, the weakest link is represented by the endpoints – that is, by the end-user devices running web or mobile applications or by external systems leveraging open APIs. As a matter of fact, there is a growing number of targeted attacks leveraging sophisticated techniques such as malicious web injections, mobile overlay and API abuse attacks to perform identity hijacking, account takeover, transaction tampering and payment frauds.


Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1)

Last month, we hosted a webinar, Hunting for persistence using Elastic Security, where we examined some techniques that attackers use in the wild to maintain presence in their victim’s environment. In this two-part blog series, we’ll share the details of what was covered during our webinar with the goal of helping security practitioners improve their visibility of these offensive persistence techniques and help to undermine the efficacy of these attacks against their organization.


Mac system extensions for threat detection: Part 3

This is the third and final post of a three-part series on understanding kernel extension frameworks for Mac systems. In part 1, we reviewed the existing kernel extension frameworks and the information that these frameworks can provide. In part 2 we covered techniques that could be used in kernel to gather even more details on system events. In this post, we will go into the new EndpointSecurity and SystemExtensions frameworks.