Operations | Monitoring | ITSM | DevOps | Cloud

Threat Detection

elastic

Adversary emulation with Prelude Operator and Elastic Security

Jun 14, 2021 By James Spiteri In Elastic

It’s no secret that organisations are up against skilled, relentless and determined adversaries. Security operations teams need to continuously test their detection capabilities by carrying out adversary emulation plans that are made up of varying tactics, techniques and procedures (TTPs) and track key metrics of their coverage in order to close any existing gaps. There are many tools available for running adversary emulation plans and performing purple team exercises.

Read Post

Exploring intrusion detection techniques in cloud native environments - Garwood Pang, Tigera

Jun 11, 2021 By Tigera In Tigera
As more production workloads migrated to the cloud, the need for Intrusion Detection Systems(IDS) grew to meet compliance and security needs. With the number of workloads in each cluster, IDS needs to be efficient to not take up the shared resources. Techniques such as packet inspection and web application firewalls provide a solid defense against threats and by leveraging the cluster's network control pane, we are able to selectively choose vulnerable workloads and provide an easy way to trace back to the origin of the attack.
View Video
sumologic

What Is Threat Intelligence?

May 12, 2021 By Sumo Logic In Sumo Logic
It's one thing to detect a cyber attack. It's another to know what the attackers are trying to do, which tactics they are using, and what their next move is likely to be. Without that additional information, it's difficult to defend effectively against an attack. You can't reliably stop an attack if you are unable to put yourself in the mindset of the attackers. This is why threat intelligence plays a critical role in modern cybersecurity operations.
Read Post
sysdig

Unified threat detection for AWS cloud and containers

Mar 30, 2021 By Vicente Herrera García In Sysdig

Implementing effective threat detection for AWS requires visibility into all of your cloud services and containers. An application is composed of a number of elements: hosts, virtual machines, containers, clusters, stored information, and input/output data streams. When you add configuration and user management to the mix, it’s clear that there is a lot to secure!

Read Post
elastic

Detecting Cobalt Strike with memory signatures

Mar 16, 2021 By Joe Desimone In Elastic

At Elastic Security, we approach the challenge of threat detection with various methods. Traditionally, we have focused on machine learning models and behaviors. These two methods are powerful because they can detect never-before-seen malware. Historically, we’ve felt that signatures are too easily evaded, but we also recognize that ease of evasion is only one of many factors to consider.

Read Post
opsmatters

How The Dark Web Continues to Threaten Businesses

Feb 16, 2021 By OpsMatters In OpsMatters
The Internet is a massive space. Seven days a week, millions of web sites, files, and servers run 24 hours a day. Even so, it is just the tip of the iceberg that we surf and the visible websites that can be accessed using search engines such as Google and Yahoo. The Deep Web, which makes up approximately 90 percent of all websites, is underneath the ground. This hidden network is so massive that it is difficult to figure out at any given time how many pages or sites are currently involved.
Read Post
dashbird

Bullet-Proofing Serverless Infrastructures with Failure and Threat Detection

Feb 15, 2021 By Kay Plößer In Dashbird

When building cloud-based systems and serverless systems, in particular, it’s crucial to stay on top of things. Your infrastructure will be miles away from you and not a device you hold in your hands like when you build a frontend. That’s why adding a monitoring solution to your stack, which offers a pre-configured serverless failure detection, should be one of the first decisions.

Read Post
logz.io

Secure Your Endpoints with Sophos & Logz.io

Jan 25, 2021 By Gedalyah Reback In logz.io

Intercept X is Sophos’ endpoint security solution, including anti-ransomware, zero-day exploit prevention, plus managed endpoint defense and response. It employs a layered approach reliant on multiple security techniques for endpoint detection and response (EDR). Those tactics include app lockdown, data loss prevention, web control and malware detection.

Read Post

Runtime Threat Detection on AWS

Jan 12, 2021 By Sysdig In Sysdig
Tune into our #LinkedInLive event on Jan 12 at 10 am PST and Join Sysdig and AWS experts to learn how to detect and respond to threats to your production applications running on services like AWS Fargate and Amazon EKS. With the rise of microservices and DevOps practices, new security threats put your infrastructure and applications at risk. Hear how to leverage signals from AWS CloudTrail and open source Falco to spot unexpected behavior, block threats, and validate compliance across your AWS environment.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.