How to Make Threat Detection Better?

Anton on Security

why are we still bad at detecting threats? I’ve lamented on this a few times, either touching on general difficulties with detection , its uncertainty or highlighting the fragile detections people write. What does it mean to have “good” detections ?

On Threat Detection Uncertainty

Anton on Security

My post “Why is Threat Detection Hard?” In this post, I wanted to explore a seemingly obvious, while surprisingly fascinating aspect of detection: uncertainty. Let’s start our journey with exploring the classic fallacy, “if you can detect [the threat], why can’t you prevent it?”

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Why is Threat Detection Hard?

Anton on Security

While creating a recent presentation, I needed a slide on “threat detection is hard.” And it got me thinking, why is threat detection so hard for so many organizations today? This means we are “celebrating” ~35 years of cyber threat detection.

How to Make Threat Detection Better?

Security Boulevard

why are we still bad at detecting threats? I’ve lamented on this a few times, either touching on general difficulties with detection , its uncertainty or highlighting the fragile detections people write. Here, I want to continue the conversation on detection quality.

Role of Context in Threat Detection

Anton on Security

The debate focused on the role of context in threat detection. Specifically, it is about the role of local context (environment knowledge, organization context, site details, etc) in threat detection. Can threat detection work well without such local context? Note that for this discussion it does not matter that anti-malware will detect and then block (“prevent”) the threat (in other discussions, it definitely does ).

Top Threat Detections Can Identify Suspicious Activity

Security Boulevard

Another one: Microsoft is a target of threat actors. The post Top Threat Detections Can Identify Suspicious Activity appeared first on Security Boulevard. Here’s an understatement: the cloud has changed everything.

"Insider Threat" Detection Software

Schneier on Security

Notice this bit from an article on the arrest of Christopher Hasson: It was only after Hasson's arrest last Friday at his workplace that the chilling plans prosecutors assert he was crafting became apparent, detected by an internal Coast Guard program that watches for any "insider threat." Any detection system of this kind is going to have to balance false positives with false negatives.

Improving Threat Detection Using LogRhythm SmartResponse with Lists to Monitor IOCs

Security Boulevard

As a security professional, you know all too well the need to continually improve your threat detection knowledge and skill set. The post Improving Threat Detection Using LogRhythm SmartResponse with Lists to Monitor IOCs appeared first on LogRhythm.

CISA Launches New Threat Detection Dashboard

Dark Reading

Aviary is a new dashboard that works with CISA's Sparrow threat detection tool

New Intel CPU-level threat detection capabilities target ransomware

CSO Magazine

Security vendors can now leverage new telemetry and machine learning processing capabilities built into Intel's 11th Gen mobile processors to better detect and block sophisticated ransomware programs that attempt to evade traditional detection techniques.

Lumu Raises $7.5M to Advance Threat Detection

Security Boulevard

to Advance Threat Detection appeared first on Security Boulevard. Lumu announced today it has raised an additional $7.5 million to fuel adoption of a cloud-based platform that employs machine learning algorithms to surface the highest priority security alerts in real-time.

AT&T Threat Detection and Response for Government

CyberSecurity Insiders

Federal Risk and Authorization Management Program (FedRAMP) moderate certification was granted for the AT&T Threat Detection and Response for Government solution. AT&T Threat Detection and Response for Government is purpose-built in the AWS GovCloud (U.S.). The post AT&T Threat Detection and Response for Government appeared first on Cybersecurity Insiders. Cyber Threats Monitoring AlienVaultPhoto by Katie Moum on Unsplash.

Datto acquires BitDam to boost its cyber threat detection business

CyberSecurity Insiders

BitDam offers Advanced Threat Protection (ATP) solution that enables customers to protect their IT infrastructure against malware, phishing and ransomware. The post Datto acquires BitDam to boost its cyber threat detection business appeared first on Cybersecurity Insiders.

Accurate and Reliable Threat Detection for your Security Program

Cisco Security

It’s 11:59PM on a Sunday evening, and your phone starts alerting you to a new threat that is being actively exploited. Accurate threat detection – reliability vs liability. Accurate threat detection is a difficult subject.

Google Cloud Debuts Threat-Detection Service

Dark Reading

Lockdown economics are driving a threat-intelligence business boom. Chronicle Detect is Google's answer to monitoring so much log data created by the distributed workforce

Threat Detection in the Public Cloud: Cloud Security Solutions

Security Boulevard

The post Threat Detection in the Public Cloud: Cloud Security Solutions appeared first on LogRhythm. The post Threat Detection in the Public Cloud: Cloud Security Solutions appeared first on Security Boulevard.

BrandPost: Resiliency in Threat Detection and Response with Machine Learning

CSO Magazine

As COVID-19 has continued, threat intelligence researchers have seen an evolution in ransomware attacks targeting those most impacted, such as hospitals and healthcare providers.

NetWitness ? A Brief History of an Iconic Threat Detection & Response Platform

Security Boulevard

The history of NetWitness reflects the continuous evolution of threats and bad actors. Begun as a government intelligence research project, NetWitness has earned a reputation as the most powerful detection and forensics platform in the industry. A Brief History of an Iconic Threat Detection & Response Platform appeared first on Security Boulevard.

XDR: A Game-Changer in Enterprise Threat Detection

Dark Reading

Omdia's Eric Parizo highlights four capabilities that show how XDR technology is reinventing enterprise threat detection

Enterprise-wide Threat Detection and Response Becomes Easy

Security Boulevard

However, current threat detection and response solutions aren’t comprehensive or effective in monitoring and securing the cloud environments. The post Enterprise-wide Threat Detection and Response Becomes Easy appeared first on Security Boulevard.

Top 5 Insider Threat Detection and Prevention Software of 2021

IT Security Central

Dealing with insider threats requires a different strategy from other security challenges because of their very nature. Insider Threat Detection & Employee MonitoringInsiders have a significant advantage. They are aware of the organization’s policies, procedures, technology and vulnerabilities. They often have access to important systems, business IP and sensitive data. As such, they can cause a business the most damage […].

Simplified Security with Purpose-Built Networking for Advanced Threat Detection

Cisco Retail

And do you ever wonder if any threats are lurking within? Of course you have; we all know that threats are everywhere and can be anywhere within our network at any point in time. Have you ever looked at your switch and wondered what is going on inside there?

Sumo Logic + DFLabs: Cloud SIEM Combined with SOAR Automates Threat Detection and Incident Response

Security Boulevard

L'articolo Sumo Logic + DFLabs: Cloud SIEM Combined with SOAR Automates Threat Detection and Incident Response proviene da DFLabs. The post Sumo Logic + DFLabs: Cloud SIEM Combined with SOAR Automates Threat Detection and Incident Response appeared first on Security Boulevard.

Firms Improve Threat Detection but Face Increasingly Disruptive Attacks

Dark Reading

In addition, more third parties are discovering the attacks rather than the companies themselves

Q&A: Why SOAR startup Syncurity is bringing a ‘case-management’ approach to threat detection

The Last Watchdog

Enterprises have dumped small fortunes into stocking their SOCs (security operations centers) with the best firewalls, anti-malware suites, intrusion detection, data loss prevention and sandbox detonators money can buy. In many cases the tedious, first-level correlating of SIEM logs to sift out threats has moved beyond human capability. This has exponentially expanded the attack surface available to motivated, well-funded threat actors.

A Swarm of Ransomware Attacks Highlights the Need for High-Quality Threat Detection at the Start of the Attack Chain

Security Boulevard

The post A Swarm of Ransomware Attacks Highlights the Need for High-Quality Threat Detection at the Start of the Attack Chain first appeared on SlashNext. Ransomware is insidious. It’s a treacherous and crafty way to terrorize individuals, communities, and businesses.

Extended threat detection and response (XDR): Filling out cybersecurity gaps

CyberSecurity Insiders

Because of overloaded security teams, poor visibility, and threat alert overload due to the many implemented technologies in place to fight this, for many of these enterprises, the difficulty constantly grows when it comes to detecting and effectively responding to cyber threats. XDR can be defined as a cross-layered detection and response tool. Cyber Threats Monitoring AlienVaultThis blog was written by an independent guest blogger. Image source.

BSides Huntsville 2021 – Andy Bryan’s ‘Threat Detection Across All Environments With SnowflakeData Security Lake’

Security Boulevard

The post BSides Huntsville 2021 – Andy Bryan’s ‘Threat Detection Across All Environments With SnowflakeData Security Lake’ appeared first on Security Boulevard. Many thanks to BSides Huntsville 2021 for publishing their tremendous conference videos on the organization's YouTube channel; a great BSides, don't miss this 10-video infosec event. Permalink.

Panzura Makes Threat Detection Simple, Boosts Security with Release of CloudFS 8 Defend

Security Boulevard

The post Panzura Makes Threat Detection Simple, Boosts Security with Release of CloudFS 8 Defend appeared first on Security Boulevard. Latest Product Update Provides Seamless Integration with Varonis, Next Generation Alerts and Warnings Relieve IT Security Blind Spots SAN JOSE, Calif.— March 11, 2021—The latest product release from Panzura, CloudFS 8 Defend, is available for general availability today.

G Suite Security: Insider Threat Detection

Spinone

Not all security threats come from outside your organization. This screen lists all recent actions of the selected user, with the same information as on the main domain audit screen: How Spinbackup Insider Threat Detection Can Enhance G Suite Security Spinbackup’s cloud cybersecurity service is unique as it provides data leak and loss prevention (DLP) , all in one dashboard. Spinbackup detects it and reports this to the administrator, allowing him to revoke access.

CrowdStrike Debuts Mobile Threat Detection System at RSA Conference

Dark Reading

Falcon for Mobile offers detection and response capabilities for mobile platforms

McAfee XDR: Taking Threat Detection and Response to a New Level

McAfee

Enterprises face ever-changing threats to their digital assets both inside and outside the traditional network perimeter from sophisticated threat actors, who use a changing assortment of techniques to find ways to skirt traditional security controls.

Not the Final Answer on NDR in the Cloud …

Anton on Security

Not the Final Answer on NDR in the Cloud … Back in my analyst years, I rather liked the concept of NDR or Network Detection and Response. detect threats with no agents, offer broad coverage from a few points, and be out of band (go and see my old Gartner paper for details). Same as on-premise, flow logs may not do the trick for the threat detection needs you have. ndr threat-detection cloud-security

What Are You NOT Detecting?

Anton on Security

What are you not detecting? OK, what threats are you NOT detecting? What I mean here is: are you thinking about these: Threats that you don’t need to detect due to your risk profile, your threat assessment, etc. Threats that you do need to detect, but don’t know how. Threats that you do need to detect and know how, but cannot operationally (e.g. Threats that you do need to detect and know how, but do not (yet?)

Risk 116

Symantec Now Offers Threat Detection Tools Used by its Researchers

Dark Reading

TAA now is part of Symantec's Integrated Cyber Defense Platform

Insider Threat Prevention: 5 Steps To Improving Defensive Posture By The End Of 2021

IT Security Central

Companies face expansive cybersecurity threats on many fronts, prompting 75 percent of business leaders to view cybersecurity as integral to their organization’s COVID-19 recovery. As businesses emerge from a pandemic year, cybersecurity concerns are necessarily top of mind.

Scams 77

It’s All Fun and Games Until You Get Breached – Tackling Security Challenges in the Remote Work Reality

IT Security Central

Data Loss Prevention Employee Monitoring Insider Threat Detection & Employee Monitoring Cyber Attacks Cyber Risk Cyber Security Data Breach MonitoringFrom healthcare to education to critical infrastructure, nobody seems to be safe from cyber attacks. Not even video game creators.

New Video: MixMode Cyber Anomaly Detection Platform

Security Boulevard

The post New Video: MixMode Cyber Anomaly Detection Platform appeared first on Security Boulevard.

CISO 77

5 Threat Mitigation Strategies for Network Security

Security Boulevard

The post 5 Threat Mitigation Strategies for Network Security appeared first on Security Boulevard. Cybersecurity Industry Spotlight Network Security Security Boulevard (Original) Network Resilience network threat detectionWhat is the cost of a data breach? million, on average.

SOC Threat Coverage Analysis?—?Why/How?

Anton on Security

SOC Threat Coverage Analysis?—?Why/How? As I mentioned in Detection Coverage and Detection-in-Depth , the topic of threat detection coverage has long fascinated me. But what about a more comprehensive look at detection coverage inside each tool? Is there a way to assess the net threat coverage represented by the aggregate detection coverage inside each tool and then all tools? Do I know what threats I want to detect?

How to Ensure HIPAA Compliance Using Employee Monitoring In a Post-COVID-19 Healthcare Landscape

IT Security Central

Compliance Employee Monitoring Insider Threat Detection & Employee Monitoring Privacy & Compliance User Activity Monitoring Behavior Analytics employee monitoring HIPAA HIPAA compliance Medical Industry User Analytics

Leveraging Managed Threat Hunting

Security Boulevard

The post Leveraging Managed Threat Hunting appeared first on Security Boulevard. Cybersecurity Industry Spotlight Security Boulevard (Original) Threats & Breaches Vulnerabilities cyber threat hunting kaspersky managed security threat detection

Malware hosting domain Cyberium fanning out Mirai variants

CyberSecurity Insiders

Cyber Threats Detect AlienVaultExecutive summary. AT&T Alien Labs has observed the Mirai variant botnet, known as Moobot, scanning for known but uncommon vulnerabilities in Tenda routers, resulting in a considerable peak in our internal telemetry.