Resources Blog

Enterprise SIEMs Detect Fewer Than 5 of Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild

Topics: Featured, Threat Management, Security Engineering, MITRE ATT&CK, SecOps

Posted by Phil Neray on May 18, 2022

"Organizations need to become more intentional about detection in their SOCs. What should we detect? Do we have use cases for those scenarios? Do they actually work? Do they help my SOC analysts effec... Read More>>

Dr. Anton Chuvakin answers questions about SIEM, EDR, and XDR — from our recent SANS webinar on the future of SIEM

Topics: News, Featured, Threat Management, Security Engineering, MITRE ATT&CK, SecOps, Cloud

Posted by Phil Neray on April 29, 2022

Dr. Anton Chuvakin Discusses “20 Years of SIEM – What’s Next?” Learn what Dr. Anton Chuvakin, Head of Security Solution Strategy at Google Cloud and former Gartner Research VP, has to say about questi... Read More>>

Spring into action (with SIEM detection rules for Spring4shell)

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich and Yosi Magor on April 1, 2022

Spring into action (with SIEM detection rules for Spring4shell) The Spring Framework is an open source application framework that provides infrastructure support for developing Java applications. The ... Read More>>

Lapsus$ vs the world: SIEM detection rules with ATT&CK mapping

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich on March 24, 2022

Image credit: World of Dictionary A new player has entered the game The ”Lapsus$” group, unknown before December 2021, has made multiple headlines in recent weeks, following multiple data breaches in ... Read More>>

How do Russian threat groups avoid "friendly cyber fire"? (TL;DR – By installing a Russian language pack)

Topics: Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Yosi Magor and Phil Neray on March 21, 2022

Welcome to cyber-physical conflict The current situation in Ukraine demonstrates once again how the lines have blurred between cyber and physical conflict.  Read More>>

What Anton Chuvakin is Saying About SOC Threat Coverage

Topics: Featured, Threat Management, SecOps

Posted by Phil Neray on February 7, 2022

Anton Chuvakin, SIEM expert and former Gartner analyst (now at Google Chronicle) has written a thought-provoking blog post titled "SOC Threat Coverage Analysis — Why/How?". Read More>>

Why Detection for Log4j Vulnerabilities is Both Important and Difficult

Topics: Featured

Posted by Kobi Haimovich and Yair Manor on January 17, 2022

In the last few weeks we've heard a lot about the Log4j vulnerabilities, with the most prominent being log4shell, and unfortunately, this is just the beginning. The situation is very serious, as the r... Read More>>

Broken Glam: How healthy is your SIEM?

Posted by Ilan Goldschmidt on December 21, 2021

Threats are constant. Organizations are trying to always stay ahead of new methods of attack, APT groups, and other known vulnerabilities. A key component of any SOC is a well-functioning SIEM. Howeve... Read More>>

The Problem You Didn't Know You Had - The Threat Coverage Gap

Topics: Threat Management, Security Engineering, SecOps

Posted by Jennifer Gill on October 7, 2021

At CardinalOps, we talk to many, many security professionals about their security engineering practices, and their Security Information and Event Management (SIEM) solutions. The typical challenges we... Read More>>

Cloud Security Engineering - Automation to the Rescue!

Topics: Featured, Threat Management, Security Engineering, SecOps, Cloud

Posted by Michael Mumcuoglu on August 28, 2021

Enterprises of all types and sizes are shifting to the cloud. Cloud related services, IaaS, PaaS, and SaaS are presenting new digital IT business opportunities with both short term and long term benef... Read More>>