Resources Blog

Why MITRE ATT&CK Has Taken Over the SOC World

Topics: News, Featured, Threat Management, Security Engineering, MITRE ATT&CK, SecOps

Posted by Phil Neray on August 17, 2022

I recently listened to an excellent summary about why MITRE ATT&CK has taken over the SOC world (sorry, it's behind a paywall called "CSO Perspectives," but this blog post is intended to summarize... Read More>>

Leveraging AI and Automation with MITRE ATT&CK to Eliminate Detection Coverage Gaps in Your SOC

Topics: News, Featured, Threat Management, Security Engineering, MITRE ATT&CK, SecOps

Posted by Phil Neray on August 15, 2022

At Black Hat 2022, our VP of Cyber Defense Strategy was interviewed on Security Guy TV to discuss why MITRE ATT&CK has become a standard way of describing your defensive posture to management as w... Read More>>

SIEM Detections for Okta PassBleed (Splunk, Microsoft Sentinel, IBM QRadar, Sumo Logic)

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich and Phil Neray on July 26, 2022

Summary This blog post summarizes new password stealing and impersonation risks recently discovered for Okta, along with recommended SIEM detection rules and associated MITRE ATT&CK techniques for... Read More>>

Splunk and other SIEM detections for Follina, a clever MS-Office 0-day

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich on June 1, 2022

Summary This blog post summarizes Follina, an RCE zero-day discovered in Microsoft Office. It provides recommended detections in the native query languages for Splunk, Microsoft Sentinel, IBM QRadar, ... Read More>>

Dr. Anton Chuvakin answers questions about SIEM, EDR, and XDR — from our recent SANS webinar on the future of SIEM

Topics: News, Featured, Threat Management, Security Engineering, MITRE ATT&CK, SecOps, Cloud

Posted by Phil Neray on April 29, 2022

Dr. Anton Chuvakin Discusses “20 Years of SIEM – What’s Next?” Learn what Dr. Anton Chuvakin, Head of Security Solution Strategy at Google Cloud and former Gartner Research VP, has to say about questi... Read More>>

Spring into action (with SIEM detection rules for Spring4shell)

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich and Yosi Magor on April 1, 2022

Spring into action (with SIEM detection rules for Spring4shell) The Spring Framework is an open source application framework that provides infrastructure support for developing Java applications. The ... Read More>>

Lapsus$ vs the world: SIEM detection rules with ATT&CK mapping

Topics: News, Featured, Threat Management, MITRE ATT&CK, SecOps

Posted by Liran Ravich on March 24, 2022

Image credit: World of Dictionary A new player has entered the game The ”Lapsus$” group, unknown before December 2021, has made multiple headlines in recent weeks, following multiple data breaches in ... Read More>>

McKinsey Forecasts Rapid Growth in Security Automation Investments

Topics: News, Threat Management, Security Engineering, SecOps

Posted by Michael Mumcuoglu on October 29, 2020

COVID-19 crisis shifts #cybersecurity priorities and budgets. In addition to allowing employees to access the corporate network from home, this McKinsey & Company article, reviewing some of the to... Read More>>