Resources

CISO Series — David Spark

Newsroom

SIEMs are failing. According to the 2022 State of SIEM Detection Risk by CardinalOps, enterprise SIEMs only address 5 of the top 14 ATT&CK techniques used in the wild. Are the SIEMs failing or do the users not know how to configure them — or is it both?

CyberWire logo 400x400

Newsroom

CyberWire Daily Briefing: MITRE ATT&CK v12 in Research & Development

CardinalOps logo with tagline 400x1440

Newsroom

CardinalOps contributes new sub-technique to MITRE ATT&CK v12 that adversaries use to bypass multi-factor authentication (MFA). Detecting the new T1556.006 sub-technique is an important control for implementing zero-trust.

VMware Blog

Newsroom

CardinalOps Recognized for Contributing Security Research to MITRE ATT&CK v12

SC-Media-resource

Newsroom

Microsoft identifies issues with Kerberos authentication on certain Windows Servers, resulting in failed logins and failed RDP connections. Fix could take weeks.

Dark Reading Logo 520

Newsroom

Why You Want Vets in Your Cyber Platoon: "They understand how to put themselves in the minds of adversaries. What is our attack surface? Where and how are we most likely to be attacked? How can we detect our adversaries' attacks in the early stages and quickly respond?"

Security Boulevard 450x450

Newsroom

Nearly a third of CISOs in the US and UK are considering leaving their current role. "What needs to change? The CISO’s peers in the business need to understand that cybersecurity risk is a top business risk, not just an IT issue, and they need to allocate higher budgets to support a higher level of staffing in the SOC."

CardinalOps logo with tagline 400x1440

Newsroom

CardinalOps Hosts Black Hat Webinar with Google's Dr. Anton Chuvakin on "SOC Modernization - Where Do We Go From Here?" Why SOC modernization extends beyond automation alone, providing an opportunity to incorporate human creativity and innovation as a strategic force multiplier

Black Unicorn 2022 Finalist

Newsroom

CardinalOps Selected as Finalist for Black Unicorn Awards. Previous winners include: Armis, Siemplify, Checkmarx, Ermetic, Attivo Networks, Noname Security

SC-Media-resource

Newsroom

"No matter what name is used for text4shell, it's serious. With a CVSS score of 9.8, it lets a threat actor open a reverse shell simply via a specially crafted payload. If you can't patch, make sure you have SIEM/XDR detection rules as a compensating control."

Dark Reading Logo 520

Newsroom

"Hiring in a tough labor market requires open-mindedness — look for people with key traits like a willingness to learn, an analytical 'hacker mindset' when discovering the unknown, creativity, and attention to detail."

The Record

Newsroom

Microsoft investigating alleged Exchange zero-day exploited by Lockbit gang, now #1 ransomware gang worldwide

DICE Logo

Newsroom

SOC Analyst: How Can Technologists and Cybersecurity Pros Get Started? "Demonstrate the ability to think through problems and explain how you arrive at solutions."

crowdstrike-logo2

Newsroom

CardinalOps Expands Detection Posture Management Platform to Enable Operationalization of MITRE ATT&CK Across Diverse SOC Tools

SC-Media-resource

Newsroom

Twitter whistleblower case: "Mudge has a ton of credibility as a former ethical hacker and cybersecurity expert at Google and DARPA. Boards and management teams should beware of rosy reports from executives about security and privacy controls."

Security Magazine

Newsroom

Former Twitter security chief describes deficiencies including uncontrolled internal access to privileged accounts, inability to control bots and disinformation, wide internal access to source code, lack of a secure SDLC

Threatpost logo-1

Newsroom

Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens: Organizations should establish a layered defense and behavior detection model to detect anomalous activity

Security Magazine

Newsroom

Tips to bolster cybersecurity & incident response on holiday weekends

Channel Futures logo 400

Newsroom

Ransomware recommendations for holiday weekends: have 24×7 SOC personnel monitoring networks for any unauthorized or suspicious activity, so they can quickly shut down an attack before it reaches your crown jewels

SINET-award-2022-Aug-18-2022-11-48-55-20-PM

Newsroom

CardinalOps Advances to Final Round of 2022 SINET16 Innovator Awards. Previous winners: CrowdStrike, Cylance, Phantom, FireEye, Siemplify, Axonius, Orca, TwistLock, SafeBreach, and CyCognito.

Dark Reading Logo 520

Newsroom

China-backed RedAlpha APT builds sprawling cyber-espionage infrastructure. China responsible for two of the largest data breaches in history — Anthem and OPM.

SC-Media-resource

Newsroom

MSP-hosted Exchange servers may have been compromised via unpatched vulnerability. Organizations should implement MITRE ATT&CK T1595 (Active Scanning) and T1505.003 (Server Software Component: Web Shell) to alert on attempts to install malicious software on critical servers.

Screen Shot 2022-08-15 at 4.31.41 PM

Newsroom

Leveraging AI and Automation with MITRE ATT&CK to Eliminate Detection Coverage Gaps in Your SOC

The-Saas-awards-smll

Newsroom

CardinalOps Shortlisted for Best Security Innovation Category in SaaS Awards — previous winners in this category have included SIEMplify, Kenna Security, and Vectra

SANS logo 1240x600-1

Newsroom

CardinalOps Sponsors SANS Webinar with Google's Dr. Anton Chuvakin and Critical Start's Randy Watkins on "Demystifying SIEM, EDR, XDR & MDR"

CSO logo

Newsroom

Colonial Pipeline raised visibility for mitigations like network segmentation, which MITRE ATT&CK (M1030) categorizes as essential to preventing access to safety-critical systems.

The Record

Newsroom

Admins need PowerShell, so NSA simply being realistic in recommending not to disable it but instead continuously monitor for suspicious behavior (MITRE ATT&CK T1059).

Dark Reading Logo 520

Newsroom

Lebanese APT uses MITRE ATT&CK T1133. Recommended mitigations: create SIEM detection queries to examine authentication logs for unusual access patterns.

SC-Media-resource

Newsroom

SIEMs not detecting a huge percentage of MITRE ATT&CK. Analytics and automation can make the SOC more effective and enable better utilization of the existing security stack.

DICE Logo

Newsroom

Lessons from Colonial Pipeline ransomware attack: Eliminate monitoring blind spots in your SOC using MITRE ATT&CK

Enterprise Security Tech-1

Newsroom

Enterprise SIEMs are Missing Detections for 4 out of 5 of All MITRE ATT&CK Techniques

BETA News 600

Newsroom

Enterprise SIEMs fall short on detecting attacks, based on analysis of MITRE ATT&CK coverage for production SIEMs

Cardinal-ops-logo-resource

Newsroom

Data Shows Enterprise SIEMs Detect Fewer Than 5 of the Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild

Security Magazine

Newsroom

What the SolarWinds lawsuit teaches boards and management teams about cybersecurity standards of due care

Security Boulevard 450x450

Newsroom

Why going after MSPs is an increasingly common type of supply chain attack

Security Magazine

Newsroom

Using standards like MITRE ATT&CK and VERIS to develop a common language and taxonomy about cyberattacks

Security Boulevard 450x450

Newsroom

Use MITRE ATT&CK to ensure you have detections for the latest adversary techniques employed by Chinese attackers such as DeepPanda

SC-Media-resource

Newsroom

Modern SOCs need AI-powered automation to address constant change in threats and business priorities — plus an exponential increase in complexity

DICE Logo

Newsroom

Or Saya, cybersecurity architect at CardinalOps, describes what it takes to become an information security analyst in today's hot job market

SC-Media-resource

Newsroom

Remediation advice emerges for Spring4Shell vulnerability

The Street Logo-1

Newsroom

Industrial control systems remain juicy targets because they typically don't have the same level of security monitoring as corporate IT networks

CPO-magazind-resource

Newsroom

Most high-profile attacks are the result of poor security practices such as having a high number of open remote access ports accessible from the internet (Colonial Pipeline)

The Street Logo-1

Newsroom

Industrial control systems remain juicy targets because they typically don't have the same level of security monitoring as corporate IT networks

VentureBeat Logo 440-1

Newsroom

Most high-profile attacks are the result of poor security practices such as insufficient monitoring to detect suspicious activities (OPM breach)

Datamation 1400x400

Newsroom

Top SIEM Trends in 2022

Cardinal-ops-logo-resource

Newsroom

CardinalOps Shortlisted for Best Security Innovation Category in SaaS Awards — previous winners in this category have included SIEMplify, Kenna Security, and Vectra

SANS logo 1240x600

Newsroom

CardinalOps Sponsors SANS Webinar with Dr. Anton Chuvakin on "The Future of SIEM"

Security Boulevard 450x450

Newsroom

Lapsus$ could very well be the next big supply chain attack

Dark Reading Logo 520

Newsroom

How Should My Security Analyst Use the MITRE ATT&CK Framework?

Dark Reading Logo 520

Newsroom

CardinalOps identifies and remediates gaps in threat detection coverage, powered by AI

Cardinal-ops-logo-resource

Newsroom

CardinalOps Raises $17.5M Series A on Market Traction with Global Enterprise Customers and MSSPs/MDRs

VentureBeat Logo 440

Newsroom

Working smarter, not harder to optimize your SIEM/XDR

Channel Futures logo 400

Newsroom

Helping MSSPs/MDRs scale while supporting multiple SIEM/XDR platforms with limited staff

GeekTime 300x300

Newsroom

No matter how many cybersecurity solutions you have, you are probably not using them optimally — and this startup wants to fix it

Calcalist Ctech logo 300x300-1

Newsroom

CardinalOps secures $17.5 million Series A to map cyber threats

securityweek_logo 300x300

Newsroom

CardinalOps Raises $17.5 Million for Threat Coverage Optimization Platform

SC-Media-resource

Newsroom

SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users

CPO-magazind-resource

Newsroom

SIEM Rules’ Threat Coverage Is Far Less Than What’s Expected; 84% of MITRE ATT&CK Threats Are Not Covered

Cardinal-ops-logo-resource

Newsroom

Research: Enterprise SIEMs Unprepared for 84% of MITRE ATT&CK Tactics and Techniques

Introducing CardinalOps Threat Coverage Optimization Platform

threat-coverage-icon
Threat Coverage Gap Analysis
  • Identify actual coverage vs. MITRE ATT&CK
  • Identify missing and broken rules 
  • Identify missing and incomplete log sources
  • Real-time Threat Coverage Metric
threat-coverage-icon
Organization Specific AI-based Recommendations
  • Asset-based priorities
  • Threat Intel priorities
  • Log-source priorities
  • Peer-based priorities
  • Custom priorities (optional)
threat-coverage-icon
Safe Deployment
  • Continuous impact analysis (before, during and after deployment)
  • Inspired by DevOps CI/CD processes, TCO embraces agile methodologies