logo-white

Resources

Security Boulevard 450x450

Newsroom

Adaptable ‘Swiss Army Knife’ Malware a Growing Threat: "It's not surprising that adversaries are investing time and resources to develop sophisticated, Swiss Army knife-style frameworks rather than point solutions. The MITRE ATT&CK framework describes the multiple steps executed by adversaries to compromise your organization — such as gaining initial access, elevating privileges, moving laterally, and encrypting data with ransomware — so multi-purpose malware is more effective because it can execute multiple stages of this complex kill chain."

2023 cropped Cyber Security Excellence Awards

Newsroom

CardinalOps Selected as Gold Winner in 2023 Cybersecurity Excellence Awards: Recognized for innovation in providing a Detection Posture Management platform that leverages automation and MITRE ATT&CK to eliminate critical coverage gaps in the SOC. Past winners include industry leaders CrowdStrike, Mandiant, Tanium, and Palo Alto Networks.

SC-Media-resource

Newsroom

How detection posture management helps CISOs track the right metrics, justify security budgets, and drive continuous improvement in security operations.

The Street Logo

Newsroom

Russia Engages With Ukraine on Cyber Battlefield: "Wiper malware has been used to target Ukraine since at least 2015 due to efforts by adversary groups like Sandworm, a unit of Russian GRU military intelligence. An updated version was used in destructive attacks against Ukrainian networks in February 2022 while Russia moved its troops into the country."

Infosecurity-Mar-14-2023-04-34-50-4860-PM

Newsroom

CISA Calls For Increased Vigilance One Year After Ukraine's Russian Invasion: Gaining more high-fidelity detections at all security layers (endpoint, network, email, IAM, cloud, etc.) — and moving to the cloud — are the key lessons we can take from the past year.

securityweek_logo 300x300

Newsroom

A Year of Conflict: Cybersecurity Industry Assesses Impact of Russia-Ukraine War: "Ukraine has significantly boosted its security monitoring capabilities in the past few years, with the technical assistance of western allies, so they can quickly detect these attacks and respond to them before they can have a major impact.”

SC-Media-resource

Newsroom

What CISOs don’t know about their SOCs, by Michael Mumcuoglu, CardinalOps CEO: Manual, ad-hoc SIEM processes are under-equipped to handle constant change in both adversary techniques and security data sources. MITRE ATT&CK has become a standard for measuring attack preparedness, but SOC teams often find it difficult to measure. With no easy way to map current detection coverage to MITRE ATT&CK, it’s easy for blind spots to exist. Automation and analytics can help.

SC-Media-resource

Newsroom

Top SOC challenges for the cloud in 2023: Cloud changes everything — including how we do threat detection and response. Traditional ways of securing endpoints simply don't apply to serverless functions in the cloud. How do you do forensics on them if they typically exist for no more than 60 seconds? How do you manage your SIEM? Securing the cloud requires entirely new data sources to be ingested, such as logs from cloud storage buckets and cloud admin consoles, while traditional log sources such as Windows Event Logs are likely not required anymore.

CSO logo

Newsroom

Economic headwinds could deepen the cybersecurity skills shortage, resulting increasing workloads on existing staff, job requisitions open for weeks or months, and high burnout rates and attrition for cybersecurity professionals. Thus, the proliferation of vendors such as CardinalOps who aim to bridge the detection engineering gap with analytics and automation.

SC-Media-resource

Newsroom

Initial access via malicious LNK files is a clever technique that's been used for years, including in the Stuxnet attacks first uncovered in 2010. It's effective because it exploits a fundamental feature of Windows, which is automatically launching executables using the metadata stored in the LNK file. In these recent examples, the executable is a PowerShell script that downloads and executes a malicious binary from a remote, adversary-controlled host.

BETA News 600

Newsroom

Enterprise security predictions for 2023: Michael Mumcuoglu, CardinalOps CEO, says critical stakeholders will increasingly ask CISOs to report on their defensive posture with respect to attacks that can have a material impact on the organization, using metrics based on industry-standard frameworks such as MITRE ATT&CK.

Security Magazine

Newsroom

In 2023, we’ll see automation move into the few remaining areas of SecOps that are still dependent on manual processes. These areas include threat exposure management, which helps holistically address questions such as “How prepared are we to detect and respond to the adversaries most likely to target our organization?” Another area that will become more automated is detection engineering, which is still highly dependent on specialized expertise and tribal knowledge.

Information Week logo

Newsroom

CIO Priorities for 2023 should include cybersecurity investments that support the business, such as cloud initiatives that can lead to new customers and revenue streams.

SC-Media-resource

Newsroom

‘Black Proxies’ use 187,000-plus IP addresses to launch credential stuffing attacks: SOCs should monitor for unusual or unauthorized behavior rather than relying on static IOCs like IP addresses. MITRE ATT&CK is a much more reliable method of detecting these types of attacks because it tracks the TTPs of several hundred APTs based on their known playbooks rather than static IOCs.

Dark Reading Logo 520

Newsroom

DEV-0569 Ransomware Group Remarkably Innovative, Microsoft Cautions: Malicious Google Ads are tough to defend against, so security teams must focus on minimizing fallout once a ransomware attack occurs. That means making sure the SoC has detections in place for suspicious or unauthorized behavior, such as privilege escalation and the use of living-off-the-land admin tools like PowerShell and remote management utilities.

Cybersecurity Dive Logo

Newsroom

2023 Predictions by CardinalOps CEO Michael Mumcuoglu: 2023 is likely to be the year executives, boards, and auditors demand better cyber reporting around business risk and their defensive posture.

Dark Reading Logo 520

Newsroom

CISA: Just-Disclosed Palo Alto Networks Firewall Bug Under Active Exploit. The good news is that this vulnerability does not provide attackers with access to the victim's internal network. The bad news is that it can halt business-critical operations such as taking orders and handling customer service requests.

CISO Series — David Spark

Newsroom

SIEMs are failing. According to the 2022 State of SIEM Detection Risk by CardinalOps, enterprise SIEMs only address 5 of the top 14 ATT&CK techniques used in the wild. Are the SIEMs failing or do the users not know how to configure them — or is it both?

CyberWire logo 400x400

Newsroom

CyberWire Daily Briefing: MITRE ATT&CK v12 in Research & Development

CardinalOps logo with tagline 400x1440

Newsroom

CardinalOps contributes new sub-technique to MITRE ATT&CK v12 that adversaries use to bypass multi-factor authentication (MFA). Detecting the new T1556.006 sub-technique is an important control for implementing zero-trust.

VMware Blog

Newsroom

CardinalOps Recognized for Contributing Security Research to MITRE ATT&CK v12

SC-Media-resource

Newsroom

Microsoft identifies issues with Kerberos authentication on certain Windows Servers, resulting in failed logins and failed RDP connections. Fix could take weeks.

Dark Reading Logo 520

Newsroom

Why You Want Vets in Your Cyber Platoon: "They understand how to put themselves in the minds of adversaries. What is our attack surface? Where and how are we most likely to be attacked? How can we detect our adversaries' attacks in the early stages and quickly respond?"

Security Boulevard 450x450

Newsroom

Nearly a third of CISOs in the US and UK are considering leaving their current role. "What needs to change? The CISO’s peers in the business need to understand that cybersecurity risk is a top business risk, not just an IT issue, and they need to allocate higher budgets to support a higher level of staffing in the SOC."

CardinalOps logo with tagline 400x1440

Newsroom

CardinalOps Hosts Black Hat Webinar with Google's Dr. Anton Chuvakin on "SOC Modernization - Where Do We Go From Here?" Why SOC modernization extends beyond automation alone, providing an opportunity to incorporate human creativity and innovation as a strategic force multiplier

Black Unicorn 2022 Finalist

Newsroom

CardinalOps Selected as Finalist for Black Unicorn Awards. Previous winners include: Armis, Siemplify, Checkmarx, Ermetic, Attivo Networks, Noname Security

SC-Media-resource

Newsroom

"No matter what name is used for text4shell, it's serious. With a CVSS score of 9.8, it lets a threat actor open a reverse shell simply via a specially crafted payload. If you can't patch, make sure you have SIEM/XDR detection rules as a compensating control."

Dark Reading Logo 520

Newsroom

"Hiring in a tough labor market requires open-mindedness — look for people with key traits like a willingness to learn, an analytical 'hacker mindset' when discovering the unknown, creativity, and attention to detail."

The Record

Newsroom

Microsoft investigating alleged Exchange zero-day exploited by Lockbit gang, now #1 ransomware gang worldwide

DICE Logo

Newsroom

SOC Analyst: How Can Technologists and Cybersecurity Pros Get Started? "Demonstrate the ability to think through problems and explain how you arrive at solutions."

crowdstrike-logo2

Newsroom

CardinalOps Expands Detection Posture Management Platform to Enable Operationalization of MITRE ATT&CK Across Diverse SOC Tools

SC-Media-resource

Newsroom

Twitter whistleblower case: "Mudge has a ton of credibility as a former ethical hacker and cybersecurity expert at Google and DARPA. Boards and management teams should beware of rosy reports from executives about security and privacy controls."

Security Magazine

Newsroom

Former Twitter security chief describes deficiencies including uncontrolled internal access to privileged accounts, inability to control bots and disinformation, wide internal access to source code, lack of a secure SDLC

Threatpost logo-1

Newsroom

Human Error Blamed for Leak of 1 Billion Records of Chinese Citizens: Organizations should establish a layered defense and behavior detection model to detect anomalous activity

Security Magazine

Newsroom

Tips to bolster cybersecurity & incident response on holiday weekends

Channel Futures logo 400

Newsroom

Ransomware recommendations for holiday weekends: have 24×7 SOC personnel monitoring networks for any unauthorized or suspicious activity, so they can quickly shut down an attack before it reaches your crown jewels

SINET-award-2022-Aug-18-2022-11-48-55-20-PM

Newsroom

CardinalOps Advances to Final Round of 2022 SINET16 Innovator Awards. Previous winners: CrowdStrike, Cylance, Phantom, FireEye, Siemplify, Axonius, Orca, TwistLock, SafeBreach, and CyCognito.

Dark Reading Logo 520

Newsroom

China-backed RedAlpha APT builds sprawling cyber-espionage infrastructure. China responsible for two of the largest data breaches in history — Anthem and OPM.

SC-Media-resource

Newsroom

MSP-hosted Exchange servers may have been compromised via unpatched vulnerability. Organizations should implement MITRE ATT&CK T1595 (Active Scanning) and T1505.003 (Server Software Component: Web Shell) to alert on attempts to install malicious software on critical servers.

Screen Shot 2022-08-15 at 4.31.41 PM

Newsroom

Leveraging AI and Automation with MITRE ATT&CK to Eliminate Detection Coverage Gaps in Your SOC

The-Saas-awards-smll

Newsroom

CardinalOps Shortlisted for Best Security Innovation Category in SaaS Awards — previous winners in this category have included SIEMplify, Kenna Security, and Vectra

SANS logo 1240x600-1

Newsroom

CardinalOps Sponsors SANS Webinar with Google's Dr. Anton Chuvakin and Critical Start's Randy Watkins on "Demystifying SIEM, EDR, XDR & MDR"

CSO logo

Newsroom

Colonial Pipeline raised visibility for mitigations like network segmentation, which MITRE ATT&CK (M1030) categorizes as essential to preventing access to safety-critical systems.

The Record

Newsroom

Admins need PowerShell, so NSA simply being realistic in recommending not to disable it but instead continuously monitor for suspicious behavior (MITRE ATT&CK T1059).

Dark Reading Logo 520

Newsroom

Lebanese APT uses MITRE ATT&CK T1133. Recommended mitigations: create SIEM detection queries to examine authentication logs for unusual access patterns.

SC-Media-resource

Newsroom

SIEMs not detecting a huge percentage of MITRE ATT&CK. Analytics and automation can make the SOC more effective and enable better utilization of the existing security stack.

DICE Logo

Newsroom

Lessons from Colonial Pipeline ransomware attack: Eliminate monitoring blind spots in your SOC using MITRE ATT&CK

BETA News 600

Newsroom

Enterprise SIEMs fall short on detecting attacks, based on analysis of MITRE ATT&CK coverage for production SIEMs

Cardinal-ops-logo-resource

Newsroom

Data Shows Enterprise SIEMs Detect Fewer Than 5 of the Top 14 MITRE ATT&CK Adversary Techniques Used in the Wild

Security Magazine

Newsroom

What the SolarWinds lawsuit teaches boards and management teams about cybersecurity standards of due care

Security Boulevard 450x450

Newsroom

Why going after MSPs is an increasingly common type of supply chain attack

Security Magazine

Newsroom

Using standards like MITRE ATT&CK and VERIS to develop a common language and taxonomy about cyberattacks

Security Boulevard 450x450

Newsroom

Use MITRE ATT&CK to ensure you have detections for the latest adversary techniques employed by Chinese attackers such as DeepPanda

SC-Media-resource

Newsroom

Modern SOCs need AI-powered automation to address constant change in threats and business priorities — plus an exponential increase in complexity

DICE Logo

Newsroom

Or Saya, cybersecurity architect at CardinalOps, describes what it takes to become an information security analyst in today's hot job market

SC-Media-resource

Newsroom

Remediation advice emerges for Spring4Shell vulnerability

The Street Logo-1

Newsroom

Industrial control systems remain juicy targets because they typically don't have the same level of security monitoring as corporate IT networks

CPO-magazind-resource

Newsroom

Most high-profile attacks are the result of poor security practices such as having a high number of open remote access ports accessible from the internet (Colonial Pipeline)

The Street Logo-1

Newsroom

Industrial control systems remain juicy targets because they typically don't have the same level of security monitoring as corporate IT networks

VentureBeat Logo 440-1

Newsroom

Most high-profile attacks are the result of poor security practices such as insufficient monitoring to detect suspicious activities (OPM breach)

Datamation 1400x400

Newsroom

Top SIEM Trends in 2022

Cardinal-ops-logo-resource

Newsroom

CardinalOps Shortlisted for Best Security Innovation Category in SaaS Awards — previous winners in this category have included SIEMplify, Kenna Security, and Vectra

SANS logo 1240x600

Newsroom

CardinalOps Sponsors SANS Webinar with Dr. Anton Chuvakin on "The Future of SIEM"

Security Boulevard 450x450

Newsroom

Lapsus$ could very well be the next big supply chain attack

Dark Reading Logo 520

Newsroom

How Should My Security Analyst Use the MITRE ATT&CK Framework?

Dark Reading Logo 520

Newsroom

CardinalOps identifies and remediates gaps in threat detection coverage, powered by AI

Cardinal-ops-logo-resource

Newsroom

CardinalOps Raises $17.5M Series A on Market Traction with Global Enterprise Customers and MSSPs/MDRs

VentureBeat Logo 440

Newsroom

Working smarter, not harder to optimize your SIEM/XDR

Channel Futures logo 400

Newsroom

Helping MSSPs/MDRs scale while supporting multiple SIEM/XDR platforms with limited staff

GeekTime 300x300

Newsroom

No matter how many cybersecurity solutions you have, you are probably not using them optimally — and this startup wants to fix it

Calcalist Ctech logo 300x300-1

Newsroom

CardinalOps secures $17.5 million Series A to map cyber threats

securityweek_logo 300x300

Newsroom

CardinalOps Raises $17.5 Million for Threat Coverage Optimization Platform

Enterprise Security Tech-1

Newsroom

Enterprise SIEMs are Missing Detections for 4 out of 5 of All MITRE ATT&CK Techniques

SC-Media-resource

Newsroom

SIEM rules ignore bulk of MITRE ATT&CK framework, placing risk burden on users

Cardinal-ops-logo-resource

Newsroom

Research: Enterprise SIEMs Unprepared for 84% of MITRE ATT&CK Tactics and Techniques

Introducing CardinalOps Threat Coverage Optimization Platform

threat-coverage-icon
Threat Coverage Gap Analysis
  • Identify actual coverage vs. MITRE ATT&CK
  • Identify missing and broken rules 
  • Identify missing and incomplete log sources
  • Real-time Threat Coverage Metric
threat-coverage-icon
Organization Specific AI-based Recommendations
  • Asset-based priorities
  • Threat Intel priorities
  • Log-source priorities
  • Peer-based priorities
  • Custom priorities (optional)
threat-coverage-icon
Safe Deployment
  • Continuous impact analysis (before, during and after deployment)
  • Inspired by DevOps CI/CD processes, TCO embraces agile methodologies
CardinalOps
soc-2_logo
© 2023 CardinalOps    |   Privacy Policy   |   Terms of Use