SOC (Security Operations Center) eszközkészlet és metodológiák használata
Discussion around ATT&CK often involves tactics, techniques, procedures, detections, and mitigations, but a significant element is often overlooked: data sources. Data sources for every technique provide valuable context and opportunities to improve your security posture and impact your detection strategy.
Detecting CVE-2020-1472 (CISA ED 20-04) Using Splunk Attack Range
Discussion around ATT&CK often involves tactics, techniques, procedures, detections, and mitigations, but a significant element is often overlooked: data sources. Data sources for every technique provide valuable context and opportunities to improve your security posture and impact your detection strategy.
Windows System Processes — An Overview For Blue Teams
The Windows operating system contains a lot of system processes that are present every time we boot our machines. These processes are responsible for a lot of things. From initialization and creating the user interface to loading the necessary drivers and DLL’s.
US Indicts Sandworm, Russia’s Most Destructive Cyberwar Unit
Nearly half a decade ago, the Russian hackers known as Sandworm hit Western Ukraine with the first-ever cyberattack to cause a blackout, an unprecedented act of cyberwar that turned off the lights for a quarter million Ukrainians. They were just getting started.
Making the most of XG Firewall v18 – Part 6
One of the great new features in XG Firewall v18 that we covered in Part 3 of this series is the new SD-WAN application and user-/group-based link selection capabilities. In this article, we’ll review how you can take advantage of those as a part of another new feature in XG Firewall v18: route-based IPsec VPN.
Making the most of XG Firewall v18 – Part 5
Anyone who’s tried to configure network address translation (NAT) rules knows how challenging this can be. But it doesn’t have to be.
Sophos XG Firewall includes an all-new powerful but intuitive NAT capability for source NAT (SNAT), destination NAT (DNAT), and other network translation tasks that actually makes NAT easy.
How to Provide a Secure Cloud Environment for Remote Workers
The shift to a global remote workforce is demonstrating just how difficult securing a cloud environment can be. This is especially true for organizations that host their infrastructure on-premises.
To address these challenges, many companies are migrating to the cloud, leveraging cloud service providers (CSPs) such as Amazon Web Services, Microsoft Azure, Google Cloud Platform, and Oracle Cloud. These public cloud providers offer cost-effective, scalable cloud computing solutions.
Introducing Hybrid Hunter, integrating Zeek (Bro) logs into IBM QRadar
The topic of this blog post is the introduction of the Hybrid Hunter open source security information and event management (SIEM) and threat hunter platform, and the integration of the included Zeek (Bro) logs into IBM QRadar, by creating a custom Device Support Module (DSM). The versions used for the presentation are Hybrid Hunter 2.1.0 RC2 and QRadar 7.3.2.
Microsoft Suspended 18 Azure Active Directory Apps That Operated by the Chinese APT Hackers
Recently, Microsoft has suspended 18 Azure active directory apps that have been operated by the Chinese APT hackers. These hackers are working on behalf of the Chinese government, and they received all their tools in the cloud, which has put all the employees of Microsoft quite busy.