User vulnerabilities, threat hunting and MDATP
For almost every organization security is important, no matter that we are talking about physical security or digital. This fact won’t be written over neither the type of the organization/company nor the size of it. In the digital world often we make the mistake that we lay back behind the safety of firewall, antivirus and email filers. And not caring about the education of our employees in information security.
Transforming Splunk to a semi-SOAR platform
SOAR (Security Orchestration, Automation and Response) is a solution stack of compatible software programs that allow an organization to collect data about security threats from multiple sources and respond to low-level security events without human assistance. The goal of using a SOAR stack is to improve the efficiency of physical and digital security operations.
Why Proxy-Based Firewalls Are Not Enough
The first proxy-based firewalls achieved the basic task of controlling which websites users could access on the Internet. Since then, the technology has developed and evolved to provide additional features like malware detection and blocking, in-line data loss prevention (DLP), SSL/TLS inspection and bandwidth control.
Coronavirus panic at the service of government-backed hacker groups
As we wrote in a previous post, the current pandemic is an excellent source of cyber attacks (as well). However, it is not only profit-making that is behind these operations, but the political, ideological load is at least as crucial as monetization. For groups with a state background (almost infinite availability of financial, material and human resources), another phenomenon has emerged at the global level, affecting most people (in this case everyone).
Banking Trojan TrickBot got a new module
A banking trojan, like any “common” trojan, is a malicious program that disguises itself as a real, harmless application. Its purpose is to steal sensitive information from users (login details, financial information, credit card details, etc). In addition, the banking trojans use various solutions to create botnets, steal login credentials, inject malicious code into browsers, and to steal money.
Like the pandemic wouldn’t be enough: recent coronavirus themed cyber attacks
People are alarmed, scared, or even in panic. Numerous companies already had or currently transitioning their everyday work to Home Office environments (RDP,VPN). Hence the borderline between the corporate infrastructure (as a target) and the employee’s home network is becoming more and more blurred.
SIEM is not enough, widening SOC visibility with open source tools
For a SOC (Security Operations Center) it is vital to continuously be informed about the events of the monitored network on a centralized platform. The SIEM (Security Information and Event Management) system performs this task. It harvests the information from various log sources and – in accordance with the settings – generates security events.
NETWORK THREAT HUNTING WITH NETFLOW
Threat hunting is a good old process in the field of Cybersecurity. It covers human-driven analytics and searching through datasets (networks, endpoints, security solutions, etc.), in order to detect malicious activities, which could’ve evaded detection by existing IDPS or other automated detections.