Exchange exploitation and architecting for visibility
By Alex Kirk, Corelight Global Principal for Suricata The new Microsoft Exchange vulnerabilities disclosed earlier this month highlight the importance of architecting for security visibility on the network. At most organizations the communications between users and Exchange servers are encrypted. The initial malicious payload and web shells planted upon successful ... Read More
Beating alert fatigue with integrated data
By Alex Kirk, Corelight Global Principal for Suricata More than 15 years after Gartner declared that “IDS is dead” because it was too noisy to be effectively managed, alert fatigue continues to be a central theme of life in modern SOCs, with a majority of SOCs still unable to process ... Read More
Zeek & Sigma: Fully Compatible for Cross-SIEM Detections
By Alex Kirk, Corelight Global Principal for Suricata Corelight recently teamed up with SOC Prime, creators of advanced cyber analytics platforms, to add support for the entire Zeek data set into Sigma, the only generic signature language that enables cross-SIEM detections from a single toolset. Generally available as of last ... Read More