Building a better detection ecosystem
The Threat Research/Threat Hunting/Detection Engineering Ecosystem In the past couple of months, there have been numerous discussions on social media forums about how threat hunting methodologies overlap with detection engineering. Kostas (@Kostastsale), who’s a member of TheDFIRReport, recently wrote an excellent blog post on detection engineering vs. threat hunting. ... Read More
Defending in a hostile environment: Key findings from the BlackHat NOC
Key points The Black Hat network is more unique and complex than a standard enterprise network due to the number and diversity of devices connected, the abundance of trainings and labs that occur, and the rapid nature of the engagement itself. Over the course of the conference, our IronDefense NDR ... Read More
Robin Banks might be robbing your bank
Key points from our research: Robin Banks is a phishing-as-a-service (PhaaS) platform, first seen in March 2022, selling ready-made phishing kits to cyber criminals aiming to gain access to the financial information of individuals residing in the U.S., as well as the U.K., Canada, and Australia. In mid-June, IronNet researchers ... Read More
IronNet security notifications related to Log4j vulnerability
IronNet product/engineering efforts in response to log4j vulnerability: IronNet is aware of unpatched/vulnerable instances of log4j in our code and that of third-party vendors used within our code. At this time, we only can speculate as to the “exploitability” therein. Always keeping our customers’ best interests in mind and erring ... Read More
Detecting ransomware: three research-based recommendations
It seems like new ransomware incidents are now almost a daily occurrence. Victims large and small represent a variety of sectors, including health and education providers, critical services, corporate enterprises, and government entities. And for every compromise involving ransomware that makes its way to the public, there are likely many ... Read More