:-)

Webinar Q&A from Modern Network Threat Detection and Response

As promised, here is my lightly edited Q&A from a recent webinar called “Modern Network Threat Detection and Response.” Questions about vendors are removed, and some are edited for clarity. Q: I ...
Untold Number of Discover Card Account Holders Notified of Data Breach

Untold Number of Discover Card Account Holders Notified of Data Breach

An undisclosed number of Discover card account holders have learned of a data breach that might have compromised their account information. According to Bleeping Computer, Discover Financial Services first learned of the ...
SP-2019-366328 0001

Our “Solution Path for Implementing Threat Detection and Incident Response” Publishes

As you can see below, we have written a lot of research over the years, and it would be handy to have a roadmap for the readers. This is especially useful for ...

Deception vs Analytics, or Can Analytics Catch True Unknown Unknowns?

This is a debate post, and not a position post. The question alluded therein (hey… I said “alluded therein” to sound like Dan Geer, no?) has been bugging us for some time, ...

Is Encryption an NTA / NIDS / NFT Apocalypse?

Here is a funny one: does pervasive traffic encryption KILL Network Traffic Analysis (NTA) dead? Well, OK, not truly “kill it dead,” but push it back to 2002 when it was called ...

NTA: The Big Step Theory

Let’s come back from the world where the endpoint won the detection and response wars to this one. As we are ramping up our NTA (but, really, broader NDR for network-centric detection ...
Visibility as a Service Webinar

Help, I Have Moved to Containers and Now I’m Blind

Containers and microservices are becoming a very popular option for deploying applications. There are many benefits of containers, faster deployments, reproducibility of environments, cost optimizations, isolation, and flexibility in general. There is ...

Network Anomaly Detection Track Record in Real Life?

As I allude here, my long-held impression is that no true anomaly-based network IDS (NIDS) has ever been successful commercially and/or operationally. There were some bits of success, to be sure (“OMG ...

Clarifying the Misconceptions: Monitoring and Auditing for Container Security

An effective container security strategy consists of many parts. Organizations should first secure the build environment using secure code control along with build tools and controllers. Next, they should secure the contents ...

Our 2018 Update to “How to Plan, Design, Operate and Evolve a SOC” Publishes

| | Detection, Monitoring, security, SOC
As Augusto already announced awhile ago, we have updated our “how to SOC” paper for 2018. His post even includes our main guidance visual (!), made that much more awesome by our ...
Loading...