Security at scaleForrester stated in the EDR Wave that “Threat hunters can search data and visualize it with graphs and charts, and can also schedule queries.” The analyst firm also mentioned that “Elastic is best suited for security teams with a depth of knowledge that want a flexible offering with features of SIEM and EDR.” Elastic purposefully combined SIEM and EDR so that … [Read more...] about Forrester names Elastic a Strong Performer in the Endpoint Detection and Response Wave
detection
Stay on target: How accurate threat detection leads to better defense
The X-Wings began their run across the surface of the Death Star, racing to attack an exposed thermal exhaust port. Luke Skywalker was there, his tiny spacecraft rocking and shaking, buffeted by explosions. As he closed in on his target, Luke did something truly daring—he switched off his targeting system. He was now relying solely on the Force to help him find his … [Read more...] about Stay on target: How accurate threat detection leads to better defense
Enhancing Fileless Attack Detection with Memory Scanning
CrowdStrike introduces memory scanning into the CrowdStrike Falcon® sensor for Windows to enhance existing visibility and detection of fileless threats The Falcon sensor integrates Intel threat detection technology to perform accelerated memory scanning for malicious byte patterns Memory scanning is optimized for performance on Intel CPUs, including high-performance operation, … [Read more...] about Enhancing Fileless Attack Detection with Memory Scanning
Logz.io Anomaly Detection: Alerting and Auto-Visualization
Moving beyond traditional monitoring to embrace full stack observability offers a seemingly endless range of benefits. Beyond unifying logs, metrics, and traces in a single platform, the opportunity to enlist advanced analytics and engage a more predictive approach represents another huge step forward.Applying powerful machine learning and artificial intelligence to … [Read more...] about Logz.io Anomaly Detection: Alerting and Auto-Visualization
Relevant and Extended Detection with SecureX, Part Four: Secure Cloud Analytics Detections
In part one of this Relevant and Extended Detection with SecureX series, we introduced the notion of risk-based extended detection with Cisco SecureX – the idea that a user can prioritise detections into incidents based on their idea of what constitutes risk in their environments and then extend those detections with enrichments from other products. In subsequent posts we’ve … [Read more...] about Relevant and Extended Detection with SecureX, Part Four: Secure Cloud Analytics Detections
The Right Way to Extend Detection and Response
This week we announced the general availability of CrowdStrike’s newest innovation, Falcon XDR, and I couldn’t be more excited. Using our same single, lightweight agent architecture, Falcon XDR enables security teams to bring in third-party data sources for a fully unified solution to rapidly and efficiently hunt and eliminate threats across multiple security domains. As George … [Read more...] about The Right Way to Extend Detection and Response
New Approach for Command Line Anomaly Detection
Suspicious command lines differ from common ones in how the executable path looks and the unusual arguments passed to them Bidirectional Encoder Representations from Transformers (BERT) embeddings can successfully be used for feature extraction for command lines Outlier detectors on top of BERT embeddings can detect anomalous command lines without the need for data labeling Our … [Read more...] about New Approach for Command Line Anomaly Detection
Relevant and Extended Detection with SecureX, Part Three: Behaviour-Based Detections with Secure Network Analytics
In part one of this Relevant and Extended Detection with SecureX series, we introduced the notion of risk-based extended detection with Cisco SecureX – the idea that a user can prioritise detections into incidents based on their idea of what constitutes risk in their environments and then extend those detections with enrichments from other products. In subsequent posts we are … [Read more...] about Relevant and Extended Detection with SecureX, Part Three: Behaviour-Based Detections with Secure Network Analytics
Introducing Falcon Hardware Enhanced Exploit Detection
Falcon adds a new feature that uses Intel hardware capabilities to detect complex attack techniques that are notoriously hard to detect. CrowdStrike’s new Hardware Enhanced Exploit Detection feature delivers memory safety protections for a large number of customers on older PCs that lack modern in-built protections. Once activated, the new feature detects exploits by analyzing … [Read more...] about Introducing Falcon Hardware Enhanced Exploit Detection
New BLISTER Malware Using Code Signing Certificates to Evade Detection
Cybersecurity researchers have disclosed details of an evasive malware campaign that makes use of valid code signing certificates to sneak past security defenses and stay under the radar with the goal of deploying Cobalt Strike and BitRAT payloads on compromised systems. The binary, a loader, has been dubbed "Blister" by researchers from Elastic Security, with the malware … [Read more...] about New BLISTER Malware Using Code Signing Certificates to Evade Detection