Early in the cyberattack kill chain, reconnaissance enables attackers to assemble critical network information to plan a tailored attack strategy. In this phase, adversaries aim to map out networks and their users, and locate system vulnerabilities, without setting off alarms. Proactive monitoring and early detection of this activity can disrupt attackers in their tracks and … [Read more...] about Inside CrowdStrike’s New ML-Powered LDAP Reconnaissance Detections
Detections
Fight Alert Fatigue with Accurate Detections
In today's rapidly evolving cybersecurity landscape, the importance of detection fidelity cannot be overstated. Security operations center (SOC) teams are overwhelmed by the sheer volume and complexity of alerts and challenged to differentiate genuine threats from false positives. Recent data shows 37% of organizations report that the volume and complexity of security alerts … [Read more...] about Fight Alert Fatigue with Accurate Detections
Falcon Fusion SOAR and Machine Learning-based Detections Automate Data Protection Workflows
Time is of the essence when it comes to protecting your data, and often, teams are sifting through hundreds or thousands of alerts to try to pinpoint truly malicious user behavior. Manual triage and response takes up valuable resources, so machine learning can help busy teams prioritize what to tackle first and determine what warrants further investigation. The new Detections … [Read more...] about Falcon Fusion SOAR and Machine Learning-based Detections Automate Data Protection Workflows
Relevant and Extended Detection with SecureX, Part Four: Secure Cloud Analytics Detections
In part one of this Relevant and Extended Detection with SecureX series, we introduced the notion of risk-based extended detection with Cisco SecureX – the idea that a user can prioritise detections into incidents based on their idea of what constitutes risk in their environments and then extend those detections with enrichments from other products. In subsequent posts we’ve … [Read more...] about Relevant and Extended Detection with SecureX, Part Four: Secure Cloud Analytics Detections
Relevant and Extended Detection with SecureX, Part Three: Behaviour-Based Detections with Secure Network Analytics
In part one of this Relevant and Extended Detection with SecureX series, we introduced the notion of risk-based extended detection with Cisco SecureX – the idea that a user can prioritise detections into incidents based on their idea of what constitutes risk in their environments and then extend those detections with enrichments from other products. In subsequent posts we are … [Read more...] about Relevant and Extended Detection with SecureX, Part Three: Behaviour-Based Detections with Secure Network Analytics
Relevant and Extended Detection with SecureX, Part Two: Endpoint Detections
In part one of this series we introduced the notion of risk-based extended detection with SecureX – the idea that a user can prioritise detections into incidents based on their idea of what constitutes risk in their environments and then extend those detections with enrichments from other products. In subsequent posts we are diving deeper into different Cisco Secure detection … [Read more...] about Relevant and Extended Detection with SecureX, Part Two: Endpoint Detections
How to Use RiskIQ to Enrich Detections with Internet Intelligence
Introduction In this article, we will show you how using the RiskIQ Illuminate app can enrich your CrowdStrike Falcon Insight detections with additional pivot features. RiskIQ Illuminate integrates with the CrowdStrike Falcon platform seamlessly to give security teams a 360° view of their attack surface helping them better detect threats and defend their enterprise. Available … [Read more...] about How to Use RiskIQ to Enrich Detections with Internet Intelligence
How to Use RiskIQ to Enrich Detections with Internet Intelligence
Introduction In this article, we will show you how using the RiskIQ Illuminate app can enrich your CrowdStrike Falcon Insight detections with additional pivot features. RiskIQ Illuminate integrates with the CrowdStrike Falcon platform seamlessly to give security teams a 360° view of their attack surface helping them better detect threats and defend their enterprise. Available … [Read more...] about How to Use RiskIQ to Enrich Detections with Internet Intelligence