Author: ReZa AdineH
-
Threat modelling for threat detection
Introduction: Security operations centers (SOCs) play a critical role in protecting an organization’s assets and infrastructure. Threat modeling is a critical component of modern security practices and allows SOCs to identify, analyze, and prioritize potential security threats. In this paper, we will focus on the use of the attack tree method and the MITRE Matrix…
-
A quick review on The Security Operations Center Capability Maturity Model Framework
Introduction: The Security Operations Center (SOC) Capability Maturity Model (CMM) is a framework that provides organizations with a comprehensive and systematic approach to improving their security operations capabilities. It is designed to help organizations assess their current state of security operations maturity and identify areas for improvement. The SOC-CMM framework is based on the principles…
-
A quick review on malware reverse engineering
Introduction: Malware reverse engineering is the process of analyzing malicious software to understand its behavior, functions, and potential impact. It is a critical aspect of the cybersecurity landscape, as it provides valuable insights into the inner workings of malware, allowing security researchers and incident responders to better defend against future attacks. This white paper provides…
-
Zero Trust Architecture
Introduction: Zero trust architecture is a cybersecurity approach that assumes that all network traffic is untrusted until proven otherwise. This means that every device, user, and system must be authenticated and authorized before being granted access to the network. Zero trust architecture helps to reduce the attack surface, minimize the risk of data breaches, and…
-
A quick review on Cyber Threats trends and perspective
Introduction: Cybersecurity has become a critical issue for organizations in all industries as the number and sophistication of cyber threats continue to increase. In order to effectively defend against these threats, organizations must have a clear understanding of the current trends and perspectives in the cyber threat landscape. In this technical white paper, we will…
-
A quick review on the evolution of SIEM over the past decade.
In the early days of SIEM, the focus was primarily on log management and compliance reporting. However, as the threat landscape has evolved, the capabilities of SIEM solutions have expanded to include real-time threat detection and response. Today, SIEM solutions are seen as a critical component of an organization’s security infrastructure, providing a centralized view…
-
A quick review on SIEM deployment
SIEM deployment SIEM (Security Information and Event Management) is a critical component of an organization’s security infrastructure, providing a centralized platform for the collection, analysis, and correlation of security-related data from a variety of sources. A properly deployed SIEM can provide organizations with real-time visibility into their security posture, enabling them to quickly identify and…
-
A quick review on Splunk
time operational intelligence. With its ability to collect, store, and analyze large amounts of machine-generated data, Splunk has become a popular solution for organizations looking to improve their security operations and incident response capabilities. Technical Architecture: Splunk is built on a distributed architecture that allows organizations to easily scale the platform to meet their specific…
-
Technical checklist for evaluating a SIEM:
Here we have some general point to consider for SIEM evaluation: Note: This checklist is meant to be a general guide and the factors to consider may vary based on the specific requirements of your organization.
-
A quick review on MISP Malware Information Sharing Platform and Threat Sharing
Introduction: MISP (Malware Information Sharing Platform and Threat Sharing) is an open-source platform for sharing and exchanging threat intelligence information. It is designed to allow organizations to collaborate and share information about emerging cyber threats, as well as to provide a centralized repository for storing and managing threat intelligence data. Features and Functionality: MISP provides…
ReZaAdineH 