Tag: Rezaadineh
-
Is Your SIEM Working Well Enough? An Introduction to Threat-Informed Security Monitoring
In today’s world, cybersecurity threats are more prevalent than ever before. Companies are facing a growing number of threats, including malware, phishing attacks, ransomware, and more. To combat these threats, many companies are turning to Security Information and Event Management (SIEM) systems to monitor their networks and detect potential threats in real-time. However, simply deploying…
-
Building a Comprehensive Security Posture: The Zero Trust Architecture
Introduction: In today’s constantly evolving cyber threat landscape, it is essential to implement a comprehensive cybersecurity infrastructure that utilizes centralized integrated threat detection methods. One approach that has gained popularity is the Zero Trust architecture, which considers all entities as untrusted by default and requires explicit authentication and authorization for accessing resources. This paradigm shift…
-
A quick review on SANS SEC 555 course on SIEM with technical analytics
SIEM with Tactical Analytics: A Technical White Paper Introduction: The purpose of this white paper is to provide an overview of the SANS SEC 555 course, “SIEM with Tactical Analytics.” This comprehensive training program is designed to teach security professionals how to implement and effectively use a Security Information and Event Management (SIEM) system. The…
-
Unlocking the Power of SIEM for Threat Detection and Incident Response”
Introduction: Security Information and Event Management (SIEM) is an important tool for protecting an organization’s assets and infrastructure. It provides real-time threat detection and analysis capabilities through the collection and analysis of security events from a variety of sources. In this paper, we will discuss the goals and key components of a SIEM, as well…
-
Threat modelling for threat detection
Introduction: Security operations centers (SOCs) play a critical role in protecting an organization’s assets and infrastructure. Threat modeling is a critical component of modern security practices and allows SOCs to identify, analyze, and prioritize potential security threats. In this paper, we will focus on the use of the attack tree method and the MITRE Matrix…
-
A quick review on The Security Operations Center Capability Maturity Model Framework
Introduction: The Security Operations Center (SOC) Capability Maturity Model (CMM) is a framework that provides organizations with a comprehensive and systematic approach to improving their security operations capabilities. It is designed to help organizations assess their current state of security operations maturity and identify areas for improvement. The SOC-CMM framework is based on the principles…
-
A quick review on malware reverse engineering
Introduction: Malware reverse engineering is the process of analyzing malicious software to understand its behavior, functions, and potential impact. It is a critical aspect of the cybersecurity landscape, as it provides valuable insights into the inner workings of malware, allowing security researchers and incident responders to better defend against future attacks. This white paper provides…
-
Zero Trust Architecture
Introduction: Zero trust architecture is a cybersecurity approach that assumes that all network traffic is untrusted until proven otherwise. This means that every device, user, and system must be authenticated and authorized before being granted access to the network. Zero trust architecture helps to reduce the attack surface, minimize the risk of data breaches, and…
-
A quick review on Cyber Threats trends and perspective
Introduction: Cybersecurity has become a critical issue for organizations in all industries as the number and sophistication of cyber threats continue to increase. In order to effectively defend against these threats, organizations must have a clear understanding of the current trends and perspectives in the cyber threat landscape. In this technical white paper, we will…
-
A quick review on the evolution of SIEM over the past decade.
In the early days of SIEM, the focus was primarily on log management and compliance reporting. However, as the threat landscape has evolved, the capabilities of SIEM solutions have expanded to include real-time threat detection and response. Today, SIEM solutions are seen as a critical component of an organization’s security infrastructure, providing a centralized view…
ReZaAdineH 