Tag: Threat intelligence
-
A quick review on SOAR platforms
Introduction: In recent years, security operations teams have been inundated with a deluge of security alerts and incidents that are difficult to manage and resolve efficiently. As a result, organizations are increasingly turning to Security Orchestration, Automation and Response (SOAR) platforms to help them streamline their security operations and improve their response times. In this…
-
A quick review on SIEM Implementation Technical Capability and Maturity Model
Introduction Security Information and Event Management (SIEM) solutions are essential components of modern cybersecurity architectures. These solutions enable organizations to collect, correlate, and analyze security-related data from various sources, including logs, network traffic, and endpoint devices. By providing real-time threat detection and incident response capabilities, SIEM solutions help organizations protect their assets and data from…
-
OSINT against Threats
Introduction: Open Source Intelligence (OSINT) is the practice of collecting and analyzing publicly available information to gain insights into a particular subject or entity. In the realm of cybersecurity, OSINT can be an incredibly useful tool for threat hunting. By using OSINT, security teams can gather information about potential threats, including information about vulnerabilities, attacker…
-
Using Threat Intelligence to Conduct Effective Threat Hunting
Introduction Threat hunting is a proactive approach to detecting and responding to advanced cyber threats. The goal of threat hunting is to identify and mitigate potential threats before they can cause harm to an organization’s assets. Threat intelligence is an essential component of effective threat hunting. This white paper will explore the role of threat…
-
Adapting to the Evolving Cybersecurity Landscape: Strategies for Preventing and Detecting Threats
Introduction: The cybersecurity landscape has changed significantly in recent years, with cybercriminals becoming increasingly sophisticated and targeting organizations of all sizes and industries. The COVID-19 pandemic has further amplified this trend, with remote work and the increased use of online services creating new cybersecurity risks. As a result, cybersecurity professionals must stay vigilant and adopt…
-
Do you think your SIEM is enough?
Is Your SIEM Working Well Enough? Many companies use Security Information and Event Management (SIEM) technology to support their cybersecurity programs. SIEM allows for the real-time collection and historical analysis of security events from a wide variety of sources, helping to detect threats and support incident response. However, it is important to ensure that your…
-
Is Your SIEM Working Well Enough? An Introduction to Threat-Informed Security Monitoring
In today’s world, cybersecurity threats are more prevalent than ever before. Companies are facing a growing number of threats, including malware, phishing attacks, ransomware, and more. To combat these threats, many companies are turning to Security Information and Event Management (SIEM) systems to monitor their networks and detect potential threats in real-time. However, simply deploying…
-
A quick review on Splunk
time operational intelligence. With its ability to collect, store, and analyze large amounts of machine-generated data, Splunk has become a popular solution for organizations looking to improve their security operations and incident response capabilities. Technical Architecture: Splunk is built on a distributed architecture that allows organizations to easily scale the platform to meet their specific…
-
A quick review on MISP Malware Information Sharing Platform and Threat Sharing
Introduction: MISP (Malware Information Sharing Platform and Threat Sharing) is an open-source platform for sharing and exchanging threat intelligence information. It is designed to allow organizations to collaborate and share information about emerging cyber threats, as well as to provide a centralized repository for storing and managing threat intelligence data. Features and Functionality: MISP provides…
-
A quick review on usage of threat intelligence for threat hunting
ntroduction: Threat hunting is a proactive and continuous process of searching for, identifying, and mitigating potential security threats that have bypassed an organization’s preventive security controls. With the rapidly evolving threat landscape, threat hunting has become an essential component of a comprehensive security strategy. Threat intelligence plays a critical role in threat hunting, providing organizations…
ReZaAdineH 