endpoint detection and response (EDR)

Does your security program suffer from piecemeal detection and response?

Posted on October 5, 2023 by John Velisaris

Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of […]

The post Does your security program suffer from piecemeal detection and response? appeared first on Security Intelligence.

Continue reading Does your security program suffer from piecemeal detection and response?→

Combining EPP and EDR tools can boost your endpoint security

Posted on July 25, 2023 by Xavier Santolaria

Endpoint protection platform (EPP) and endpoint detection and response (EDR) tools are two security products commonly used to protect endpoint systems from threats. EPP is a comprehensive security solution that provides a range of features to detect and prevent threats to endpoint devices. At the same time, EDR is specifically designed to monitor, detect and […]

The post Combining EPP and EDR tools can boost your endpoint security appeared first on Security Intelligence.

Continue reading Combining EPP and EDR tools can boost your endpoint security→

Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution

Posted on June 28, 2023 by Joshua Magri

In this post, we’ll review a simple technique that we’ve developed to encrypt Cobalt Strike’s Beacon in memory while executing BOFs to prevent a memory scan from detecting Beacon. Picture this — you’re on a red team engagement and your phish went through, your initial access payload got past EDR, your beacon is now living […]

The post Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution appeared first on Security Intelligence.

Continue reading Your BOFs Are gross, Put on a Mask: How to Hide Beacon During BOF Execution→

All About PowerShell Attacks: The No. 1 ATT&CK Technique

Posted on June 26, 2023 by Jonathan Reed

How do cyber pros prioritize their security efforts? A good place to start is knowing exactly what tactics, techniques and procedures (TTP) threat actors use. In a recently published report, aggregated data was used to identify the most common attack techniques as defined by the MITRE ATT&CK framework. The study revealed that PowerShell Command & […]

The post All About PowerShell Attacks: The No. 1 ATT&CK Technique appeared first on Security Intelligence.

Continue reading All About PowerShell Attacks: The No. 1 ATT&CK Technique→

Are Ransomware Attacks Declining, or Has Reporting Worsened?

Posted on May 17, 2023 by Mark Stone

While examining the state of ransomware in 2023, the statistics show promise — at least on the surface. According to the IBM X-Force Threat Intelligence Index 2023, “Ransomware’s share of incidents declined from 21% in 2021 to 17% in 2022.” Also promising: ransomware groups had a shaky 2022. The Trickbot group, for example, faced significant […]

The post Are Ransomware Attacks Declining, or Has Reporting Worsened? appeared first on Security Intelligence.

Continue reading Are Ransomware Attacks Declining, or Has Reporting Worsened?→

Securing Your Remote Workforce: How to Reduce Cyber Threats

Posted on April 18, 2023 by Jennifer Gregory

The debates have (mostly) stopped about whether remote work is here to stay. For many people, it’s just the way we work today. However, even three years later, cybersecurity around remote work is still a top concern. Both companies and employees have room for improvement in terms of protecting devices, data and apps from cybersecurity […]

The post Securing Your Remote Workforce: How to Reduce Cyber Threats appeared first on Security Intelligence.

Continue reading Securing Your Remote Workforce: How to Reduce Cyber Threats→

Four Ways to Harden Your Network Perimeter

Posted on April 12, 2023 by Richard Howe

With the threat of cyberattacks on the rise worldwide, hardening your organization’s network perimeter has never been more critical. Many organizations have begun to focus more on actively securing and monitoring their externally facing assets to fend off cyberattacks from enemy nation-state actors and cyber criminals. By implementing the four best practices listed below, you […]

The post Four Ways to Harden Your Network Perimeter appeared first on Security Intelligence.

Continue reading Four Ways to Harden Your Network Perimeter→

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

Posted on February 24, 2023 by Moez Kamel

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly […]

The post Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space appeared first on Security Intelligence.

Continue reading Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space→

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Posted on February 21, 2023 by Ruben Boonen

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put […]

The post Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers appeared first on Security Intelligence.

Continue reading Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers→

Detecting the Undetected: The Risk to Your Info

Posted on February 16, 2023 by Ignacio Salim

IBM’s Advanced Threat Detection and Response Team (ATDR) has seen an increase in the malware family known as information stealers in the wild over the past year. Info stealers are malware with the capability of scanning for and exfiltrating data and credentials from your device. When executed, they begin scanning for and copying various directories […]

The post Detecting the Undetected: The Risk to Your Info appeared first on Security Intelligence.

Continue reading Detecting the Undetected: The Risk to Your Info→