3 recommendations for adopting generative AI for cyber defense

In the past eighteen months, generative AI (gen AI) has gone from being the source of jaw-dropping demos to a top strategic priority in nearly every industry. A majority of CEOs report feeling under pressure to invest in gen AI. Product teams are now scrambling to build gen AI into their solutions and services. The […]

The post 3 recommendations for adopting generative AI for cyber defense appeared first on Security Intelligence.

Continue reading 3 recommendations for adopting generative AI for cyber defense

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials. In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a […]

The post What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index? appeared first on Security Intelligence.

Continue reading What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

Accelerating security outcomes with a cloud-native SIEM

As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like […]

The post Accelerating security outcomes with a cloud-native SIEM appeared first on Security Intelligence.

Continue reading Accelerating security outcomes with a cloud-native SIEM

The evolution of security analyst experience

Cloud computing and IT modernization have created a more complex threat landscape, and security analysts are struggling to keep up. Security operations centers (SOC) are in need of an upgrade. The proliferation of cloud and hybrid environments simply creates more to protect, said Andie Schroeder, program director of product management at IBM Security, at RSAC […]

The post The evolution of security analyst experience appeared first on Security Intelligence.

Continue reading The evolution of security analyst experience

A History of Ransomware and the Cybersecurity Ecosystem

The number and complexity of cybersecurity tools have grown at a dizzying pace in recent decades. As cyber threats like ransomware became more numerous and complex, antivirus and threat management tools expanded to meet these challenges. Security experts now often find themselves with too many choices and a market too rich with options. Choosing, running […]

The post A History of Ransomware and the Cybersecurity Ecosystem appeared first on Security Intelligence.

Continue reading A History of Ransomware and the Cybersecurity Ecosystem

SOCs Spend 32% of the Day On Incidents That Pose No Threat

When it comes to the first line of defense for any company, its Security Operations Center (SOC) is an essential component. A SOC is a dedicated team of professionals who monitor networks and systems for potential threats, provide analysis of detected issues and take the necessary actions to remediate any risks they uncover. Unfortunately, SOC […]

The post SOCs Spend 32% of the Day On Incidents That Pose No Threat appeared first on Security Intelligence.

Continue reading SOCs Spend 32% of the Day On Incidents That Pose No Threat

How I Got Started: SOC Analyst

The role of a Security Operations Center (SOC) analyst is crucial in maintaining an organization’s security posture. A SOC analyst wears many hats but typically acts as a watchdog looking out for attacks in progress while also finding ways to boost defenses and prevent or mitigate future attacks. In this exclusive Q&A, we spoke with […]

The post How I Got Started: SOC Analyst appeared first on Security Intelligence.

Continue reading How I Got Started: SOC Analyst

The Needs of a Modernized SOC for Hybrid Cloud

Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing […]

The post The Needs of a Modernized SOC for Hybrid Cloud appeared first on Security Intelligence.

Continue reading The Needs of a Modernized SOC for Hybrid Cloud

The Important Role of SOAR in Cybersecurity

Understaffed security teams need all the help they can get, and they are finding that help through SOAR. SOAR — security orchestration, automation and response — is defined by Gartner as the “technologies that enable organizations to collect inputs monitored by the security operations team.” Gartner identifies a SOAR platform’s three prime functionalities: Threat and […]

The post The Important Role of SOAR in Cybersecurity appeared first on Security Intelligence.

Continue reading The Important Role of SOAR in Cybersecurity

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put […]

The post Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers appeared first on Security Intelligence.

Continue reading Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers