Collaborate Disseminate
The transition from office to remote environments was abrupt and one of the most defining moments that the cybersecurity industry and professionals faced in 2020. We wrote about the top issues CISOs were facing throughout the year but also doubled down… Continue reading Our Top 2020 Cybersecurity Insights
In what the New York Times is calling, “One of the most sophisticated and perhaps largest hacks in more than five years,” malicious adversaries acting on behalf of a foreign government, likely Russian, broke into the email systems of multiple U.S. Fede… Continue reading Russian Hack of U.S. Federal Agencies Shine Spotlight on SIEM Failures in Cybersecurity
John Gamble, Director of Product Marketing, Corelight FireEye’s threat research team has discovered a troubling new supply chain attack targeting SolarWind’s Orion IT monitoring and management platform. The attack trojanizes Orion software updates to d… Continue reading Finding SUNBURST Backdoor with Zeek Logs & Corelight
SIEM has failed to meet the needs of enterprises in the modern threatscape. One huge reason for this is that over time, most organizations will come to the sad realization that they will never achieve a full enterprise deployment of their SIEM. By its … Continue reading MixMode in the Real World: Customers Turn to MixMode Frustrated and in Search of a Viable SIEM Alternative
Whether you are talking to your leadership or external auditors, it’s always best to be able to explain that your cybersecurity program is based on a framework utilizing industry best practices. A recent framework by Gartner is one that I recommend hav… Continue reading How to take SASE from a buzzword to a plan
I am learning about rule creation. But I’m not sure what I’m doing wrong. I am trying to detect a "DHCP Renew Lease" activity of users from a subnet after 8pm
events were detected by one or more of *Firewall"
source IP is o… Continue reading SIEM rule fine-tuning [closed]
A large utility company approached MixMode with the following scenario: The enterprise SOC was utilizing a shared SIEM application that was being utilized by several stakeholders: the networking team, the SCADA team, the dev-ops team, the compliance te… Continue reading Featured Use Case: Why a Large US Utility Company Turned to MixMode to Address Utility Grid Vulnerabilities
According to IBM’s Cost of a Data Breach Report 2020, the average time it took a company in 2019 to identify and contain a breach was 279 days. It was 266 days in 2018 and the average over the past five years was a combined 280 days. In other wor… Continue reading XDR: Unifying incident detection, response and remediation
Security professionals the world over crave compliance management and the ability to pull deep insights from their complex IT environments. This need was the catalyst for the initial adoption of security information and event management (SIEM), which, … Continue reading Why SIEMs need threat intelligence to defeat Cyberthreats
Problem: If there are thousands of employees scattered around hundreds of places, how do you keep your organization’s network safe?
Solution: You should monitor your employees wherever they’re located, and devise a standard baseline of their behavior … Continue reading 5 user behavioral patterns to look out for in a decentralized workspace