Key Metrics to Track When Implementing AI in Your SOC

By Josh Breaker-Rolfe   Implementing artificial intelligence (AI) into your security operations center (SOC) can transform your organization’s ability to respond to threats, reduce the burden on overstretched analysts, and even offer long-term cost-reduction benefits. But what metrics should you Read More …

Improving Detection and Response: Making the Case for Deceptions

Let’s face it, most enterprises find it incredibly difficult to detect and remove attackers once they’ve taken over user credentials, exploited hosts or both. In the meantime, attackers are working on their next moves. That means data gets stolen and Read More …

A lightweight method to detect potential iOS malware

In 2021 and 2022, Kaspersky researchers had the privilege of working on a few Pegasus malware infections on several iPhone devices. The iPhones were Initially given to them by their partners for general security checks before the researchers discovered the Read More …

Automatic disruption of human-operated attacks through containment of compromised user accounts

Based on incidents analyzed by Microsoft, it can take only a single hop from the attacker’s initial access vector to compromise domain admin-level accounts. For instance, an attacker can target an over-privileged service account configured in an outdated and vulnerable Read More …

AI and the Five Phases of the Threat Intelligence Lifecycle

Artificial intelligence (AI) and large language models (LLMs) can help threat intelligence teams to detect and understand novel threats at scale, reduce burnout-inducing toil, and grow their existing talent by democratizing access to subject matter expertise. However, broad access to Read More …

Many businesses don’t even know they’ve been hit by a security breach

Many businesses don’t know if they have suffered a data breach, and probably wouldn’t be able to spot such an event at all, due to the ever-expanding threat landscape, and notification fatigue among IT staff, new research has claimed. A Read More …

Detecting Windows AMSI Bypass Techniques

Windows Antimalware Scan Interface (AMSI) is an agnostic security feature in the Windows operating system (OS) that allows applications and services to integrate with security products installed on a computer. Introduced by Microsoft in 2015, it provides a standard interface Read More …

IIS modules: The evolution of web shells and how to detect them

Web exploitation and web shells are some of the most common entry points in the current threat landscape. Web servers provide an external avenue directly into your corporate network, which often results in web servers being an initial intrusion vector Read More …

DARPA’s CASTLE to Fortify Computer Networks

An ever-expanding cyber-attack surface, infrequent computer vulnerability scans, and burdensome security procedures create a seemingly lopsided battle when it comes to defending critical computing assets. Couple those factors with costly cybersecurity assessments that often lack actionable feedback, and the odds Read More …