Many enterprise security tools, including SIEMs, Incident Response, and Network Analysis tools are log-based. However, making sense of log files can be tricky, since logs typically exist without context (i.e., it is hard to understand how they relate to the larger cybersecurity environment around them). Luckily, there is a more effective way of organizing your data: using a Linked Data approach.
Monthly Archives: March 2016
This blog was originally posted on Dark Reading.
Knowing the lay of the land and where attackers hide is a key element in hunting, both in nature and in the cyber realm.
The days when Security Operations Center analysts could sit back and wait for alerts to come to them have long passed. A year of breaches and attacks at Fortune 100 banks, retailers, and government agencies have shown that traditional measures like firewalls, IDS, and SIEMs are not enough. While these measures are still important, today’s threats demand a more active role in detecting and isolating sophisticated attacks. It’s hunting season, so here are five tips to make your efforts more productive.
Read the rest here.
In Part 1 of this blog series we discussed the concept of a threat hunting platform and the capabilities that a THP provides to security analysts that are looking to proactively find threats hidden in their data. In part 2 Read More »
In this 2-part blog series we will discuss what a THP is, and how it can radically augment an organization’s detection efforts.