Geek-Guy.com

Tag: Intelligence & Analytics

Five Key Trends on SOC Modernization

For SOCs looking to improve their ability to detect and respond to threats efficiently and effectively, Extended Detection and Response (XDR) has generated increasing amounts of excitement and discourse in the industry. XDR was one of the hottest topics at RSA 2022, but like with many “hot new trends,” perspectives on what XDR actually is, […]

The post Five Key Trends on SOC Modernization appeared first on Security Intelligence.

IBM to Acquire Randori, Transforming How Clients Manage Risk with Attack Surface Management

Organizations today are faced with defending a complex technology landscape — with cyberattacks targeted at constantly changing cloud, distributed, and on-premises environments. Often escaping security scans and periodic assessments, these changes represent windows of opportunities for attackers looking to bypass defenses. While there always have — and always will be — unknown risks, having a […]

The post IBM to Acquire Randori, Transforming How Clients Manage Risk with Attack Surface Management appeared first on Security Intelligence.

Countdown to Ransomware: Analysis of Ransomware Attack Timelines

This research was made possible through the data collection efforts of Maleesha Perera, Joffrin Alexander, and Alana Quinones Garcia. Key Highlights The average duration of an enterprise ransomware attack reduced 94.34% between 2019 and 2021:  2019: 2+ months — The TrickBot (initial access) to Ryuk (deployment) attack path resulted in a 90% increase in ransomware […]

The post Countdown to Ransomware: Analysis of Ransomware Attack Timelines appeared first on Security Intelligence.

Black Basta Besting Your Network?

This post was written with contributions from Chris Caridi and Kat Weinberger. IBM Security X-Force has been tracking the activity of Black Basta, a new ransomware group that first appeared in April 2022. To date, this group has claimed attribution of 29 different victims across multiple industries using a double extortion strategy where the attackers […]

The post Black Basta Besting Your Network? appeared first on Security Intelligence.

MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be?

The MITRE ATT&CK threat framework is seemingly everywhere these days, and with good reason. It is an invaluable tool for understanding the various methods, or as MITRE refers to them Tactics and Techniques, employed by threat actors. It offers annotated and curated details about those methods, and it provides the capability to visualize this data […]

The post MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be? appeared first on Security Intelligence.

Supply-Side Hackonomics: Supply Chain Attacks and Data Security

Most people now know far more about supply chains than they ever wanted to. Still, anyone could forgive you for not knowing the term ‘supply chain hack’. Often, when the media reports these types of attacks, they name them and broadcast the name of the company that was targeted around the world. That has helped […]

The post Supply-Side Hackonomics: Supply Chain Attacks and Data Security appeared first on Security Intelligence.

Top 5 Cybersecurity Podcasts to Follow in 2022

One of my favorite parts about talking to cybersecurity professionals is asking how they landed in the industry. Few tell me about a straight path to their career, like attending college or earning a certification. Most launch into an interesting tale of their non-traditional career paths. When I share these stories, I’m often asked how […]

The post Top 5 Cybersecurity Podcasts to Follow in 2022 appeared first on Security Intelligence.

IOCs vs. IOAs — How to Effectively Leverage Indicators

Cybersecurity teams are consistently tasked to identify cybersecurity attacks, adversarial behavior, advanced persistent threats and the dreaded zero-day vulnerability. Through this endeavor, there is a common struggle for cybersecurity practitioners and operational teams to appropriately leverage indicators of compromise (IOCs) and indicators of attack (IOAs) for an effective monitoring, detection and response strategy. Inexperienced security […]

The post IOCs vs. IOAs — How to Effectively Leverage Indicators appeared first on Security Intelligence.

Intelligent Adversary Engagement: Deceiving the Attacker

Traditional security isn’t always enough to keep attackers at bay. When it comes to sneaking into networks, detection will often only come after malicious traffic reaches systems such as next-generation firewalls and intrusion detection and prevention systems. Meanwhile, threat actors have free range. But if you can trick the attacker attempting to trick you, it’s […]

The post Intelligent Adversary Engagement: Deceiving the Attacker appeared first on Security Intelligence.

Zero Trust and DNS Security: Better Together

How many times have you heard the popular information security joke: “It’s always DNS”? It means that every time there’s a problem you can’t figure out, you will dig until you reach the conclusion that it’s always DNS. But DNS is also where a lot of issues can be caught early, and it should be […]

The post Zero Trust and DNS Security: Better Together appeared first on Security Intelligence.

X-Force Threat Intelligence: Monthly Malware Roundup

Today’s reality means that organizations need to be constantly vigilant against security breaches. Having a robust incident response plan in place is vital. IBM Security X-Force is a team dedicated to delivering the latest threat intelligence, research and analysis reports that help you manage risk in your organization. This monthly malware roundup offers a summary […]

The post X-Force Threat Intelligence: Monthly Malware Roundup appeared first on Security Intelligence.

Understanding the Adversary: How Ransomware Attacks Happen

IBM Security X-Force Incident Response (IR) has responded to hundreds of ransomware incidents across every geography and industry. As we have taken time to analyze these incidents, a clear pattern has emerged. Although we observe dozens of ransomware groups in operation across the globe, many with multiple affiliate groups working under them, most ransomware actors […]

The post Understanding the Adversary: How Ransomware Attacks Happen appeared first on Security Intelligence.

Breach and Attack Simulation: Hack Yourself to a More Secure Future

Getting breached is the surest way to learn your organization’s cybersecurity vulnerabilities. And that’s why you need to hack yourself before threat actors do. A cyber breach and attack simulation, also called red teaming, is best to understand vulnerabilities in practice, rather than just theory. What can you do before, during and after a simulated […]

The post Breach and Attack Simulation: Hack Yourself to a More Secure Future appeared first on Security Intelligence.

Using Open-Source Intelligence for Mergers and Acquisitions

Mergers and acquisitions (M&A) have been challenging for IT and security teams for as long as businesses have relied on technology. Every company’s IT system is as unique as the company itself. Your business may run on commonly used tools and apps, and industry best practices to deploy and configure them. Nevertheless, these systems get […]

The post Using Open-Source Intelligence for Mergers and Acquisitions appeared first on Security Intelligence.

Taking Threat Detection and Response to the Next Level with Open XDR

The challenges facing today’s security industry can easily be described as a perfect storm: increasingly sophisticated cyber attackers combined with the proliferation of security tools to cover an expanding attack surface driven by remote work and cloud adoption. These dynamics can lead to disconnected insights and data, putting even more pressure on the existing shortage […]

The post Taking Threat Detection and Response to the Next Level with Open XDR appeared first on Security Intelligence.

The Future of Cybersecurity: What Will it Look Like in 2031?

Ever wonder what the state of cybersecurity in 2031 will look like? While 10 years may seem a long way into the future, the speed at which the industry is evolving is sure to make the next decade fly by. Predicting the future of cybersecurity isn’t about looking into the crystal ball merely for fun. […]

The post The Future of Cybersecurity: What Will it Look Like in 2031? appeared first on Security Intelligence.

The Weaponization of Operational Technology

Contributed to this research: Adam Laurie and Sameer Koranne. Given the accelerating rise in operational technology (OT) threats, this blog will address some of the most common threats IBM Security X-Force is observing against organizations with OT networks, including ransomware and vulnerability exploitation. IBM will also highlight several measures that can enhance security for OT […]

The post The Weaponization of Operational Technology appeared first on Security Intelligence.

Detections That Can Help You Identify Ransomware

One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed […]

The post Detections That Can Help You Identify Ransomware appeared first on Security Intelligence.

A Journey in Organizational Cyber Resilience Part 3: Disaster Recovery

Moving along our organizational resilience journey, we focus on disaster recovery (DR), the perfect follow-up to business continuity (BC) The two go hand-in-hand, often referenced as BCDR, and both are key to your cyber resilience planning. If you recall from the previous piece, NIST SP 800-34 calls out a separate disaster recovery plan, as it […]

The post A Journey in Organizational Cyber Resilience Part 3: Disaster Recovery appeared first on Security Intelligence.

How Privileged Access Management Fits Into a Layered Security Strategy

In its early stages, privileged access management (PAM) involved protecting only the passwords used for privileged accounts. But it evolved beyond that single purpose in the years that followed. Nowadays, it includes other security functions like multifactor authentication (MFA), session monitoring, proxying and user behavior analytics (UBA). Take a look at how these connect for […]

The post How Privileged Access Management Fits Into a Layered Security Strategy appeared first on Security Intelligence.

A Journey in Organizational Cyber Resilience Part 2: Business Continuity

Keeping a business up and running during a problem takes the right people for the job. When it comes to cyber resilience through tough times, many things come down to the human factor. We focused on that in the first piece in this series, but it also makes a big difference to the second topic: […]

The post A Journey in Organizational Cyber Resilience Part 2: Business Continuity appeared first on Security Intelligence.

6 Benefits of Using Privileged Access Management

When you think of access, passwords are likely the first thing that pops into your head. While passwords are a large and important part of managing access, there are other aspects to consider as well. Using the full spectrum offered by Privileged Access Management (PAM) can help. It’s easy to focus on the glitzier sides […]

The post 6 Benefits of Using Privileged Access Management appeared first on Security Intelligence.

How DevSecOps Can Secure Your CI/CD Pipeline

Many companies today automate their software development life cycle with continuous integration and continuous delivery (CI/CD). It’s part of the broader DevOps movement to speed software development while reducing errors. Continuous integration builds and tests code automatically, while continuous delivery automates the entire software release process up to production. In order to secure it, industry […]

The post How DevSecOps Can Secure Your CI/CD Pipeline appeared first on Security Intelligence.

Cybersecurity Training: How to Build a Company Culture of Cyber Awareness

When I attended new employee orientation at a global technology company several decades ago, I remember very brief cybersecurity training. The gist was to contact someone in IT if we noticed any potential issues. While I was with the company, I only thought about cybersecurity when I passed the server room, and I could only peek […]

The post Cybersecurity Training: How to Build a Company Culture of Cyber Awareness appeared first on Security Intelligence.

Starting Your AI Security Journey With Deep Learning

You’ve probably heard how using artificial intelligence (AI) can improve your cybersecurity — and how threat actors are using AI to launch attacks. You know that you need to use the same tools, if not better ones. AI security is about having the right tools, but also about having the right information.  But you aren’t […]

The post Starting Your AI Security Journey With Deep Learning appeared first on Security Intelligence.

10 Open-Source Intelligence Tools (That Actually Work With Your Existing Security Software)

Finding the Open Source Intelligence (OSINT) that affects your business or agency can help reduce your attack surface. You just have to find it first. Take a look at how OSINT works and how to secure it. According to the Office of the Director of National Intelligence, Open Source Intelligence (OSINT) “is publicly available information […]

The post 10 Open-Source Intelligence Tools (That Actually Work With Your Existing Security Software) appeared first on Security Intelligence.

Privileged Access Management: The Future of Cyber Resilience

Attacks against critical infrastructure and government agencies have been surging. Some attackers want to extort money; others intend to steal data. But the victims all have one thing in common: they need to be able to fend off attacks and recover so they can continue to perform their functions. That’s where cyber resilience comes in, […]

The post Privileged Access Management: The Future of Cyber Resilience appeared first on Security Intelligence.

Cryptominers Snuck Logic Bomb Into Python Packages

Malware can show up where you least expect it. Researchers discovered a logic bomb attack in the Python Package Index (PyPI) repository, which is code repository for Python developers and part of the software supply chain. Attackers aimed to get honest software developers to include the bombs in their applications by accident.  The researchers found […]

The post Cryptominers Snuck Logic Bomb Into Python Packages appeared first on Security Intelligence.

A Journey in Organizational Cyber Resilience Part 1: The Human Factor

Organizational resilience is key to good business. Sometimes confused with enterprise resilience, we use the former term instead because it applies to a business or agency of any size. Let’s take a look at how to improve employees’ cybersecurity posture by providing practical ideas they can add to their everyday habits. The result: cyber resilience […]

The post A Journey in Organizational Cyber Resilience Part 1: The Human Factor appeared first on Security Intelligence.

What’s Behind the Leaks of Customer Data From Retailer Databases?

Retail data breaches involving customer data happen often today. However, they tend to be smaller insize than health care, finance or government breaches. So, the general public notices them less. Yet, they happen more often than realized. Why? And how can you defend against them?  Human Error in Customer Data Theft All types of retail […]

The post What’s Behind the Leaks of Customer Data From Retailer Databases? appeared first on Security Intelligence.

Private 5G Security: Consider Security Risks Before Investing

So, 5G is one of those once-in-a-generation types of leaps that will alter how we operate. However, 5G security comes with a lot of challenges. Private 5G networks require us to look at attack surface management in a different way. How do they change the way we need to defend our data? And, what is […]

The post Private 5G Security: Consider Security Risks Before Investing appeared first on Security Intelligence.

Reduce the Harm of a Data Breach With Data Security Analytics

Over the last year, the average total cost of a data breach increased nearly 10% to $4.24 million. That’s the highest average in the history of IBM Security’s annual Cost of a Data Breach Report. This was due to a number of factors. Increased remote working due to the COVID-19 pandemic and digital transformation both […]

The post Reduce the Harm of a Data Breach With Data Security Analytics appeared first on Security Intelligence.