Threat Detection


4 Reasons Why IT Risk Detection is Critical in the Service Desk

In the previous blog, I discussed how IT risks can infiltrate the service desk if proper incident, problem, and change management aren’t applied. But, IT risk detection in the service desk can act as a safeguard to avoid this. It can help notify service technicians of “prohibited” or questionable items that could cause problems. Here are four reasons why IT risk detection should be incorporated and is critical for successful use of the service desk.


Protecting Fleet Data from Security Threats

Big data is revolutionizing fleet management — specifically in the form of telematics. From engine diagnostics that track fuel efficiency and mileage to sensors that detect aggressive driving behavior and interior vehicle activity, this information is so valuable that we’re quickly approaching the point where connected technology will come standard in every vehicle. Telematics is an operational goldmine.


Best Practices for Scoring Your Environment's Security Measures

For most practical uses today, a combination of hardening and vulnerability detection is required to secure even the most basic digital environment. In each area it is important to see the progress you’re making in these competencies so that you can improve and build on the work you and your team have done over time. But with so many assets in your digital environment, how do you score the effectiveness of these security measures?


OSINT - Using Threat Intelligence to Secure Your Organisation

In my first article on Cyber Security Threat Intelligence Analysts, (CTI analysts) we covered what a CTI analyst is and discussed how they can bridge the gaps between IT, Security, and the Business. We discussed how this is beneficial to the maturity of the business, but what exactly did we mean by this? In the second article of our CTI analyst series, we’ll cover the unique benefits a CTI analyst brings to an organization by enhancing.


Protect Your Applications With Cleafy Plugin for Kong

When protecting your online services, the weakest link is represented by the endpoints – that is, by the end-user devices running web or mobile applications or by external systems leveraging open APIs. As a matter of fact, there is a growing number of targeted attacks leveraging sophisticated techniques such as malicious web injections, mobile overlay and API abuse attacks to perform identity hijacking, account takeover, transaction tampering and payment frauds.


Adversary tradecraft 101: Hunting for persistence using Elastic Security (Part 1)

Last month, we hosted a webinar, Hunting for persistence using Elastic Security, where we examined some techniques that attackers use in the wild to maintain presence in their victim’s environment. In this two-part blog series, we’ll share the details of what was covered during our webinar with the goal of helping security practitioners improve their visibility of these offensive persistence techniques and help to undermine the efficacy of these attacks against their organization.


Mac system extensions for threat detection: Part 3

This is the third and final post of a three-part series on understanding kernel extension frameworks for Mac systems. In part 1, we reviewed the existing kernel extension frameworks and the information that these frameworks can provide. In part 2 we covered techniques that could be used in kernel to gather even more details on system events. In this post, we will go into the new EndpointSecurity and SystemExtensions frameworks.


Why should you use correlation rules on top of traditional signatures?

The AT&T Cybersecurity Alien Labs team is in charge of writing correlation rules and releasing threat intelligence updates on a day-to-day basis. When researchers in the team find new malware families or threats, we always try to find the best approach to keep our customers protected. In this blog, we will look into some of the differences between signatures and correlation rules.


How Threat Intelligence Can Improve Your Security

A new cyberattack occurs roughly every 39 seconds. Each of these attacks leaves behind a variety of evidence, including IP addresses, log events and malicious files. This evidence can be incredibly valuable to security teams but only if it’s analyzed and placed in context. There is simply too much attack data from too many sources to be useful when data is in a raw format. Threat intelligence is the solution for making raw data actionable.