Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risks are everywhere. Online, in real life. Digital transformation and the rapid integration of cloud-based technologies has been met with an unprecedented increase in cybersecurity risks. In most cases, standard cybersecurity best practices and a strong mechanism for Identity and Access Management will take care of most exploits, vulnerabilities and human errors that lead to a data leak.

Decree No. 2009-834 established ANSSI (Agence nationale de la sécurité des systèmes d’information) as the National Cybersecurity Agency of France in 2009. In 2013, Article 22 of the Military Programming Law defined ANSSI’s functions and responsibilities, giving the agency regulatory and enforcement powers. Further, ANSSI is France’s primary point of contact with the larger European Union (EU) Network and Information Systems (NIS) Directive, with Decree No.

Since the Domain Name System (DNS) protocol is foundational for internet functionality, DNS traffic is allowed to move through firewalls without much scrutiny unlike HTTPS, FTP and SMTP. Malicious actors have successfully been able to exploit this advantage to transfer data between networks, which is beyond the original intention of DNS protocol.

If you have been reading our hunting series, you may have noticed that many threat hunting techniques center on network-centric data sources. Thus far, we have yet to speak about the big kahuna in our hunting tool chest. We are rectifying that right here, right now: we are going to talk about Microsoft Sysmon! In this article, we’re looking at using Sysmon to hunt for threats in endpoints.We’ll highlight some of the most valuable places to start hunting in your Windows logs.

The necessity of a SIEM for organizations and their security teams has evolved dramatically over time. It has gone from edge use cases and compliance to the current preferred form of threat detection, hunting, and incident response. As the use cases have changed, so has the architecture. As a result, organizations that have been running their SIEM on-premises are now looking for modern architectures to reduce the workload on their analysts. The simple choice: SaaS, of course.

Threat hunters are some of the most specialized and experienced workers in the SOC. They are incredibly valuable to the organization, but as the 2023 SANS Threat Hunting Survey finds, they’re continually being asked to multi-task and take on other duties. And that’s taking away from their primary job of hunting for threats. How can we change this status quo and help threat hunters (and the organizations they work for) be successful? That’s the million-dollar question.