Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Zeek is a powerful open-source network analysis tool that allows users to monitor traffic and detect malicious activities. Users can write packages to detect cybersecurity events, like this GitHub repo that detects C2 from AgentTesla (a well-known malware family). Automating summarization and documentation using AI is often helpful when analyzing Zeek packages.

According to Forrester Research, “How do we reduce our SIEM ingest costs?” is one of the top inquiries they receive from clients. Many security organizations rely on SIEMs for their detection, investigation, and response workflows, ingesting critical security information and events to detect and respond to threats.

MITRE’s Caldera is a cybersecurity platform developed to simulate adversarial tactics, techniques, and procedures (TTPs). Built upon the MITRE ATT&CK framework, Caldera is an open-source tool designed to help cybersecurity professionals and organizations assess their defenses, uncover vulnerabilities, and enhance their overall security posture. By emulating real-world cyber threats, Caldera enables blue teams to test detection and response mechanisms under realistic conditions.

How Corelight Open NDR secures cloud workloads beyond runtime security tools.

Working in the network operating center (NOC) at Black Hat Europe, we’re never quite sure what we’re going to see. The anxiousness I feel there is similar to what I’d experience when I was blue-teaming for a corporate network. I could prepare all I wanted, read all the blogs about the current threat trends people and companies were tracking on the Internet, and review all the red team and vulnerability scanner reports to identify likely targets.

If there’s one thing I love more than delivering great products, it’s delivering great food. The holidays are my time to channel my inner celebrity chef: I’ll burn a few cookies, over-spice a roast, and then miraculously pull it all together for a meal that leaves everyone asking for seconds (or at least not asking for the takeout menu).

Malicious files continue to be a significant threat to organizations; SonicWall reported more than six billion malware attacks in 2023. To help organizations prepare for and stay ahead of these threats, we’re introducing an integration with YARA that offers a deeper level of inspection for files across enterprise networks while helping security teams consolidate their toolset in the process.

The Verizon 2024 Data Breach Investigations Report found that system intrusion is the leading attack pattern for the third consecutive year, accounting for 36% of breaches. System intrusion largely consists of a threat actor using hacking techniques and malware to infiltrate the victim organization. Following a successful intrusion, the attacker continues on a multi-stage process: The longer an attacker remains undetected, the greater their opportunity to find a target and extract data.