Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

It's Typhoon Season: Attackers are deliberately evading EDR. What can you do about it?

Over the past year, several sophisticated cyber-espionage campaigns have grabbed the attention of our industry and challenged defenders and vendors alike with advanced tactics, techniques, and procedures (TTPs). One of the most visible campaigns is Volt Typhoon, named by the Microsoft threat intelligence team in May 2023 and attributed to Chinese state-sponsored threat actors.

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform. With Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure.

Artificial Intelligence in Cybersecurity: Threat or Advantage?

In today's hyperconnected world, cybersecurity stands as the first line of defense against the growing tide of cyber threats. With billions of devices connected globally, protecting sensitive information has never been more critical-or complex. Enter artificial intelligence (AI), a technological marvel capable of revolutionizing cybersecurity. But as with all powerful tools, AI is a double-edged sword. It holds incredible potential to bolster defenses yet can also amplify the capabilities of cybercriminals.

AI-Driven Cloud Detection Engineering: Turning Security Telemetry Into Action

Amal Mammadov is a cloud security practitioner and detection engineering specialist whose work sits at the intersection of threat intelligence, cloud-native architecture, and security operations. In this interview, he outlines why most organisations are losing ground despite heavy security investments and what it actually takes to build detection programmes that produce outcomes.

Reduce time to triage by up to 50% with Corelight's new Guided Triage capability

Security Operations Centers (SOCs) are under immense pressure to ensure no attack goes unnoticed. At Corelight, we’re being approached daily to help bring in network visibility. For many though, visibility isn’t enough. SOCs are already overloaded and Tier 1 Analysts often lack network expertise. Modern network visibility has to be easy to use and designed for maximizing SOC efficiency. For that, we built Guided Triage.

Leveraging Custom IOC Feeds for Enhanced Threat Detection

Indicators of Compromise (IOCs) are vital components in cybersecurity, representing digital clues or evidence that signal a potential security breach or malicious activity in a computer system or network. Think of them as the fingerprints left behind by cybercriminals during or after a cyber-attack. Examples of common IOCs are: Security teams use IOCs as red flags to identify and mitigate threats before they cause significant damage.

The Role of Cloud Computing in Enhancing Cybersecurity

Cloud computing revolutionizes how organizations approach data security and threat prevention. The transformation of traditional security measures into cloud-based solutions marks a significant shift in protecting sensitive information and maintaining business continuity.

Adding runtime threat detection to Google Kubernetes Engine with Falco

One of the big advantages of running your workloads on a managed Kubernetes service like Google Kubernetes Engine (GKE) is that Google ensures your clusters are being deployed and managed following industry best practices. While GKE clusters are incredibly secure and reliable, there is always room for improvement. In this blog, we’re going to describe how you can enhance GKE’s already great security by adding runtime threat detection with Falco.