Posts

Showing posts with the label Threat Intelligence

The next gen future of EDR: XDR (Extended detection and response)

Image
What is XDR (Extended detection and response) We all know the prominence of EDR solutions. However the latest technology to enter the space is now: extended detection and response (XDR) which is the result of evolution from endpoint detection and response (EDR). XDR can be considered as the upgraded EDR but with further unified capabilities with other security tools as well to provide combined security analysis visibility, highly efficient detection, and a vastly improved correlation, investigation, and response.   Background and reason for developing XDR: EDR served as the baby steps towards the journey of XDR. In every way, EDR solutions did help to provide effective endpoint detection and response integrating a number of threat detection solutions. However, on the bigger picture, the question still remained about the security team’s challenges around the best possible way to leverage combined capabilities around analytics platforms, security information, and event management (SI...

Threat intelligence overview - Threat Intel Series Part-1

Image
TLDR:  Threat intelligence is on way to becoming a must-have capability for every organization. This will not only help protect the firm but also keep them aware of constant threats and the plan to safeguard against those. Threat intelligence overview: As defined by Gartner, threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard. This curated information helps a firm to make better decisions about how to defend ourselves and our business, from cyber-based threats. Threat intelligence can help identify and analyze different cyber threats relevant to your organization  The best approach is to use specialized threat intelligence tools to capture and digest feeds and thereafter analyze them via existing knowledge to know if a threat is real and the applicable...

Compromise Assessment vs Threat Hunting

Image
Many people use the terms - compromise assessment and threat hunting interchangeably. For the same, well to clear it out both are different! How and in what sense, let's take a dig at: A compromise assessment is a high-level review of the organization that does not rely on a limited scope to find out if they are compromised.  Performing such assessment helps establish that if a baseline is enough apart from highlighting the risks associated with a compromise not being effectively communicated to senior/executive leadership within your organization. Coming to threat hunting , this is a more mature assessment targeted to identify objectives such as (espionage, pivoting, data exfiltration, etc.) targeting your organization. source- https://www.crowdstrike.com/cybersecurity-101/threat-hunting/ Where Does Threat Hunting Fit? Threat hunting is highly complementary to the standard process of incident detection, response, and remediation. As security technologies analyze the raw da...