HackDig : Dig high-quality web security articles

What is Network Detection and Response and Why is it So Important?

Networks are the foundation of today’s connected world. They allow millions of people, devices, apps and systems to talk with one another every minute of the day. Without networks, modern communication as we know it would cease to exist. Today’s organizations depend on networks and their critical role in overall IT infrastructure. So, it’s
Publish At:2021-06-10 09:50 | Read:197 | Comments:0 | Tags:Intelligence & Analytics Application Security Data Protectio

What Every Incident Response Plan Needs

A record number of digital attacks occurred in 2020. The FBI’s Cyber Division received as many as 4,000 complaints about digital attacks in one day early last year. That’s 400% higher than what the Cyber Division received the previous year. This growth in the volume of digital attacks underscores why you need to have an incident response plan
Publish At:2021-05-24 06:55 | Read:258 | Comments:0 | Tags:Security Intelligence & Analytics Incident Response Security

What Is Extended Detection and Response (XDR)?

For many decades now, emerging threats have put organizations at risk. As the IT landscape evolved and threat actors found new ways to attack, security teams needed to find new ways to detect and respond to threats. Today, this evolving theme of complexity continues. And the list of point solutions being deployed to overcome these burgeoning threats goes on
Publish At:2021-05-10 16:11 | Read:230 | Comments:0 | Tags:Security Intelligence & Analytics Data Protection Incident R

Getting started with Kubernetes audit logs and Falco

As Kubernetes adoption continues to grow, Kubernetes audit logs are a critical information source to incorporate in your Kubernetes security strategy. It allows security and DevOps teams to have full visibility into all events happening inside the cluster. The Kubernetes audit logging feature was introduced in Kubernetes 1.11. It’s a key feature in
Publish At:2021-02-09 15:37 | Read:461 | Comments:0 | Tags:Falco Kubernetes Detection falco

THREAT ALERT: Crypto miner attack involving RinBot’s server, a popular Discord bot

The Sysdig Security Research team has identified crypto mining activities coming from the server hosting the popular RinBot Discord bot. Discord is a free app for mobile and computers that lets people chat via text, voice, or video in real time. With more than 100 million active users during 2020, Discord is extremely popular among young people and gamer
Publish At:2021-01-27 19:25 | Read:546 | Comments:0 | Tags:Uncategorized Detection falco Kubernetes Sysdig Monitor Sysd

Falco vs. AuditD from the HIDS perspective

In this blog, we will compare and contrast Falco vs. AuditD from a Host Intrusion Detection (HIDS) perspective. AuditD is a native feature to the Linux kernel that collects certain types of system activity to facilitate incident investigation. Falco is the CNCF open-source project for runtime threat detection for containers and Kubernetes. We wi
Publish At:2021-01-19 12:37 | Read:627 | Comments:0 | Tags:Falco AuditD Detection falco

Malwarebytes detects leaked tools from FireEye breach

Hello folks! If you have not heard yet, the security firm FireEye has had a breach of many red team assessment tools used for identification of vulnerabilities to help protect customers. While it is not known exactly who was behind this attack, a big concern is the sharing and use of these stolen red team tools by both sophisticated and non-sophisticated
Publish At:2020-12-10 20:12 | Read:654 | Comments:0 | Tags:Malwarebytes news breach detection FireEye red team rules

The best test for an EDR solution is one that works for you

Since its inception, the endpoint detection and response (EDR) market has evolved rapidly with new innovations to better address the cyber landscape and meet customers’ needs for an effective and simple solution that just works. But finding something that just works means something quite different for every business, depending on their size, security expe
Publish At:2020-05-28 16:55 | Read:1406 | Comments:0 | Tags:Awareness Explained Opinion Security world alert fatigue aut

SANS 2019 Incident Response Survey: Successful IR Relies on Visibility

During the past year, we have witnessed significant data breaches that have impacted industries ranging from hospitality to legal to social media. We have seen a continuation of financially motivated threats, such as business email compromise (BEC), which continue to plague corporate bank accounts. Ransomware has brought multiple cities, schools and universi
Publish At:2020-02-26 02:05 | Read:1660 | Comments:0 | Tags:Featured Articles Incident Detection BEC containment detecti

How to detect Kubernetes vulnerability CVE-2019-11246 using Falco.

A recent CNCF-sponsored Kubernetes security audit uncovered CVE-2019-11246, a high-severity vulnerability affecting the command-line kubectl tool. If exploited, it could lead to a directory traversal, allowing a malicious container to replace or create files on a user’s workstation. This vulnerability stemmed from an incomplete fix of a previously disclose
Publish At:2019-10-18 04:35 | Read:2126 | Comments:0 | Tags:Falco cve Detection Vulnerability

Securing the Modern Endpoint the SANS Maturity Way

In Case You Missed It Bromium recently engaged in a series of communications and events on the topic of Securing the Modern Endpoint, covering timely and provocative concepts including: How detection consistently fails to secure the enterprise and why new thinking is desperately needed How to realign your defenses around a modern threat risk model using few
Publish At:2017-10-30 17:15 | Read:6426 | Comments:0 | Tags:Threats case study data sheet defenses detection endpoint mo

Protecting Legacy Applications from Attacks with Modern Hardware Isolation

Legacy applications are integral to most businesses and are heavily relied upon in the public sector Many legacy applications were written in a time when security was much less of a concern than today Isolation is the only solution that can absolutely eliminate kernel-level exploits and malware escapes Detection is obsolete and the future of cybersecurity d
Publish At:2017-09-11 10:00 | Read:5297 | Comments:0 | Tags:Company News detection Isolation legacy legacy apps Micro-VM

Virtualization-Based Security is Helping Security Professionals Relax

Virtualization’s continued journey across the enterprise led inevitably to security Enhanced security benefits using virtualization are powerful and compelling Virtualization takes the security responsibility off users and delivers control to IT Detection-based security doesn’t work. It’s an exhausted concept. The battle’s been waged for 30 years and the c
Publish At:2017-08-03 12:45 | Read:5071 | Comments:0 | Tags:Innovation cybersecurity detection intelligence management p

Breachless Threat Intelligence: A Pain-Free Approach to CyberSecurity

Enterprises need a steady stream of actionable, timely, and accurate threat intelligence on targeted malicious intrusions and attempts into their networks They need this information without suffering breaches and cannot rely solely on post-compromise forensics or sandbox simulations to continuously tighten and adapt their defenses Pre-breach targeted intell
Publish At:2017-07-17 06:40 | Read:5338 | Comments:0 | Tags:Innovation breach breachless detection disposable Forensics

See Our Threat Analysis of University College London Ransomware Attack

Ransomware has hit the news again in the UK today only a few short weeks since the WannaCry outbreak crippled the National Health Service. This time University College London (UCL) was hit by a ransomware strain which has resulted in them having to take down parts of their network to stop infected machines harming key university data. Credit to UCL for what
Publish At:2017-06-16 17:15 | Read:6731 | Comments:0 | Tags:Breaking News Threats analysis anti-virus browsing cause det