threat hunting
What happens after a malicious email reaches employees’ inboxes?
On average, it takes three and half days (83 hours) from the moment a malicious email attack lands in an employees inbox, to when it is discovered by a security team or …
Detecting attackers obfuscating their IP address inside AWS
Security researchers have documented an attack technique that may allow attackers to leverage a legitimate Amazon VPC feature to mask their use of stolen API credentials …
Cyber investigations, threat hunting and research: More art than science
While it’s true that threat hunting, incident response, and threat research all have their foundations in science (operating system theory and architecture, computer language …
Sophos XDR: Threat hunting through the entire security ecosystem
Almost a decade ago, ransomware started becoming a prominent consumer problem, locking computers and threatening users with fines and jail time for supposedly downloading …
Why threat hunting is obsolete without context
Cybersecurity is an undisputed concern within any industry – but how are organizations and businesses using the security data and information they collect to best ensure their …
Be a “dumbass”, like some of the world’s best cyber investigators
One of my closest friends in the cybersecurity industry has had a second-to-none career path. While in the employ of an industry leader in incident response, he was …
MythBusters: What pentesting is (and what it is not)
You’ve probably seen the term pentesting pop up in security research and articles, but do you know what it really means? Simply put, penetration testing is a security …
Advice for aspiring threat hunters, investigators, and researchers from the old town folk
There’s a big cohort of security geeks who joined the industry around the turn of the millennium by either landing “infosec” jobs or, quite frequently, just by making infosec …
Review: Group-IB Threat Hunting Framework
The IT infrastructure of larger organizations is very heterogeneous. They have endpoints, servers and mobile devices running various operating systems and accessing internal …
Knowledge graphs: The secret of Google Search and now XDR
Wading through waves of alert noise to find real threats and manually connecting the dots to find context in real-time attacks are essential capabilities in today’s …
Are you vetting your MSSPs?
Enterprises were already moving toward digital transformations at the start of 2020, but the COVID-19 pandemic suddenly threw everything into high gear. Telework, virtual …
What hinders successful threat hunting?
As more organizations implement successful threat hunting operations, a SANS Institute survey finds that they are facing common challenges with employing skilled staff and …
Featured news
Resources
Don't miss
- Building cyber talent through competition, residency, and real-world immersion
- Browser agents don’t always respect your privacy choices
- Anubis: Open-source web AI firewall to protect from scraper bots
- Session tokens give attackers a shortcut around MFA
- AI isn’t one system, and your threat model shouldn’t be either