Giacomo Lanzi
Long-term search: what’s new in the SOCaaS service
Ransomware commonly comes up with an email that tricks users into trusting a malicious file. Many of the most recent data breaches have been completed because a user has been the victim of such an attack in the previous period. Threats such as ransomware, which focus on user compromise, are causing more and more companies to adopt user and entity behavior analysis (UEBA) in their security operations center (SOC). The new functions of the SOC service, including long-term search, are oriented towards the increasing offer of additional tools for the optimal management of corporate security.
We continue to innovate our platform to increase the power of SOC in fighting ransomware and other threats. In our latest release, we have added even more machine-learning and context-aware detection capabilities that enable security analysts to tackle the most sophisticated attacks. Furthermore, the latest updates bring an ever greater ease of use for security architects.
Long-term search for the security analyst
The service introduces a number of innovations to reduce detection and response times for security analysts and threat seekers.
Improved detection of sophisticated threats
– Long-term search helps analysts discover hidden threats by providing a search capability on archived data. The search is scalable and does not affect SIEM performance.
– Analytics Sandbox helps break down false positives by providing an online QA environment to test and validate use cases.
– Persona-based threat chains detect advanced threats more accurately, including the dynamic relationship between users, hosts, IP addresses, and email addresses. Analysts benefit from greater visibility into the progression of an attack. This feature combines suspicious activity from a single user into a single priority alert, instead of separate and unrelated alerts.
– Relative Rarity offers analysts a broader context on how rare an event is compared to all other events in their environment.
– Viewing security alerts using the MITER ATT&CK Threat Framework helps analysts prioritize risk and reduce response times.
Reduction of response times
– Improved case management allows for better management, sharing and investigation of alarms, allowing operators to respond more quickly.
– New EDR integrations improve incident response by providing additional endpoint data from CarbonBlack Defense, Tanium, Symantec DLP and others.
– Better search views improve the analyst experience by reducing detection and response times. They help analysts easily identify compromised accounts, data exfiltration, and associated hotspots.
Why long-term search is so important
With a global dwell time of around 60 days on average, threat hunting continues to be an important part of cybersecurity resilience. However, searching through the data history usually takes a long time.
Many vendors are unable to dynamically scale a quick search through archived data without significant effort. The latest features of our SOCaaS provide this possibility for threat hunters with long-term search on an almost unlimited scale. With long-term research, organizations can reduce the time it takes to investigate and find threats that are already in their environment.
Analysts need to continually query the data to see if there are new threats. For example, an analyst might learn from a trusted source that their industry has been targeted. At this point we need to investigate a new indicator of compromise that has just been discovered to verify if an attacker is already inside.
Through long-term search, SOD’s native SOCaaS SIEM allows threat hunters to be proactive, making historical data research fast and convenient.
Conclusions
By introducing new technologies into our SOC service, we are offering more and more security for our customers.
We take care of your data by verifying not only that it is not safe now, but also that it has not been breached in the past. In case we suspect a new threat, we know how to spot it.
If you have any questions, contact us, we will be happy to answer all your questions.
Useful links:
Share
RSS
More Articles…
- Hadoop Open Data Model: “open” data collection
- Pass the Ticket: how to mitigate it with a SOCaaS
- Use cases of a SOCaaS for companies part 2
- Use cases of a SOCaaS for companies part 1
- NIST Cybersecurity Framework
- “Left of boom” and “right of boom”: having a winning strategy
- Smishing: a fraud similar to phishing
- Network Traffic Analyzer: an extra gear for the Next Gen SIEM
Categories …
- Backup as a Service (2)
- Acronis Cloud Backup (11)
- Veeam Cloud Connect (4)
- Cloud Conference (3)
- Cloud CRM (1)
- Cloud Server/VPS (20)
- Conferenza Cloud (4)
- ICT Monitoring (4)
- Log Management (2)
- News (18)
- ownCloud (4)
- Privacy (7)
- Secure Online Desktop (14)
- Security (14)
- Cyber Threat Intelligence (CTI) (3)
- Ethical Phishing (8)
- SOCaaS (24)
- Vulnerabilities (84)
- Web Hosting (15)
Tags
Dark Reading
- What Is the Difference Between Security and Resilience? September 24, 2021Resilience shifts the focus toward eliminating the probable impact of the full attack chain.
- Consumers Share Security Fears as Risky Behaviors Persist September 24, 2021While most US adults know they aren't sufficiently protecting their data online, many find security time-consuming or don't know the steps they should take.
- TangleBot Campaign Underscores SMS Threat September 24, 2021The attack targets Android devices and starts with a malicious SMS message that aims to bring malware onto compromised devices.
- Contrast Application Security Platform Scales to Support OWASP Risks September 24, 2021Contrast's platform detects and prevents against OWASP Top Ten risks from development to production with out-of-the-box policy rules and automated compliance reporting.
- Our Eye Is on the SPARROW September 24, 2021How unauthorized users can exploit wireless infrastructures for covert communication.
- Endpoint Still a Prime Target for Attack September 24, 2021A vast majority of security professionals surveyed think any exploit will start with the endpoint.
- Google Spots New Technique to Sneak Malware Past Detection Tools September 23, 2021The operator behind OpenSUpdater is using a new way to sneak adware and other malware past security tools.
- Primer: Microsoft Active Directory Security for AD Admins September 23, 2021Nearly all AD environments are vulnerable to identity attack paths -- a powerful, widespread, and difficult-to-detect attack technique. But we didn't say impossible. Here's how admins can stop them.
- FamousSparrow APT Group Flocks to Hotels, Governments, Businesses September 23, 2021The cyber espionage group has a custom backdoor and has added the ProxyLogon Microsoft Exchange flaw to its toolkit.
- SAIC Appoints Kevin Brown as Chief Information Security Officer September 23, 2021Industry leader with decades of information security experience manages SAIC’s security strategy and oversees critical cybersecurity operations.
Full Disclosure
- APPLE-SA-2021-09-23-1 iOS 12.5.5 September 24, 2021Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2021-09-23-1 iOS 12.5.5 iOS 12.5.5 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212824. CoreGraphics Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation) Impact: Processing a maliciously […]
- APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina September 24, 2021Posted by Apple Product Security via Fulldisclosure on Sep 24APPLE-SA-2021-09-23-2 Security Update 2021-006 Catalina Security Update 2021-006 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212825. XNU Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of […]
- openvpn-monitor Cross-Site Request Forgery (CSRF) September 24, 2021Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-011 # CVE ID: CVE-2021-31604 # Subject: Cross-Site Request Forgery (CSRF) # Severity: Medium # Effect: Denial of Service #...
- openvpn-monitor OpenVPN Management Socket Command Injection September 24, 2021Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-010 # CVE ID: CVE-2021-31605 # Subject: OpenVPN Management Socket Command Injection # Severity: High # Effect: Denial of...
- openvpn-monitor Authorization Bypass September 24, 2021Posted by Advisories on Sep 24############################################################# # # COMPASS SECURITY ADVISORY # https://www.compass-security.com/research/advisories/ # ############################################################# # # Product: openvpn-monitor # Vendor: https://github.com/furlongm/openvpn-monitor # CSNC ID: CSNC-2021-009 # CVE ID: CVE-2021-31606 # Subject: Authorization Bypass # Severity: Medium # Effect: Denial of Service # Author:...
- Backdoor.Win32.Minilash.10.b / Remote Denial of Service (UDP Datagram) September 21, 2021Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/3c407448a00b2d53b2418f53b66d5b6b.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Minilash.10.b Vulnerability: Remote Denial of Service (UDP Datagram) Description: The Minilash malware listens on TCP 6711 and UDP port 60000. Third-party attackers who can reach infected systems can send a specially […]
- Backdoor.Win32.Hupigon.asqx / Unauthenticated Open Proxy September 21, 2021Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/a344b767d58b6c83b92bb868727e021c.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Backdoor.Win32.Hupigon.asqx Vulnerability: Unauthenticated Open Proxy Description: The malware listens on TCP port 8080. Third-party attackers who can connect to the infected system can relay requests from the original connection to the...
- Trojan.Win32.Agent.xaamkd / Insecure Permissions September 21, 2021Posted by malvuln on Sep 21Discovery / credits: Malvuln - malvuln.com (c) 2021 Original source: https://malvuln.com/advisory/095651e1704b501123b41ea2e9736820.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: Trojan.Win32.Agent.xaamkd Vulnerability: Insecure Permissions Description: The malware creates an dir with insecure permissions under c:\ drive and grants change (C) permissions to the authenticated user group. Standard users can rename the...
- APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows September 21, 2021Posted by product-security-noreply--- via Fulldisclosure on Sep 21APPLE-SA-2021-09-20-10 iTunes 12.12 for Windows iTunes 12.12 for Windows addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212817. ImageIO Available for: Windows 10 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with […]
- APPLE-SA-2021-09-20-9 iTunes U 3.8.3 September 21, 2021Posted by product-security-noreply--- via Fulldisclosure on Sep 21APPLE-SA-2021-09-20-9 iTunes U 3.8.3 iTunes U 3.8.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212809. iTunes U Available for: iOS 12.4 and later or iPadOS 12.4 and later Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: […]
Customers
Twitter FEED
Recent activity
-
SecureOnlineDesktop
Estimated reading time: 5 minutes Ogni anno cresce costantemente il numero di attacchi che minacciano la sicurezz… https://t.co/e1g9VBSYq9
-
SecureOnlineDesktop
Estimated reading time: 5 minutes Every year the number of attacks that threaten the security of devices, comput… https://t.co/MnoEKRNMwk
-
SecureOnlineDesktop
Estimated reading time: 7 minutes Il vishing è una particolare tipologia di phishing che sfrutta la tecnologia Vo… https://t.co/q9OO03jSHj
-
SecureOnlineDesktop
Estimated reading time: 5 minutes Come abbiamo già affrontato precedentemente negli scorsi articoli, i ransomware… https://t.co/O8xUUJocYc
-
SecureOnlineDesktop
Estimated reading time: 6 minutes Il Database Activity Monitoring (DAM) è una tecnologia applicata alla sicurezza… https://t.co/juh8ZBKMqP
Newsletter
Products and Solutions
Partners
Cloud Models
News
- Hadoop Open Data Model: “open” data collection September 8, 2021
- Pass the Ticket: how to mitigate it with a SOCaaS September 6, 2021
- Use cases of a SOCaaS for companies part 2 August 18, 2021
- Use cases of a SOCaaS for companies part 1 August 16, 2021
- NIST Cybersecurity Framework August 2, 2021
Google Reviews
About
Copyright © 2011 Secure Online Desktop s.r.l. All Rights Reserved.
VAT: 07485920966 “Cloud Computing services - Software cloud - Cloud server - VPS” Terms of ServicePrivacy Policy
ISO Certifications