Estimated reading time: 5 minutes
Just like any other IT field, the cybersecurity market is driven by hype . Currently hype towards XDR, ie eXtended Detection and Response .
XDR is the latest in threat detection and response, a key element of a company’s infrastructure and data defense .
What exactly is XDR?
XDR is an alternative to traditional responsive approaches that only provide layer visibility on attacks . I refer to procedures such as detection and endpoint response (EDR), network traffic analysis (NTA) and SIEM , which we have talked about in many other articles.
The layer visibility implies that various services are adopted, stratified (layers), which each keep under control a specific entity in the infrastructure. This can be problematic. In fact, you need to make sure that layers don’t end up isolated, making it difficult, or nearly impossible to manage and view data. layer visibility provides important information, but can also lead to problems, including :
Collecting too many incomplete and contextless alerts. EDR detects only 26% of initial attack vectors and due to the high volume of security alerts, 54% of professionals security ignores warnings that should be investigated .
Complex and time-consuming investigations requiring specialist expertise . With EDR, the median time to identify a breach has increased to 197 days, and the median time to contain a breach has increased to 69 days.
Tools focused on technology rather than user or business . EDR focuses on technology gaps rather than the operational needs of users and companies. With more than 40 tools used in an average Security Operations Center (SOC), 23% of security teams spend their time maintaining and managing security tools rather than investigating . ( Source )
For already overloaded security teams, the result can be an endless stream of events , too many tools and information to switch between, longer time frames for detection and security expenses that are beyond budget and are not even fully effective .
What’s new in eXtended Detection Response
XDR implements a proactive approach to threat detection and response . It offers visibility into data across networks, clouds and endpoints, while applying analytics and automation to address today’s increasingly sophisticated threats. The benefits of the XDR approach for security teams are manifold:
Identify hidden, stealth and sophisticated threats proactively and quickly.
Track threats across any source or location within your organization. < br> Increase the productivity of people working with technology.
Get more from their security investments .
Conclude investigations in a way more efficient .
From a business perspective, XDR enables companies to detect cyber threats and stop attacks, as well as simplify and strengthen security processes. As a result, it enables companies to better serve users and accelerate digital transformation initiatives. When users, data and applications are protected, companies can focus on strategic priorities.
Why consider it for your company
The two main reasons why this approach is beneficial are: endpoints do not have visibility into threats in places like cloud services , and it may not be possible to put a < em> software agent on all company endpoints .
But there are other reasons to consider too. The addition of other data sources can provide more context in the EDR results, improving triage and investigation of alerts . Providers are moving not only to provide more and better organized data, but also by delivering analytics platforms to lighten the analytical load on operators. This translates into ease of use and reduced operating costs.
XDR can seem very attractive as a product: Tight integration of parts, highly tuned content (as the provider has total control over the events from the data sources), use of analytics and response automation.
What to pay attention to before adoption
Some providers are positioning their XDR as the ultimate threat detection solution . However, many vendors are unable to offer all the tools needed to get the advantage sold. Some providers offer endpoint and cloud monitoring in the package, others endpoint and network monitoring, but when looking at the comprehensive needs of most organizations, there are often missing details in the overall picture.
And if, once the company engages with a provider and notices a lack in one of the monitored sectors, what are the possible solutions? A situation of vendor lock-in from which to break free means to sever a contract and then open another one, with all the consequent costs.
XDR as an approach, not as a product
Before entering into a contract with a provider that sells a solution as final, it is always good to weigh the benefits and implications analytically.
Tight, two-way integration of multiple threat detection and response capabilities is the first distinguishing feature. But it is not necessary to buy two technology components from the same vendor to achieve good integration. Indeed, many products have the ability to integrate with some solutions from other vendors as one of their main strengths.
The XDR approach must provide a platform that allows the necessary data collection and storage , but also strong analytical skills, to orchestrate and automate response actions provided by the other parts of the solution. A cloud based Next Generation SIEM is a perfect solution.
How to move then?
The interest in XDR products is a clear signal that excessive fragmentation was leading to excessive complexity. A little consolidation is good, but it must be done while protecting flexibility and the ability to follow the best solutions.
In our opinion, a SOCaaS is an optimal solution. Provides next generation SIEM , with strong analytical capabilities. In addition, it also integrates artificial intelligence that helps in time to recognize threats through behavior analysis. A SOCaaS is the future of security operating platforms.
To find out with our services they can help you protect the data of your company and your customers, contact us, we will gladly answer all your questions.
Estimated reading time: 5 minutes
threat intelligence data provides companies with relevant and timely insights they need to understand, predict, detect and respond to cybersecurity threats . Threat intelligence solutions collect, filter and analyze large volumes of raw data related to existing or emerging sources of threats. The result is threat intelligence feeds and management reports. Data scientists and security teams use these feeds and reports to develop a targeted incident response program for specific attacks .
Everyone from fraud prevention to security operations to risk analysis benefits from threat intelligence . Threat intelligence software provides interactive, real-time views of threat and vulnerability data.
The advantage offered to security analysts and experts is obvious and serves to easily and quickly identify threat actor patterns . Understanding the source and target of attacks helps business leaders put in place effective defenses to mitigate risks and protect themselves from activities that could negatively impact the business.
cyber threat intelligence can be classified as strategic, tactical or operational. Strategic concerns the capabilities and general intent of cyber attacks . Consequently also the development of informed strategies associated with the fight against long-term threats. That Tactic is about the techniques and procedures that attackers might use in day-to-day operations. Finally, threat intelligence Operational provides highly technical forensic information regarding a specific attack campaign.
The threat intelligence cycle
Threat Intelligence Solutions collect raw data on actors and threats from various sources. This data is then analyzed and filtered to produce feed and management reports that contain information that can be used in automated security control solutions . The main purpose of this type of security is to keep organizations informed about the risks of advanced persistent threats, zero- day and exploits, and how to protect yourself from them.
The Cyber Threat Intelligence Cycle consists of the following stages.
Planning: The data requirements must first be defined.
Collection: Collect large amounts of raw data from internal and external threat intelligence sources.
Processing: Raw data is filtered, categorized and organized.
Analytics: This process transforms raw data into streams of threat intelligence using structured analytics techniques in real time and helps analysts identify Indicators of Compromise (IOC). < / p>
Dissemination: Analysis results are immediately shared with cybersecurity professionals and threat intelligence analysts.
Feedback: If all questions are answered, the cycle is over. If there are new requirements, the cycle starts over from the planning phase.
Common indicators of impairment
Enterprises are under increasing pressure to manage security vulnerabilities, and the threat landscape is ever-changing. threat intelligence feeds can help with this process identifying common indicators of compromise (IOC) . Not only that, they can also recommend the necessary steps to prevent attacks and infections. Some of the more common indicators of compromise include:
IP addresses, URLs and domain names: An example would be malware targeting an internal host that is communicating with a known threat actor.
Email addresses, email subject, links and attachments: An example would be a phishing attempt which relies on an unsuspecting user clicking on a link or attachment and initiating a malicious command.
Registry keys, file names and hashes of files and DLLs: An example would be an attack from an external host that has already been reported for nefarious behavior or is already infected.
Which tools for threat intelligence
The growing increase in malware and cyber threats has led to an abundance of threat intelligence tools that provide valuable information to protect businesses.
These tools come in the form of both open source and proprietary platforms. These provide a variety of cyber threat defense capabilities, such as automated risk analysis , private data collection , threat intelligence quick search tools, reporting and sharing this information among multiple users, curated alerts, vulnerability risk analysis, dark web monitoring, automated risk mitigation, threat hunting and much more.
We talked about one of these tools in a other article : the Miter Att & amp; ck . This is a very useful tool for learning about hacker attack techniques and behaviors. This is thanks to the information gathered by threat intelligence and the consequent sharing. A framework like this is very efficient for creating defensive mechanisms that make it possible to secure corporate infrastructures.
Artificial intelligence and threat intelligence
As we saw earlier, gathering information from various sources is just one of the steps. These must then be analyzed and subsequently processed into control protocols, to be really useful for security.
For this type of work of analysis, definition of baseline behaviors and data control, we are increasingly relying on artificial intelligence and deep learning. A Next Generation SIEM , flanked by a UEBA solution are perfect for this type of protection.
The control of the behavior of entities within the perimeter carried out by the UEBA is able to identify any suspicious behavior, based on the information collected and analyzed by the SIEM.
The defenses we have named are the primary value of a corporate security plan. Adopting specific solutions, implementing threat intelligence and therefore an active search for threat indicators, offers a strategic advantage. The company can take a step ahead of criminals, who can only leverage the surprise effect against their victims. Precisely for this general situation, every company should be in a position not to be caught by the off guard. Implementing proactive solutions is now necessary.
The threat intelligence is therefore a defense weapon behind which to protect the most important resources in order to work in peace.
If you want to know how we can help you with our security services, do not hesitate to contact us, we will be happy to answer any questions.
Estimated reading time: 8 minutes
The term shoulder surfing might conjure up images of a little surfer on his shirt collar, but the reality is much more mundane. shoulder surfing is a criminal practice in which thieves steal your personal data by spying on you while using a laptop, ATM, public terminal or other electronic device among other people . This social engineering technique is a security risk that can cause disaster, especially if the stolen credentials are corporate.
The practice long predates smartphones and laptops and dates back to when criminals spied on pay phone users as they entered their calling card numbers to make calls . Many years have passed, but the technique has not been lost. Thieves have evolved to observe their victims typing their ATM PINs, paying at self-service petrol pumps, or even making a purchase in a store.
A similar technique for ATM theft involves a card cloning device superimposed on the card insertion hole and a micro camera to spy on the code. The micro camera performs an act of shoulder surfing . Card cloning is essential because without a physical device the pin is useless, but in the case of account credentials on the network, all you need is user and password.
When does Shoulder Surfing take place?
shoulder surfing can happen whenever you share personal information in a public place. This includes not only ATMs, coffee shops and POS devices in general, but virtually any place where you use a laptop, tablet or smartphone to enter personal data.
Long-time shoulder surfers did not usually loom behind their victims to scrutinize information. Instead, they stood at a safe distance and interpreted finger movements as people typed numbers on the keyboard . Similarly, today’s social engineers often escape attention as they quietly observe others in public places such as airport lounges and shopping malls, bars and restaurants, on trains or subways, or wherever there are people, to tell the truth.
Indeed, today’s most sophisticated criminals are watching from further away, hidden from view. They could use binoculars, micro cameras, or the camera of their phone or tablet to scan your screen or keyboard. Not only that, they may eavesdrop as you read credit card numbers on the phone or provide other sensitive information. Criminals could also take pictures, make a video or audio record of the information and then interpret it later.
Whatever the methodology, it is clear that technology has not only helped us to be more connected and be able to afford to pay for a frappuccino with our mobile phone, but it has also exposed us to security risks. When it comes to sensitive data, especially if there is a corporate account involved that could access other people’s sensitive data, you should never let your guard down , consequences could be very serious .
As shoulder surfing commonly happens
Before suggesting some methods to prevent shoulder surfing to be put into practice immediately, let’s take a closer look at how credential theft could happen with this technique.
At the bar or in the cafeteria
You’re in a busy restaurant bar waiting for a friend. To pass the time, you connect to Instagram. Unfortunately, you don’t notice that the person stuck in line next to you is looking at your password, which happens to be the same one you use for your email and bank account.
At the ATM
You’re taking cash at an ATM. You feel safe because the man after you in line is at least 10 feet away and is even looking at his phone. In fact, he is recording your finger movements on his phone and will later decrypt them to get your PIN number.
To the airport
Your flight is delayed, so grab your laptop and kill your time by reading a couple of work emails to keep up to date. Log in to the company website to read your mail and enter your username and password. You are so calm that you don’t see the woman a few places away as she stares at the screen while you enter data.
What are the consequences of shoulder surfing?
Using your credit card information to make fraudulent purchases is just one example of the damage you could suffer if you fall victim to shoulder surfing . The more personal information a criminal captures about you, the more serious the consequences can be for your bank account and financial health.
A serious case of shoulder surfing can expose you to identity theft . A criminal could use your personal information, such as your social security number, to open new bank accounts, apply for loans, rent apartments, or apply for a job under your name. An identity thief could get their hands on your tax refund, use your name to get medical treatment, or even apply for government benefits in your name. They could also commit a crime and provide your personal information when questioned by the police, leaving you with a dirty record or arrest warrant.
Of course, if you suspect this has happened, you’ll need to go to the police immediately, block your checking accounts and notify the bank. If fraudulent actions have already been carried out in your name, you may need to prove that you are not involved.
Things get dangerous if the stolen data is from a corporate account. In fact, with the use of valid credentials, anyone could enter the company’s system and perform all kinds of actions, such as collecting additional data, placing malware, running a ransomware , steal customer data and then sell it online.
How to defend yourself from shoulder surfing
Two levels of protection can be identified, the first is proactive and is aimed at preventing credentials from being exposed to malicious people, the second is active and provides software to detect attempts to use stolen credentials.
Defend yourself proactively
If you really can’t avoid entering sensitive data on your laptop, tablet or smartphone in a public place, you should follow the countermeasures listed below.
Tip 1: Before entering any sensitive data, find a safe place . Make sure you sit with your back to the wall. This is the best way to protect yourself from prying eyes. Avoid public transport, the central armchairs of a waiting room and places where there is a lot of people coming and going.
Tip 2: Use a privacy filter. This hardware device is a simple polarized translucent sheet that is placed over the screen. It will make your screen look black to anyone looking at it from any unnatural angle . This will make it much more difficult for unauthorized people to see your information.
Tip 3: Two-factor authentication requires a user to prove their identity using two different authentication components that are independent of each other. Since this type of authentication only passes when both factors are used correctly in combination, the security measure is particularly effective. For example, this method is often used a lot in online banking. There are many services that allow you to use your mobile phone as a second authentication factor . This is done through special apps.
Tip 4: Another solution is to use a password manager . By doing so, you no longer have to enter each password individually on your computer. The password manager will do this for you after you enter your master password . This prevents unauthorized people from using your keyboard to determine the real password, provided that you properly protect your master password .
Actively defend yourself with a SOC and behavior analysis
Now let’s imagine that the corporate account credentials have been stolen. At this point only a behavior control system can trigger an alarm and therefore block the user before there is any damage.
In fact, using correct credentials, a normal traditional SIEM would not trigger any alarms. For an older generation SIEM, access would be legitimate, because the credentials are correct. The attacker would have free undisturbed access to the system and could continue with his attack plan.
With SOD’s SOCaaS service, however, abnormal access would trigger an alarm. The SOC provided is equipped with a Next Generation SIEM and a system UEBA control behavior . This means that any deviation from the user’s usual behavior would be reported.
In the case of credential theft, as happens with shoulder surfing, the access made by the attacker would therefore trigger an alarm because something is wrong . For example, the login could take place at anomalous times, in another country / IP, from a different operating system, etc.
shoulder surfing is a social engineering technique that focuses on user carelessness while entering sensitive data into a system. In the event that a user’s corporate credentials are stolen, the only really efficient thing is to have a system that analyzes user behavior and reports whenever suspicious actions are detected.
If you want to know in detail how a SOC and UEBA system can help your company defend against social engineering attacks, do not hesitate to contact us, we will be happy to answer any questions.
Estimated reading time: 6 minutes
As the cybersecurity threat landscape becomes increasingly sophisticated, service providers, such as SOD, need to take additional precautions to protect their customers’ networks. An information management system and monitoring SIEM is an excellent choice in this respect.
This system, in fact, helps mitigate cybersecurity threats from two different angles, all from a single interface . The SIEM monitoring system collects information from multiple sources: network data, threat information feeds, compliance regulations, firewalls, etc. Next, uses that data to power features designed to help IT administrators respond to threat events in real time.
Advantages of SIEM monitoring
In contrast to individual security control systems such as asset management or network intrusion detection, SIEM allows you to dig deeper into security vulnerabilities by unifying information from various systems – even very and offering unprecedented visibility into events occurring in the system.
SIEM is not a threat detection system in and of itself, but enhances the security tools already in use by providing real-time insights to work from . In particular, SOD uses a Next Gen SIEM in a SOAR ( Security Orchestration, Automation and Response ) which also includes advanced behavioral analysis tools ( UEBA ).
If you put high-quality log files into a SIEM tool, you receive high-quality insights into network security . This information can help improve network security protocols.
Unfortunately, many administrators treat SIEM implementation as a solution to be set up and then forgotten. To experience the full benefits of managing information and security events , you need to implement a set of best practices to optimize your solution, starting with security logging.
The logs of a SIEM
How does security monitoring fit into SIEM implementation best practices ? If you look at the SIEM in its main components, it is a log management system .
All the information that a SIEM tool collects is in the form of logs, or records of events occurring within an organization’s IT infrastructure and network.
Examples of logs collected by SIEM include, but are not limited to: Firewalls, routers, wireless access points, vulnerability reports, partner information, antivirus and antimalware.
However, as SIEM tools have a very broad reach and constantly collect log data from all parts of the system, can be a bit complicated and impractical to implement . SIEM best practices help avoid pain points along the line of operation. This way you use SIEM as effectively as possible right from the start.
1. Start calmly
The most common mistake made in implementing SIEM monitoring is trying to do too much too soon . Before you even start looking for a SIEM solution, in fact, it is best to define the scope of your SIEM implementation and think about what you want SIEM to do for your network and infrastructure.
We start by isolating the objectives , taking stock of existing security protocols and brainstorming how these protocols fit into the future SIEM implementation. You can also segment anything you want to monitor into groups and define how you want to monitor them. This helps ensure that you have a clear plan for logging.
Once an initial planning has taken place, the SIEM system does not yet have to be implemented across the entire IT infrastructure. It is better to proceed piecemeal.
You should then test the SIEM monitoring solution on a small section of the system to see how it works. Only then are key security vulnerabilities identified that should be addressed immediately and proceed with implementation in subsequent segments.
Setting up SIEM monitoring step by step, rather than running everything right away, will help ensure that logging works in harmony with the rest of the IT section .
2. Think about the requirements
SIEM monitoring can help the company demonstrate compliance with security regulations and audits, but only by knowing what these standards are in advance . Before committing to a SIEM system, you create a list of HIPAA, GDPR, HITECH and any other IT regulations that you need to comply with. The list is then used to compare the required regulations with the solutions that are put into practice.
Not only does this narrow down the list of standards, it will force you to consider how much log data you actually need. Keeping the correct amount to be compliant, also aligns with best practices of SIEM logging and monitoring .
Obviously, the solutions and protocols to follow are not the same for everyone and need to be adapted according to the position of the individual company. For this particular aspect, SOD can help your company both in gathering the information necessary to identify which standards to follow, and in the standards verification once implemented.
3. Fix the correlations
SIEM correlation streamlines its implementation, allowing you to configure the system according to the specific needs of their customers. SIEM works by collecting data from multiple sources and then filtering, analyzing and correlating it to determine if it deserves to be reported as a security alert.
For this it is essential to correlate the rules and set alarm thresholds based on the type of data and their origin . It is important to remember, in fact, that SIEM is designed to find connections between events that would not otherwise be related to each other.
Setting up a SIEM monitoring system is a delicate but fundamental operation to improve the security system for a particular company.
4. Collect data efficiently
Through a SIEM monitoring system it is possible to collect such an amount of data that it could become complicated to manage. It becomes important to choose in a balanced way which data to use in order to optimize the right amount without losing the advantage of having the entire system under control .
Among the data that it is better not to leave out are: Successful permissions and failed attempts, changes to user privileges, application errors and performance problems, opt-in and in general all the actions made by users with administrative privileges.
The following are excluded: information whose collection is illegal, banking information or credit card data, encryption keys, passwords and personal data .
5. Have a plan in case of a detected threat
Choosing the right SIEM solution and employing logging best practices is only part of the job. You need to have an action plan in case of cyber threat .
For the company that relies on a MSSP as SOD, this means making sure that monitoring is only the first part of the service provided. Ideally, SIEM monitoring is the first piece of a well-designed SOAR that puts in place professional operators, alert notifications and a recovery plan in accordance with the type of data put at risk .
In this respect, the SOC as a Service we offer covers most of the eventualities.
Monitoring is a fundamental part of the corporate security system and a SIEM is one of the ways to put it into practice. However, we must not stop at the collection of information, we must know how to treat, enrich and analyze it.
SOD offers comprehensive services that implement SIEM monitoring systems. The implementation obviously implies a “calibration” of the systems and of the correlations between the data in order to always offer the most suitable solution.
If you would like more information about our products, do not hesitate to contact us, we will be happy to answer your questions.
Insider threats are difficult to spot because they come from within your organization. Employees, contractors and partners require different levels of login credentials in order to perform their work. Attackers can trick these insiders into accessing them or offering them money to knowingly steal valuable information from the company.
Traditional security solutions focus on protecting the organization from external attackers. This strategy overlooks the damage that an internal resource could do to the organization, whether aware or not. With a Nextgen SIEM solution you have the ability to detect and respond to both external and internal threats, with the help of the UEBA in identifying suspicious behavior.
Insider threat, the reasons
Employees or contractors identified as at risk are linked to 60% of cases of insider threats, increasing the likelihood that such incidents result in the theft of sensitive company data. Insider threats can be divided into two groups: the distracted and the hostile.
The mechanics of an attack change significantly based on the motivations behind it. It is therefore better to fully understand which characteristics are typical of the motivations behind attacks, in order to be able to stop potential threats before they become violations.
It is clear to each employee how much the data that the company holds can be worth. Here, in the event of a crisis, allowing data to be leaked in exchange for money may seem like a reduced risk. This type of motive must be considered above all when, in times like the present one, an external event (the COVID-19 pandemic) still puts the workplace at risk. With the risk of an imminent layoff, the sale of data that you have access to as an employee is a more than attractive escape route.
Non-compliance with security rules is a very real risk and the most common cause of internal threats. Indolence in compliance with the rules costs organizations an average of $ 4.58mln per year. Threats come, specifically, from some security practices that are not respected, such as failure to log out from the system, writing one’s passwords on paper or reusing them. In this category there are also violations in the use of unauthorized software or a failure to protect company data.
The reasons behind these harmful behaviors are often, unfortunately, particularly simple: security is bypassed by an allegedly greater speed, productivity or, worse, laziness.
One type of negligent employee is the distracted one, which is worth treating in isolation because it is more complicated to identify. While the serial behavior of violating the rules is easily identifiable, the distracted, who normally diligently complies with the regulations, is not identified before the only, unfortunate, time when his carelessness does not cost the company an attack that went to successful.
Damage to the company
Among the most subtle insider threats are those of those who have the sole purpose of damaging the company. The motive, in these cases, is usually of a personal nature: an employee who is refused a raise, a disagreement with a superior, etc. The insider then moves to discredit his company, causing damage to its image that results in frightened investors who withdraw their capital or lose customers.
Sabotage and sale of information to third parties
For companies that handle sensitive data, this type of threat is a real risk. Whether the company deals with valuable intellectual property or sensitive data of its customers, there is a high probability that there are those who are interested in having access to that data to use it to their advantage. In this scenario, the actor who wants to get hold of the data recruits an insider to steal it.
Cases that fall under the definition of espionage or media sabotage have been on the rise in recent years. Attacks start from nations such as Russia or North Korea, often involved in this type of trafficking in order to gain political advantages against Western states and organizations.
Defense against insider threats
The defense against attacks that originate from the inside is based on the analysis of the suspicious behavior of those who have access to the systems. The difficulty is found in the non-violent nature of the attacks. It is easy for insiders to not need to breach any security checks, having access from the start.
So how can we immediately catch the threats?
Monitor user access
Insiders with legitimate access choose to abuse their access privileges. Excessive access rights are often granted to reduce the effort that privilege management requires. Avoiding this type of behavior is already a first step in a proactive direction of defense.
Furthermore, with a Nextgen SIEM system it is possible to monitor users with high privilege access to databases, servers and critical applications. At that point it is easier to identify those who abuse their access.
Detect suspicious user behavior
The most sophisticated attacks are based on stealth. To this end, attackers increasingly rely on the compromise of existing internal resources. Once inside the network, they perform lateral movement and steal data under the guise of an internal user.
A system such as that offered by SOD’s SOCaaS allows, among other things, to quickly identify suspicious accounts by detecting abnormal user behavior compared to normal base patterns and the activity of colleagues.
The advantages of a modern system
Shorter response time
Using behavioral analysis it is possible to identify abnormal actions so that we can investigate very quickly.
Advanced behavioral analysis: with the UEBA system (included in SOCaaS), security analysts are able to monitor access and activity of users to the most important resources of the company, allowing to find internal threats with the minimal noise for fast detection and response.
Rapid recognition of users at risk
To enable rapid detection of insider threats, security teams need the ability to link a user’s accounts together to create a universal user profile. This is possible with a Nextgen SIEM system. The analysis of user behavior is also compared to that of a group of peers, to identify anomalous behaviors with greater precision, understanding how a user’s activity is different from that of his colleagues.
The threats that start from within the company perimeter are perhaps the most risky due to their low noise nature. Fortunately, with systems increasingly capable of detecting suspicious behavior and aggregating large amounts of employee data, it is possible to take effective countermeasures to combat this type of attack.
Tempo di lettura: 4 minIntroduzioneAlla luce del crescente numero di attacchi ransomware in cui i cryptolocker inte… https://t.co/ubv6OcMrVW
Estimated reading time: 5 minutes Cyber Threat Hunting is a proactive security search across networks, endpoin… https://t.co/afEZYKrnAK
Estimated reading time: 5 minutes A Zero-Day attack (also known as 0-day) exploits a software vulnerability unkno… https://t.co/tdRF7a7zOa
Tempo di lettura: 4 minAttraverso il servizio di cloud storage ownCloud puoi collaborare con i tuoi colleghi ai con… https://t.co/gLk003kzxV
A common definition of data exfiltration is the theft, removal, or unauthorized movement of any data from a device.… https://t.co/cuUyQtUoah