Blog

Converging Trends in Ransomware Are Driving the Need for Preemptive Detection

Published on September 15, 2021

By: Oliver Rochford Twitter: @OliverRochford   Ransomware has steadily grown to become the most talked-about external cyber threat for enterprises in 2021. We have published several urgent and critical advisories for the community, including on the recent Conti ransomware insider leaks and the Darkside Ransomware group behind the Colonial Pipeline...

Monitoring Threats in the Cloud – Insider Threat

Published on August 26, 2021

By Kayzad Vanskuiwalla, Threat Detection & Analytics, Securonix Threat Labs   Insider Threat Landscape Organizations traditionally focus on external threat vectors, rigidly defining the perimeter as a walled-off subnet to segregate their internal production traffic from the external, untrustworthy Internet traffic. The most sought-after target for attackers are privileged accounts...

Securonix Threat Labs Advisory: On Conti Ransomware Tradecraft Detection

Published on August 19, 2021

By Securonix Threat Research/Labs   Figure 1: Conti MRO Tradecraft Data Leak Post   Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the malicious activity associated with the Conti Malicious Ransomware Operator (MRO) (tracked by STR as RE$GRG) linked by the...

Can we measure the value of good security?

Published on August 10, 2021

Most people expect good security to be invisible, yet struggle to assign value to it when it is.   by Oliver Rochford, Senior Director   As an industry, we struggle to value or measure security, and I have some anecdotes to support my assertion. I have heard from several MSSPs...

Monitoring Threats in the Cloud – A Risk-Based Approach

Published on July 26, 2021

By Kayzad Vanskuiwalla, Threat Detection & Analytics, Securonix Threat Labs   Businesses Continue Migrating to the Cloud Over the last decade, organizations have begun to embark on their journey towards cloud. This started with specific services like Office 365 Email / SharePoint where there was a need to manage some...

Empower Hour Recap: Creating Your Own Agility

Published on July 16, 2021

  EMPOWERHOUR, spearheaded by Securonix’s Chief People Officer, Dilshan Ratnayake, emphasizes the company’s commitment to creating an inclusive culture so people can become their best. Kicking off the series last quarter with sessions focused on empowering and growing female women leaders, the quarterly events are intended to be a vehicle...

Taking a Community-Driven Approach to Stop the World’s Cyber Threats

Published on July 15, 2021

As the world’s IT ecosystem becomes increasingly complex there are additional attack vectors for threat actors to exploit. More and more security vendors have entered the market to address new threats which in turn begets more complexity...and around and around we go. According to the IBM Cyber Resilient Organization Report...

Go Behind the Scenes With Securonix Activity Monitor

Published on July 9, 2021

SIEM solutions are all about gaining better visibility. They aim to eliminate blind spots by gathering all of your security data into a single pane of glass. So, why would a solution that grants SOC analysts a holistic view of security data leave security administrators completely in the dark? Most...

Mitigating Phishing Attacks in the Current State of Flux

Published on July 8, 2021

Working remotely has been the norm for many organizations over the past year and half. While working from home is a major boon to businesses, the impact on cyber security has been less positive, as employees are exposed to more phishing attacks than ever. Yes, phishing emails are not new,...

Securonix Threat Labs Initial Coverage Advisory: Detection of PrintNightmare Windows Print Spooler Exploitation Activity (CVE-2021-1675, CVE-2021-34527)

Published on July 2, 2021

By Securonix Threat Research/Labs R&D   Figure 1: Example of Common PrintNightmare Exploit Variant Code   Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical PrintNightmare attacks (see Figure 1) [1, 3] targeting zero-day Microsoft Windows Print Spooler Service RCE...

The Great XDR Versus X-EDR Debate

Published on June 30, 2021

by Oliver Rochford, Senior Director   What’s the big deal with XDR? To a former analyst, the genesis of a market is always of keen interest, so I have been following the discussion around XDR intently. Having also just been involved in deciding what XDR means for Securonix, I wanted...