Blog

Securonix Threat Labs Initial Coverage Advisory: Detection of PrintNightmare Windows Print Spooler Exploitation Activity (CVE-2021-1675, CVE-2021-34527)

Published on July 2, 2021

By Securonix Threat Research/Labs R&D   Figure 1: Example of Common PrintNightmare Exploit Variant Code   Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical PrintNightmare attacks (see Figure 1) [1, 3] targeting zero-day Microsoft Windows Print Spooler Service RCE...

The Great XDR Versus X-EDR Debate

Published on June 30, 2021

by Oliver Rochford, Senior Director   What’s the big deal with XDR? To a former analyst, the genesis of a market is always of keen interest, so I have been following the discussion around XDR intently. Having also just been involved in deciding what XDR means for Securonix, I wanted...

Why Did Capital One Ventures Invest in Securonix?

Published on June 24, 2021

This blog post features an interview with Jay Emmanuel, Partner at Capital One Ventures in Data & Enterprise Tech, Security & Identity.   Short Introduction for Jay Emmanuel Jay leads Cyber Security and Infrastructure investments for Capital One.  He has over 20 years of experience across the technology stack. During those...

Pre-Emptive Ransomware Detection

Published on June 21, 2021

Best Practices for Securonix Next-Gen SIEM Users Securonix Threat Labs R&D Contributors Den Iuzvyk Kayzad Vanskuiwalla Oliver Rochford Oleg Kolesnikov   Who needs to know CISO’s, Security Managers, and Security Analysts Why you need to know The risk of ransomware attacks has escalated acutely after a series of recent high-profile...

Rapid Response and Early Detection in the Age of Sunburst

Published on June 21, 2021

Threat actor campaigns, like Sunburst, that have remained active but undiscovered for years are beginning to come to light. Their ability to slowly wreak havoc while hiding behind legitimate software and users makes such threats particularly difficult to detect. This type of campaign requires specific strategies to mitigate and typically...

A Comprehensive Fabric for Threat Detection and Response

Published on June 21, 2021

Securonix XDR. What is it? Why would the leader in modern, cloud based SIEM solutions also offer an XDR product? Extended detection and response (XDR) is defined as an extension of endpoint detection and response (EDR), with the intention of expanding the sources of telemetry beyond the endpoint and streamlining...

Securonix Threat Labs Initial Coverage Advisory: Darkside Ransomware Targeting Critical Infrastructure Providers

Published on May 18, 2021

By Oleg Kolesnikov, Den Iuzvyk Created: 5/10/2021 Last Updated: 5/14/2021   Figure 1: Darkside/RE$HOOD Ransomware Attack in Progress   Introduction   Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical targeted Darkside ransomware attacks (tracked by Securonix Threat Research as RE$HOOD)...

The Benefits of Powerful, Flexible Log Collection and Management

Published on May 13, 2021

The Challenge of Company-Wide Data Aggregation As companies grow and add more disparate applications to their environment, log collection becomes a major challenge for the IT organization. Add in the complexity of collecting enough log data to remain compliant, addressing privacy standards, and security concerns from modern threats, and log...

Steam engines – or why I’ve joined Securonix.

Published on May 10, 2021

by Oliver Rochford, Senior Director of Content Marketing   Did you know that the earliest mention of the steam engine was in ancient Greece? Heron of Alexandria’s “aeolipile” was described as early as the 1st century AD, with possible references even a century earlier. My own hunch is that the...