We have compiled a list of the best posts from our blog. The posts cover a wide variety of topics and are listed in no particular order. From threat research to data science to insider threats, you can find these posts and more on our blog!
GO#WEBBFUSCATOR security advisory
First up is the discovery of GO#WEBBFUSCATOR by the Threat Research team in August of this year. Relying on phishing techniques, this unique sample of a persistent Golang-based attack leveraged the beloved deep field image taken from the James Webb telescope and obfuscated Golang programming language payloads to infect the target system with the malware. Interested in learning more? Check out the GO#WEBBFUSCATOR blog here.
STEEP#MAVERICK security advisory
In September Securonix researchers discovered a covert attack campaign named STEEP#MAVERICK that targeted multiple military/weapons contractor companies, including likely a strategic supplier to the F-35 Lightning II fighter aircraft. The stager mostly used PowerShell, and while stagers written in PowerShell are not unique, the procedures involved an array of interesting tactics, persistence methodology, counter-forensics, and layers upon layers of obfuscation to hide its code. Interested in learning more? Check out the STEEP#MAVERICK blog here.
New! Blue Team Debriefing Series
Threat advisories and reports are always fun to read. They keep us up to date with the latest information about threat behavior and what real world threat actors have been doing to breach into organizations around the world. To take it one level deeper for defenders we are starting a series of Blue Team Debriefings, the first which tackled STEEP#MAVERICK. These posts are intended to provide insights for defenders on what could and should be done to protect against the threats our team describes in our Securonix Threat Labs Security Advisories. Read the full blog and our recommendations.
Security Data Science for the Quantified CISO Series
In August Chief Data Scientist Joshua Neil, introduced fundamental and advanced concepts of security data science for the security executive. In his blog post he provides a personal perspective on this complex topic and provides insights to dispel myths and equip readers with the background to make good buying decisions and to take full advantage of machine learning in security operations. Curious? Josh shares six lessons he learned from security teams.
Built-in, Not Bolted On: Experience a New Kind of SOAR at Securonix
Security teams need to act quickly to mitigate the risks of cybersecurity threats. However, many security teams leverage poorly integrated SIEM and SOAR solutions, adding unnecessary complexity to threat detection and response. This is because many SIEM and SOAR vendors claim to have a converged solution, but often the SOAR is not native, resulting in context-switching and complexity for analysts. Unlike many SOAR products in the market, Securonix SOAR is built-in the SIEM, not bolted on, allowing analysts to respond to threats at scale with minimal noise and less manual effort. Read more about how Securonix SOAR seamlessly integrates with our existing Next-Gen SIEM.
Stop Searching for Context…Securonix Investigate Brings Context to You
“Cybersecurity Solutions for a Riskier World” reported that it takes security teams an average of 47 days to properly respond to a threat. It is easy to understand that when security analysts identify an incident, time is of the essence–the more time threats dwell in your environment, the more damage they can do. Organizations invest in SIEMs in order to improve the collection of data and detection of incidents; and most importantly SIEMs provide the context analysts need to understand incidents. Find out how to gain a clear understanding of an incident through context in this post.
Insider risk series
Insider risk teams are often at the forefront of ensuring that intellectual property and sensitive data do not leave an organization. Each incident is different, but they tend to follow common themes. The story of an attack can be seen through different profiles of behavior with distinct sets of indicators. The behavioral indicators of the Ambitious Leader profile, for example, are based on research from PERSEREC, CMU’s Insider Threat Center, and NATO which are used to detect data theft and insider activity. This post takes a deep dive into Ambitious Leader insider threat profile and risk indicators. Find out how next-gen SIEMs can detect insider risk, including insider profiles like the Misaligned Saboteur and another Amibitious Leader archetype.
Securonix Annual Threat Report
Our annual Securonix 2022 Threat Report contains valuable insights, no matter which SIEM you choose to use. The report covers insider threats as they evolve with employee stressors, disengagement, and potential attrition posing serious risks to organizations. Find helpful detection information for cloud infrastructure misuse, ransomware, and IoT/OT threats.