Threat Research

Securonix Threat Labs Initial Coverage Advisory: Detection of PrintNightmare Windows Print Spooler Exploitation Activity (CVE-2021-1675, CVE-2021-34527)

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical PrintNightmare attacks (see Figure 1) [1, 3] targeting zero-day Microsoft Windows Print Spooler Service RCE Vulnerabilities (CVE-2021-1675, CVE-2021-34527). Below are some...
Read More

Threats from the Wild - Episode 3: Multi-Factor Authentication (MFA) Bypass 101: Pass-the-Cookie/Pass-the-Identity (PTC/PTI) Attack Detection Using Logs

The significant increase in remote work/work-from-home (WFH) over the past year as well as the recent high-profile attacks bypassing MFA that involved Solarwinds and cloud providers have heightened the need for the blue teams to better understand and detect attempts...
Read More

Securonix Threat Labs Initial Coverage Advisory: Darkside Ransomware Targeting Critical Infrastructure Providers

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical targeted Darkside ransomware attacks (tracked by Securonix Threat Research as RE$HOOD) with some of the recent victims including Colonial Pipeline Networks,...
Read More


Insider Threat - the risk that doesn't go away

While ransomware grabs headlines, insider threats can do just as much damage and be difficult to detect without proper tools, data, and processes. Additionally, growth in cloud and hybrid work environments has outpaced insider threat investments. This leaves organizations vulnerable...
Read More

Multi-Cloud, Not Multi-Silos: Consolidate Your Security Data

The nightmare scenario of monitoring multiple cloud environments and applications has been keeping CISOs awake at night. As much as they want to keep their data in just one cloud provider, the reality is that almost every organization will have...
Read More

Defining and securing your cloud strategy

As the economy and world cautiously move forward to a post-pandemic footing, much has changed. Hybrid is now about people's locations as well as infrastructure. Productivity, infrastructure, and security gains need to be cemented, but CISOs and CIOs would do...
Read More


Autonomous Threat Sweep

Acting like your own dedicated Cyber Rapid Response Team, the Securonix Autonomous Threat Sweep (ATS) feature provides air-cover for your security operations team. It automatically and retroactively hunts for new and emerging threats in current and long-term historical data based...
Read More

Extended Detection and Response

Securonix Open Extended Detection and Response (XDR) is a comprehensive security fabric that combines the core components required for fast and effective threat detection and response. Connecting multiple sources of telemetry with advanced behavior analytics, powered by an industry pioneering...
Read More

Adversary Behavior Analytics

Attackers constantly change their tactics and techniques and legacy SIEM solutions can’t keep up. Rule-based SIEM solutions focus on post-attack artifacts, and IOCs (indicators of compromise) forcing your security team to play catch up while trying to also get ahead...
Read More

Analyst Reports

2021 GigaOm Radar for Security Information and Event Management (SIEM) Solutions

This comprehensive industry report asserts that SIEM vendors are developing advanced platforms that ingest more data, provide greater context, and deploy machine learning and automation capabilities to augment security analysts’ efforts. In this report Securonix earned a leading position for...
Read More

Gartner: 2021 Critical Capabilities for Security Information and Event Management

Gartner has been at the front of security operations advisory, and the Gartner CARTA methodology is recognized as one of the best threat management and security posture improvement strategies. In this report Gartner analysts defined and assessed 3 use cases...
Read More

Gartner: Innovation Insight for Extended Detection and Response

Extended detection and response (XDR) is defined as an extension of endpoint detection and response (EDR), with the intention of expanding the sources of telemetry beyond the endpoint and streamlining response. The required XDR capabilities can be provided by a...
Read More

White Papers

Unlock Exclusive Cloud Native Benefits with the Securonix Next-Gen SIEM and AWS EMR

When security leaders consider a next-generation security information and event management (SIEM) solution, many perform a cost-benefit analysis between threat detection capabilities, solution performance, and the scale of the solution. In this whitepaper, we discuss the cost-benefit analysis of next-generation...
Read More

Securing the Cloud: Protecting Your Enterprise From an Expanding Threat Surface

Security tools built for on-premises infrastructure does not work well against cloud threats. Rules-based threat detection was designed to protect against known threats. As threats become more sophisticated, solutions that are able to detect changes in behavior are required in...
Read More

Network Detection and Response Belongs in the Security Operations Center

Detecting cybersecurity threats has become a big data management challenge. Threat actors employ advanced strategies to hide in hard to find places on your network. In order to detect these threats, you must consolidate data from your entire IT environment...
Read More

Case Studies

Financial Services Organization Advances Their Insider Threat and Cloud Security

A large financial services organization suffered from alert fatigue that left them unable to discern which incidents posed a credible threat to their business. Confidence in their previous tool was low, and their analysts were struggling to proactively identify and...
Read More

Holding Company Stops Phishing and Data Exfiltration With a Single Platform

A large holding company needed to centralize their security efforts. Across the multiple business units the holding company managed there were a variety of different security tools, but no way to achieve centralized security visibility across all tools. Additionally, the...
Read More

Cloud SIEM Saves Regional Financial Institution 50% of an FTE Over On-Premises Solution

A regional bank knew it was time to upgrade their SIEM. Their on-premises LogRhythm SIEM solution was experiencing stability issues causing their security team to spend time maintaining the solution instead of investigating threats. Additionally, their SIEM solution had limited...
Read More

Solution Briefs

Event Logging Maturity for Federal Agencies

The U.S. Office of Management and Budget (OMB) published a memorandum on August 27th outlining security event management requirements for federal agencies. The memo mandates a 24-month implementation deadline and expands upon Executive Order 14028, “Improving the Nation’s Cybersecurity” that...
Read More

Bring Your Own Snowflake

In an exciting new partnership, Securonix and Snowflake have created a split architecture solution that enables customers to use Securonix analytics on top of their existing Snowflake Data Cloud Platform. The joint solution allows Snowflake customers to keep their data...
Read More

Bring Your Own AWS

AWS and Securonix have partnered to create a split architecture solution where the existing AWS customers can keep their data within their own AWS implementation, while still leveraging a next-generation SIEM solution with limitless scalability. Securonix is available as a...
Read More