Resources

Threat Research

Securonix Threat Labs Initial Coverage Advisory: Detection of PrintNightmare Windows Print Spooler Exploitation Activity (CVE-2021-1675, CVE-2021-34527)

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical PrintNightmare attacks (see Figure 1) [1, 3] targeting zero-day Microsoft Windows Print Spooler Service RCE Vulnerabilities (CVE-2021-1675, CVE-2021-34527). Below are some...
Read More

Threats from the Wild - Episode 3: Multi-Factor Authentication (MFA) Bypass 101: Pass-the-Cookie/Pass-the-Identity (PTC/PTI) Attack Detection Using Logs

The significant increase in remote work/work-from-home (WFH) over the past year as well as the recent high-profile attacks bypassing MFA that involved Solarwinds and cloud providers have heightened the need for the blue teams to better understand and detect attempts...
Read More

Securonix Threat Labs Initial Coverage Advisory: Darkside Ransomware Targeting Critical Infrastructure Providers

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical targeted Darkside ransomware attacks (tracked by Securonix Threat Research as RE$HOOD) with some of the recent victims including Colonial Pipeline Networks,...
Read More

Webinars

Three Threat Trends: How to Respond for the Pain to Go Away

Recent trends in the threat landscape challenge even mature security organizations to respond resiliently: • Ransomware and machine speed attacks, • Living-off-the-land techniques, • The adoption of threat actor automation tools. Attacks are now conducted at industrial scale and volumes,...
Read More

Improving Threat Detection and Response with Securonix Open XDR

Securonix Open XDR provides a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components. In addition, XDR highlights the value of pre-integrated solutions, promising a less complex way to detect and...
Read More

Automating Cyber Rapid Response and Threat Hunting with Autonomous Threat Sweep

Sophisticated supply chain attacks like Sunburst can unfold over weeks, months, or even years before they are discovered and disclosed. With attackers already ahead before the race has even started, enterprises must respond rapidly to catch up and must quickly...
Read More

Datasheets

Autonomous Threat Sweep

Acting like your own dedicated Cyber Rapid Response Team, the Securonix Autonomous Threat Sweep (ATS) feature provides air-cover for your security operations team. It automatically and retroactively hunts for new and emerging threats in current and long-term historical data based...
Read More

Extended Detection and Response

Securonix Open Extended Detection and Response (XDR) is a comprehensive security fabric that combines the core components required for fast and effective threat detection and response. Connecting multiple sources of telemetry with advanced behavior analytics, powered by an industry pioneering...
Read More

Adversary Behavior Analytics

Attackers constantly change their tactics and techniques and legacy SIEM solutions can’t keep up. Rule-based SIEM solutions focus on post-attack artifacts, and IOCs (indicators of compromise) forcing your security team to play catch up while trying to also get ahead...
Read More

Analyst Reports

Gartner: 2021 Critical Capabilities for Security Information and Event Management

Gartner has been at the front of security operations advisory, and the Gartner CARTA methodology is recognized as one of the best threat management and security posture improvement strategies. In this report Gartner analysts defined and assessed 3 use cases...
Read More

Gartner: Innovation Insight for Extended Detection and Response

Extended detection and response (XDR) is defined as an extension of endpoint detection and response (EDR), with the intention of expanding the sources of telemetry beyond the endpoint and streamlining response. The required XDR capabilities can be provided by a...
Read More

2021 Gartner Magic Quadrant For SIEM

The complexity of hybrid environments makes it increasingly challenging for security operations teams to ingest security-related data at scale and control costs, effectively manage security tools, and take action against advanced threats. With innovative approaches such as the Bring Your...
Read More

White Papers

Unlock Exclusive Cloud Native Benefits with the Securonix Next-Gen SIEM and AWS EMR

When security leaders consider a next-generation security information and event management (SIEM) solution, many perform a cost-benefit analysis between threat detection capabilities, solution performance, and the scale of the solution. In this whitepaper, we discuss the cost-benefit analysis of next-generation...
Read More

Securing the Cloud: Protecting Your Enterprise From an Expanding Threat Surface

Security tools built for on-premises infrastructure does not work well against cloud threats. Rules-based threat detection was designed to protect against known threats. As threats become more sophisticated, solutions that are able to detect changes in behavior are required in...
Read More

Network Detection and Response Belongs in the Security Operations Center

Detecting cybersecurity threats has become a big data management challenge. Threat actors employ advanced strategies to hide in hard to find places on your network. In order to detect these threats, you must consolidate data from your entire IT environment...
Read More

Case Studies

Financial Services Organization Advances Their Insider Threat and Cloud Security

A large financial services organization suffered from alert fatigue that left them unable to discern which incidents posed a credible threat to their business. Confidence in their previous tool was low, and their analysts were struggling to proactively identify and...
Read More

Holding Company Stops Phishing and Data Exfiltration With a Single Platform

A large holding company needed to centralize their security efforts. Across the multiple business units the holding company managed there were a variety of different security tools, but no way to achieve centralized security visibility across all tools. Additionally, the...
Read More

Cloud SIEM Saves Regional Financial Institution 50% of an FTE Over On-Premises Solution

A regional bank knew it was time to upgrade their SIEM. Their on-premises LogRhythm SIEM solution was experiencing stability issues causing their security team to spend time maintaining the solution instead of investigating threats. Additionally, their SIEM solution had limited...
Read More

Solution Briefs

Bring Your Own Snowflake

In an exciting new partnership, Securonix and Snowflake have created a split architecture solution that enables customers to use Securonix analytics on top of their existing Snowflake Data Cloud Platform. The joint solution allows Snowflake customers to keep their data...
Read More

Bring Your Own AWS

AWS and Securonix have partnered to create a split architecture solution where the existing AWS customers can keep their data within their own AWS implementation, while still leveraging a next-generation SIEM solution with limitless scalability. Securonix is available as a...
Read More

Content Manager

As technology evolves to help enterprises detect and respond to attacks, threats are also evolving at a rapid pace. Threat detection content needs to keep up, enabling security teams to detect and respond to sophisticated threats as they evolve. Securonix...
Read More

Infographics