Resources - Securonix

Threat Research

Securonix Threat Labs Initial Coverage Advisory: Detection of PrintNightmare Windows Print Spooler Exploitation Activity (CVE-2021-1675, CVE-2021-34527)

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical PrintNightmare attacks (see Figure 1) [1, 3] targeting zero-day Microsoft Windows Print Spooler Service RCE Vulnerabilities (CVE-2021-1675, CVE-2021-34527). Below are some...

Threats from the Wild Episode 3: Multi-Factor Authentication (MFA) Bypass 101: Pass-the-Cookie/Pass-the-Identity (PTC/PTI) Attack Detection Using Logs

Threats from the Wild - Episode 3: Multi-Factor Authentication (MFA) Bypass 101: Pass-the-Cookie/Pass-the-Identity (PTC/PTI) Attack Detection Using Logs

The significant increase in remote work/work-from-home (WFH) over the past year as well as the recent high-profile attacks bypassing MFA that involved Solarwinds and cloud providers have heightened the need for the blue teams to better understand and detect attempts...

Securonix Threat Labs Initial Coverage Advisory: Darkside Ransomware Targeting Critical Infrastructure Providers

Introduction Securonix Threat Labs R&D/Securonix Threat Research team has been actively monitoring and investigating the details of the critical targeted Darkside ransomware attacks (tracked by Securonix Threat Research as RE$HOOD) with some of the recent victims including Colonial Pipeline Networks,...

Webinars

Three Threat Trends: How to Respond for the Pain to Go Away

Recent trends in the threat landscape challenge even mature security organizations to respond resiliently: • Ransomware and machine speed attacks, • Living-off-the-land techniques, • The adoption of threat actor automation tools. Attacks are now conducted at industrial scale and volumes,...

Improving Threat Detection and Response with Securonix Open XDR

Securonix Open XDR provides a unified security incident detection and response platform that automatically collects and correlates data from multiple proprietary security components. In addition, XDR highlights the value of pre-integrated solutions, promising a less complex way to detect and...

Automating Cyber Rapid Response and Threat Hunting with Autonomous Threat Sweep

Sophisticated supply chain attacks like Sunburst can unfold over weeks, months, or even years before they are discovered and disclosed. With attackers already ahead before the race has even started, enterprises must respond rapidly to catch up and must quickly...

Datasheets

Autonomous Threat Sweep

Acting like your own dedicated Cyber Rapid Response Team, the Securonix Autonomous Threat Sweep (ATS) feature provides air-cover for your security operations team. It automatically and retroactively hunts for new and emerging threats in current and long-term historical data based...

Extended Detection and Response

Securonix Open Extended Detection and Response (XDR) is a comprehensive security fabric that combines the core components required for fast and effective threat detection and response. Connecting multiple sources of telemetry with advanced behavior analytics, powered by an industry pioneering...

Adversary Behavior Analytics

Attackers constantly change their tactics and techniques and legacy SIEM solutions can’t keep up. Rule-based SIEM solutions focus on post-attack artifacts, and IOCs (indicators of compromise) forcing your security team to play catch up while trying to also get ahead...

Analyst Reports

Critical Capabilities Main Page

Gartner: 2021 Critical Capabilities for Security Information and Event Management

Gartner has been at the front of security operations advisory, and the Gartner CARTA methodology is recognized as one of the best threat management and security posture improvement strategies. In this report Gartner analysts defined and assessed 3 use cases...

Gartner: Innovation Insight for Extended Detection and Response

Extended detection and response (XDR) is defined as an extension of endpoint detection and response (EDR), with the intention of expanding the sources of telemetry beyond the endpoint and streamlining response. The required XDR capabilities can be provided by a...

Gartner MQ 2021

2021 Gartner Magic Quadrant For SIEM

The complexity of hybrid environments makes it increasingly challenging for security operations teams to ingest security-related data at scale and control costs, effectively manage security tools, and take action against advanced threats. With innovative approaches such as the Bring Your...

White Papers

Unlock Exclusive Cloud Native Benefits with the Securonix Next-Gen SIEM and AWS EMR

When security leaders consider a next-generation security information and event management (SIEM) solution, many perform a cost-benefit analysis between threat detection capabilities, solution performance, and the scale of the solution. In this whitepaper, we discuss the cost-benefit analysis of next-generation...

Securing the Cloud: Protecting Your Enterprise From an Expanding Threat Surface

Security tools built for on-premises infrastructure does not work well against cloud threats. Rules-based threat detection was designed to protect against known threats. As threats become more sophisticated, solutions that are able to detect changes in behavior are required in...

Network Detection and Response Belongs in the Security Operations Center

Detecting cybersecurity threats has become a big data management challenge. Threat actors employ advanced strategies to hide in hard to find places on your network. In order to detect these threats, you must consolidate data from your entire IT environment...

Case Studies

Financial Services Organization Advances Their Insider Threat and Cloud Security

A large financial services organization suffered from alert fatigue that left them unable to discern which incidents posed a credible threat to their business. Confidence in their previous tool was low, and their analysts were struggling to proactively identify and...

Holding Company Stops Phishing and Data Exfiltration With a Single Platform

A large holding company needed to centralize their security efforts. Across the multiple business units the holding company managed there were a variety of different security tools, but no way to achieve centralized security visibility across all tools. Additionally, the...

Cloud SIEM Saves Regional Financial Institution 50% of an FTE Over On-Premises Solution

A regional bank knew it was time to upgrade their SIEM. Their on-premises LogRhythm SIEM solution was experiencing stability issues causing their security team to spend time maintaining the solution instead of investigating threats. Additionally, their SIEM solution had limited...

Videos

Securonix Next-Gen SIEM Explained

Securonix and Amazon Web Services (AWS) Partnership and Integrations

Time to Rise with Securonix Next-Gen SIEM

Solution Briefs

Bring Your Own Snowflake

In an exciting new partnership, Securonix and Snowflake have created a split architecture solution that enables customers to use Securonix analytics on top of their existing Snowflake Data Cloud Platform. The joint solution allows Snowflake customers to keep their data...

Bring Your Own AWS

AWS and Securonix have partnered to create a split architecture solution where the existing AWS customers can keep their data within their own AWS implementation, while still leveraging a next-generation SIEM solution with limitless scalability. Securonix is available as a...

Content Manager

As technology evolves to help enterprises detect and respond to attacks, threats are also evolving at a rapid pace. Threat detection content needs to keep up, enabling security teams to detect and respond to sophisticated threats as they evolve. Securonix...

Infographics

6 Essentials for Effective Cloud Security

View Infographic

swift-infographic_square

How to Secure Your SWIFT

View Infographic

7 Things to Look for in an Insider Threat Solution

View Infographic