Reducing Investigation Time: How to Quickly Parse True Positives

Posted by Eran Cohen on Aug 20, 2019 10:45:00 AM

In the world of security operations, quickly and accurately investigating security incidents is paramount. As a result, filtering out the non-consequential incidents from the consequential incidents helps reduce the investigative time for the security ops team.

Non-malicious True Positives pose the most headaches for SOC teams because they waste valuable time that could have been better spent investigating a malicious True Positive or even worse: a False Negative. However, it’s a highly manual process to parse non-malicious True Positives from the malicious. The process demands a significant amount of time, resources, and expertise from an already busy, overworked Security Ops team whose time is better used for consequential, high-impact tasks and projects.

Read More

Topics: Threat Mitigation, User Behavior, Adaptive Response, Identity Verification, Incident Response, Insider Threat, Adaptive Threat Prevention, Conditional Access

Happy Holidays! Here’s your Business Email Compromise (BEC) gift card scam

Posted by Monnia Deng on Dec 24, 2018 9:21:00 AM

Deck the hall with sad employees, Fa, la, la, la, la, la, la, la, la! 

'Tis the season to be swindled, Fa, la, la, la, la, la, la, la, la!

Read More

Topics: Threat Mitigation, User Behavior

You Failed Your Pen Test: How Can You Reduce Your Attack Surface?

Posted by Heather Howland on Nov 9, 2018 4:04:03 PM

Penetration testing is a critical best practice for virtually any organization’s cybersecurity posture. By putting defenses to the test against trained offensively-minded professionals, organizations can gain deep insights into how they’ll fare against real attackers. Often, the challenge is that the results are not what you would have hoped. When pen testers are able to carve through your defenses at will, it can be discouraging and hard to know where to start.

Read More

Topics: Threat Mitigation, Hacking, Insider Threat

Traditional UEBA vs Behavioral Firewall for Breach and Insider Threat Prevention [Part 2 - Blog Series]

Posted by Heather Howland on Sep 29, 2016 11:55:37 AM

In our Part 1 Series we talked about User and Entity Behavior Analytics (UEBA) and its benefits for better detecting possible breaches and insider threats through user and entity behavior and risk scoring.  Now let’s talk about the differences between traditional UEBA vs the newer UEBA solution, the Behavioral Firewall, which integrates adaptive responses to prevent threats.

Read More

Topics: Threat Mitigation, Behavioral Firewall, User and Entity Behavior Analytics, Identity Verification, ueba