Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few…
Browsing CategorySecurity Operations Center (SOC)
When Logs Are Out, Enhanced Analytics Stay In
I was talking to an analyst firm the other day. They told me that a lot of organizations purchase a security information and event management (SIEM) solution and then “place…
3 Reasons Why Technology Integration Matters
As John Donne once wrote, “No man is an island entire of itself.” With digitalization bridging any distance, the same logic could be applied to tech. Threat actors have vast…
Five Key Trends on SOC Modernization
For SOCs looking to improve their ability to detect and respond to threats efficiently and effectively, Extended Detection and Response (XDR) has generated increasing amounts of excitement and discourse in…
MITRE ATT&CK and SIEM Rules: What Should Your Expectations Be?
The MITRE ATT&CK threat framework is seemingly everywhere these days, and with good reason. It is an invaluable tool for understanding the various methods, or as MITRE refers to them…
Putting Your SOC in the Hot Seat
Today’s Security Operations Centers (SOCs) are being stress-tested as never before. As the heart of any organization’s cybersecurity apparatus, SOCs are the first line of defense, running 24/7 operations to…
Building the CASE for the Vehicle Security Operations Center
This post was written with contributions from IBM Security’s Rob Dyson, Preston Futrell and Brett Drummond. Let’s explore a day in the life of a vehicle security operations center (VSOC).…
Taking Threat Detection and Response to the Next Level with Open XDR
The challenges facing today’s security industry can easily be described as a perfect storm: increasingly sophisticated cyber attackers combined with the proliferation of security tools to cover an expanding attack…
Critical Infrastructure Attack Trends: What Business Leaders Should Know
Amateur threat actors have been able to compromise critical infrastructure like industrial control systems (ICS) and other operational technology (OT) assets more often lately. Compromises of exposed OT assets rose…
How the Rise of the Remote SOC Changed the Industry
What does the rise of remote security operations centers (SOCs) mean for cybersecurity jobs? The longer people work from home during the pandemic, the more they rate remote working a…