Author: Peter

Every security alert comes with a risk score.  Unfortunately, your vendors each have their own risk score scale. If you use Elastic SIEM, the risk score ranges from 0-100. The following example on “Adding Hidden File Attribute via Attrib” is marked as risk score 21.  In Wazuh, the alerts are classified into very different levels.

When we speak with security teams, we are often asked how DTonomy is different.  Here are the questions we hear most often:  1. Is DTonomy a SIEM?  No, DTonomy is not a SIEM.  DTonomy is a place for analyzing detections, including those created by SIEMs.  Our customers use DTonomy to dramatically reduce the time it takes for them to analyze the large numbers of alerts

Security Analysts receive lots of detections from numerous security monitoring sources.  These atomic detections are easy to set up, but quickly contribute to the growing amount of alert fatigue felt by security analysts that find themselves overwhelmed with alerts.  Contributing to this problem is the fact that as much as 26-50% of the security alerts

Security Operation Centers (SOCs) receive thousands of security alerts every day. Atomic alerts tend to be very noisy. As noted in a recent white paper provided by Forrester, average security operation team received over 11,000 alerts per day, 53% of the security team’s time is spent triaging and investigation and almost 33% of them are

Phishing attempts continue to rise as they are one of the easiest methods for cybercriminals to gain access to valuable information. Three recent phishing attacks include:  Ledger Wallet Ledger is a cryptocurrency wallet that was targeted by a phishing email that looked authentically to be coming from Ledger support that falsely alerted users that their

Phishing is an extremely popular type of cybercrime which is used to obtain sensitive information such as usernames, passwords, and credit card details. 70% to 90% of malicious data breaches are due to social engineering and phishing attacks. As employees are more aware of phishing attacks, they are reporting hundreds and thousands of potential phishing attacks to security analyst for further

What is the “SolarWinds Hack?” SolarWinds is a network performance and systems monitoring software company. SolarWinds Orion is their software product for network security monitoring which enables centralized monitoring and management of an entire IT stack from infrastructure to applications deployed on premises, in virtualized environments or in Microsoft Azure. In early December, FireEye, a

Wazuh is an open-source platform that provides security monitoring solutions which can be used for threat detection, integrity monitoring and compliance. A Wazuh agent can collect and store data and generate alerts from: Log and events data collection File and registry keys integrity monitoring Inventory of running processes and installed applications Comprehensive Monitoring Creates a High Volume of Alerts  The Wazuh agents run on many

Security Information Event Management (SIEM) platforms are an essential part of a modern Security Operations Center (SOC). The SIEM performs the important functions of:  Collecting and aggregating log data generated across the vast technology infrastructure of an organization   Identifying, categorizing and analyzing events against carefully designed rules and filters  Providing reports on security related incidents

EHackingnews.com recently reported that the U.S. healthcare industry is suffering a massive wave of cyberattacks whereby cybercriminals are infiltrating healthcare systems, stealing critical data and disrupting health services. This rise in hacking attempts leads to a risk of patient privacy which is even more critical during the time of the COVID-19 pandemic.   In one specific

Ransomware is malicious malware that encrypts a victim’s files and then demands a ransom to restore access to the files. These attacks have become more and more popular in the recent years and ransomware incident response is essential. There are several ways in which ransomware can gain access to a computer.   One of the most