Investigation and Response for Unemployment Benefit Fraud Alerts

Among the many new challenges that the COVID-19 pandemic has brought to security analysts, a recent and very serious one is unemployment benefits fraud. Criminals are filing claims for benefits using the credentials of people who haven’t lost their job. They learn of it when they get a letter from the government about the status

ransomware
Another Solarwinds attack? – REvil Ransomware hits Kaseya VSA users

Kaseya VSA is commonly used solutions by managed service providers to manage their clients which usually are SMB customers. On 7/2/2021, ~12 PM EST, an auto update in the product has delivered REvil ransomware. It means the managed service providers who have been infected are infecting their customers’ System.   Here is what we know

Don’t take security risk score personally

Every security alert comes with a risk score.  Unfortunately, your vendors each have their own risk score scale. If you use Elastic SIEM, the risk score ranges from 0-100. The following example on “Adding Hidden File Attribute via Attrib” is marked as risk score 21.  In Wazuh, the alerts are classified into very different levels.

What makes DTonomy different

When we speak with security teams, we are often asked how DTonomy is different.  Here are the questions we hear most often:  1. Is DTonomy a SIEM?  No, DTonomy is not a SIEM.  DTonomy is a place for analyzing detections, including those created by SIEMs.  Our customers use DTonomy to dramatically reduce the time it takes for them to analyze the large numbers of alerts

10 Correlation Patterns Security Analysts Should Know About

Security Analysts receive lots of detections from numerous security monitoring sources.  These atomic detections are easy to set up, but quickly contribute to the growing amount of alert fatigue felt by security analysts that find themselves overwhelmed with alerts.  Contributing to this problem is the fact that as much as 26-50% of the security alerts

SIEM alerts
Manage your Security alerts with Pattern-Driven Approach

Security Operation Centers (SOCs) receive thousands of security alerts every day. Atomic alerts tend to be very noisy. As noted in a recent white paper provided by Forrester, average security operation team received over 11,000 alerts per day, 53% of the security team’s time is spent triaging and investigation and almost 33% of them are

Tips and Techniques for Investigating Suspected Phishing Emails
Tips and Techniques for Investigating Suspected Phishing Emails

Phishing attempts continue to rise as they are one of the easiest methods for cybercriminals to gain access to valuable information. Three recent phishing attacks include:  Ledger Wallet Ledger is a cryptocurrency wallet that was targeted by a phishing email that looked authentically to be coming from Ledger support that falsely alerted users that their

Free Tools For Phishing Investigation - DTonomy
7 Free Tools That Assist Your Phishing Investigation

Phishing is an extremely popular type of cybercrime which is used to obtain sensitive information such as usernames, passwords, and credit card details. 70% to 90% of malicious data breaches are due to social engineering and phishing attacks. As employees are more aware of phishing attacks, they are reporting hundreds and thousands of potential phishing attacks to security analyst for further

SolarWinds Breach
6 things to know about SolarWinds Breach

What is the “SolarWinds Hack?” SolarWinds is a network performance and systems monitoring software company. SolarWinds Orion is their software product for network security monitoring which enables centralized monitoring and management of an entire IT stack from infrastructure to applications deployed on premises, in virtualized environments or in Microsoft Azure. In early December, FireEye, a

DTonomy AIR and Wazuh
Augmenting Wazuh with DTonomy AIR

Wazuh is an open-source platform that provides security monitoring solutions which can be used for threat detection, integrity monitoring and compliance. A Wazuh agent can collect and store data and generate alerts from: Log and events data collection File and registry keys integrity monitoring Inventory of running processes and installed applications Comprehensive Monitoring Creates a High Volume of Alerts  The Wazuh agents run on many

We are pleased to announce that DTonomy is now part of Stellar Cyber. The integrated solution will enhance cyber threat detection and response automation!

X