Security analytics and automation

Security analytics and automation provide enterprises the data needed to help defend against a barrage of cyber threats. A toolkit combining threat intelligence sharing and services with SIEM and SOAR systems as well as threat hunting is key to success.

Top Stories

Tip 12 Jul 2024
How to prevent deepfakes in the era of generative AI

Businesses must be ever vigilant in detecting the increasingly sophisticated nuances of deepfakes by applying security techniques that range from the simple to the complex. Continue Reading
News 17 Jun 2024
Post-lawsuit, Splunk and Cribl meet again in data pipelines

Weeks after a jury awarded Splunk $1 in its lawsuit against Cribl, the two vendors remain on a collision course, this time in the realm of data pipelines and federated analytics. Continue Reading

13 Jun 2024

History and evolution of machine learning: A timeline

Machine learning's legacy dates from the early beginnings of neural networks to recent advancements in generative AI that democratize new and controversial ways to create content. Continue Reading
News 13 Jun 2024

Microsoft's Recall changes might be too little, too late

Criticism of Microsoft's Recall feature continues even after the software giant announced several updates to address concerns from the infosec community. Continue Reading
News 12 Jun 2024

Acronis XDR expands endpoint security capabilities for MSPs

Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
News 23 May 2024

93% of vulnerabilities unanalyzed by NVD since February

New research from VulnCheck shows the NIST's National Vulnerability Database has struggled to manage a growing number of reported vulnerabilities this year. Continue Reading
News 22 May 2024

Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'

Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
Definition 21 May 2024

cloud workload protection platform (CWPP)

A cloud workload protection platform (CWPP) is a security tool designed to protect workloads that run on premises, in the cloud or in a hybrid arrangement. Continue Reading
Feature 17 May 2024

How AI-driven patching could transform cybersecurity

At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities. Continue Reading
News 16 May 2024

IBM sells QRadar SaaS assets to Palo Alto Networks

The deal with Palo Alto Networks comes one year after IBM announced QRadar Suite, an AI-enhanced security platform that combined existing SIEM and XDR products. Continue Reading
Podcast 15 May 2024

Risk & Repeat: Recapping RSA Conference 2024

Artificial intelligence was center stage at RSA Conference 2024, but the show also focused on secure-by-design principles, the ransomware landscape and more. Continue Reading
Definition 13 May 2024

key performance indicators (KPIs)

Key performance indicators (KPIs) are quantifiable business metrics that corporate executives, managers and other stakeholders use to track and analyze factors deemed crucial to meeting the organization's stated objectives. Continue Reading
News 10 May 2024

US officials optimistic on AI but warn of risks, abuse

Federal government leaders at RSA Conference 2024 touted the benefits of AI pilot programs but also outlined how a variety of threat actors are currently abusing the technology. Continue Reading
News 08 May 2024

Microsoft touts expansion of Secure Future Initiative

At RSA Conference 2024, Microsoft vice president Vasu Jakkal discussed some of the criticisms leveled against the company and how the Secure Future Initiative will address them. Continue Reading
News 06 May 2024

Google unveils new threat intelligence service at RSAC 2024

Google Threat Intelligence combines investigation findings from Mandiant with crowdsourced intelligence from VirusTotal and operationalizes the data with Google's Gemini AI model. Continue Reading
News 06 May 2024

Splunk details Sqrrl 'screw-ups' that hampered threat hunting

At RSA Conference 2024, Splunk's David Bianco emphasizes that enterprises need revamped threat hunting frameworks to help with threat detection and response challenges. Continue Reading
News 06 May 2024

IBM study shows security for GenAI projects is an afterthought

IBM's survey of C-suite executives finds that 82% say trustworthy and secure AI are essential, but only 24% have a security component included in their GenAI projects. Continue Reading
News 06 May 2024

Cisco details Splunk security integrations, AI developments

Just two months after Cisco completed its $28 billion acquisition of analytics giant Splunk, the company added XDR capabilities into Splunk Enterprise Security. Continue Reading
Opinion 29 Apr 2024

RSAC 2024: Real-world cybersecurity uses for GenAI

Security pros can expect a lot of buzz around GenAI at RSA 2024, where vendors and experts will share how the latest generative AI tools can enhance cybersecurity. Continue Reading
News 02 Apr 2024

Microsoft Copilot for Security brings GenAI to SOC teams

Microsoft's latest AI-powered tool, now generally available, has been beneficial for security teams regarding efficiency, but infosec experts see some room for improvements. Continue Reading
Opinion 19 Mar 2024

Surprising ways Microsoft Copilot for Security helps infosec

Microsoft Copilot is the first of many GenAI tools that should help security leaders accelerate their program development and strengthen security postures. Continue Reading
Tip 14 Mar 2024

How to craft a generative AI security policy that works

The advent of generative AI threatens to poke additional holes in your cybersecurity strategy. Compiling a GenAI-based security policy to guide your responses can help. Continue Reading
News 29 Feb 2024

AWS on why CISOs should track 'the metric of no'

AWS' Clarke Rodgers believes that tracking the number of times CISOs say no to line-of-business requests will ultimately help them build a stronger security culture. Continue Reading
Opinion 27 Feb 2024

Threat intelligence programs need updating -- and CISOs know it

Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services. Continue Reading
News 14 Feb 2024

Microsoft, OpenAI warn nation-state hackers are abusing LLMs

Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
Tip 14 Feb 2024

What is cybersecurity mesh and how can it help you?

The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading
Tip 12 Feb 2024

Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
Feature 25 Jan 2024

Top benefits and challenges of SOAR tools

To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
Feature 23 Jan 2024

Top incident response service providers, vendors and software

Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading
Tip 22 Jan 2024

Incident response automation: What it is and how it works

Many of today's security operations teams are understaffed and overwhelmed. Learn how incident response automation can help them work smarter, instead of harder. Continue Reading
Answer 17 Jan 2024

SOAR vs. SIEM: What's the difference?

When it comes to the SOAR vs. SIEM debate, it's important to understand their fundamental differences to get the most benefit from your security data. Continue Reading
Definition 31 Oct 2023

AI watermarking

AI watermarking is the process of embedding a recognizable, unique signal into the output of an artificial intelligence model, such as text or an image, to identify that content as AI generated. Continue Reading
Tip 27 Oct 2023

9 tips to measure and improve digital transformation ROI

Amid a rapidly changing business landscape and competing priorities, a compelling ROI is all the more critical to justify and secure funding for digital transformation projects. Continue Reading
News 24 Oct 2023

JPMorgan Chase CISO explains why he's an 'AI optimist'

Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
News 05 Oct 2023

IBM launches new AI-powered TDR Services

IBM followed its first AI-focused offering from April, QRadar Suite, with an MDR product -- Threat Detection and Response Services -- featuring AI capabilities. Continue Reading
Feature 22 Sep 2023

How to create a SOAR playbook in Microsoft Sentinel

Using automation through tools such as SOAR and SIEM can improve incident response alert efficiency. One automated feature analysts can use is the SOAR playbook. Continue Reading
Feature 22 Sep 2023

How SOAR helps improve MTTD and MTTR metrics

By automating initial incident response tasks, SOAR can help SOC analysts improve MTTD and MTTR metrics and ensure they focus on true positive alerts. Continue Reading
News 21 Sep 2023

IT pros react to blockbuster $28B Cisco-Splunk deal

Cisco goes through with its long-rumored acquisition of Splunk for security and observability. But the two aren't necessarily a perfect fit, according to some industry observers. Continue Reading
Definition 15 Sep 2023

What is machine learning and how does it work? In-depth guide

Machine learning (ML) is a type of artificial intelligence (AI) focused on building computer systems that learn from data. The broad range of techniques ML encompasses enables software applications to improve their performance over time. Continue Reading
News 23 Aug 2023

Google launches AI-powered data classification for Workspace

Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
Tip 11 Aug 2023

Evaluate the risks and benefits of AI in cybersecurity

Incorporating AI in cybersecurity can bolster organizations' defenses, but it's essential to consider risks such as cost, strain on resources and model bias before implementation. Continue Reading
News 10 Aug 2023

Trend Micro discloses 'silent threat' flaws in Azure ML

During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
News 10 Aug 2023

Researchers put LLMs to the test in phishing email experiment

A Black Hat USA 2023 session discussed an experiment that used large language models to see how effective the technology can be in both detecting and producing phishing emails. Continue Reading
News 09 Aug 2023

Generative AI takes center stage at Black Hat USA 2023

About one year after generative AI launched into the spotlight, the technology is showing early signs of potential for security at Black Hat USA 2023 in Las Vegas. Continue Reading
News 09 Aug 2023

Tenable launches LLM-powered ExposureAI product

ExposureAI will be integrated into Tenable One, the vendor's encompassing exposure management platform, and is the latest cybersecurity produce to employ large language models. Continue Reading
News 07 Aug 2023

Google to discuss LLM benefits for threat intelligence programs

Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA. Continue Reading
News 01 Aug 2023

Experts expect Sumo Logic match post-New Relic acquisition

New Relic and Sumo Logic were both taken private by the same firm, as consolidation -- and attrition -- continues among observability tools. Continue Reading
Guest Post 28 Jul 2023

Intersection of generative AI, cybersecurity and digital trust

The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges. Continue Reading
Opinion 26 Jul 2023

Security hygiene and posture management: A work in progress

Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
News 19 Jul 2023

Microsoft to expand free cloud logging following recent hacks

Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies. Continue Reading
News 19 Jul 2023

Chainguard automates SBOMs, but has Images-based agenda

Container images, that is. Chainguard Enforce now automates SBOMs, but execs and an early customer say they aren't the ultimate answer to software supply chain security. Continue Reading
News 18 Jul 2023

Splunk AI update adds specialized models for SecOps tasks

Splunk AI updates this week included specialized models for SecOps that detect and automatically respond to common issues such as DNS exfiltration and suspicious processes. Continue Reading
Tip 12 Jul 2023

The history, evolution and current state of SIEM

SIEM met the need for a security tool that could pinpoint threats in real time. But new threats mean that the next evolution of SIEM will offer even more firepower. Continue Reading
News 12 Jul 2023

Chainalysis observes sharp rise in ransomware payments

The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021. Continue Reading
Opinion 11 Jul 2023

Top developer relations trends for building stronger teams

Learn about enterprise trends for optimizing software engineering practices, including developer relations, API use, community building and incorporating security into development. Continue Reading
News 27 Jun 2023

ChatGPT users at risk for credential theft

As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials. Continue Reading
Opinion 21 Jun 2023

How AI benefits network detection and response

Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
News 21 Jun 2023

Critical VMware Aria Operations bug under active exploitation

Reports of exploitation for a critical command injection flaw in VMware Aria Operations for Networks came roughly a week after a researcher published a proof-of-concept for it. Continue Reading
News 13 Jun 2023

AWS shuffles DevSecOps deck with CodeGuru Security SAST

A new DevSecOps service links AWS security code scanning to third-party pipeline tools, potentially a shot at GitHub Copilot that increases overlap with AWS SAST partners. Continue Reading
News 08 Jun 2023

Sysdig CNAPP runtime threat detection wins over BigCommerce

Sysdig's fast, comprehensive data collection, now part of a larger CNAPP product, sealed the deal with the e-commerce company. Next, it might replace vulnerability management tools. Continue Reading
News 07 Jun 2023

What generative AI's rise means for the cybersecurity industry

ChatGPT's moment in cybersecurity is significant for both technological and marketing reasons. Security analysts and experts have their own reasons why. Continue Reading
Definition 05 Jun 2023

security analytics

Security analytics is a cybersecurity approach that uses data collection, data aggregation and analysis tools for threat detection and security monitoring. Continue Reading
Opinion 10 May 2023

2023 RSA Conference insights: Generative AI and more

Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways. Continue Reading
Definition 09 May 2023

application blacklisting (application blocklisting)

Application blacklisting --increasingly called application blocklisting -- is a network or computer administration practice used to prevent the execution of undesirable software programs. Continue Reading
Podcast 02 May 2023

Risk & Repeat: Security industry bets on AI at RSA Conference

This podcast episode covers the focus on AI-powered security products and uses at RSA Conference 2023 in San Francisco last week, as well as other trends at the show. Continue Reading
News 28 Apr 2023

ChatGPT uses for cybersecurity continue to ramp up

The use of OpenAI's technology in cybersecurity products is growing as companies look to improve threat detection and assist short-staffed and fatigued security teams. Continue Reading
News 27 Apr 2023

Secureworks CEO weighs in on XDR landscape, AI concerns

Secureworks CEO Wendy Thomas talks with TechTarget Editorial about the evolution of the threat detection and response market, as well as the risks posed by new AI technology. Continue Reading
News 25 Apr 2023

RSAC panel warns AI poses unintended security consequences

A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
News 25 Apr 2023

Rising AI tide sweeps over RSA Conference, cybersecurity

AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity. Continue Reading
News 24 Apr 2023

IBM launches AI-powered security offering QRadar Suite

IBM aims to use QRadar Suite's AI features, which it calls the 'unified analyst experience,' to enable security analysts to focus on higher-priority work. Continue Reading
News 11 Apr 2023

Recorded Future launches OpenAI GPT model for threat intel

The new OpenAI GPT model was trained on Recorded Future's large data set and interprets evidence to help support enterprises struggling with cyberdefense. Continue Reading
Tutorial 10 Apr 2023

Automate firewall rules with Terraform and VMware NSX

In this hands-on tutorial, learn how infrastructure-as-code tools such as Terraform can streamline firewall management with automated, standardized configuration of firewall rules. Continue Reading
Opinion 06 Apr 2023

Top RSA Conference 2023 trends and topics

Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
News 28 Mar 2023

Microsoft launches AI-powered Security Copilot

Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model. Continue Reading
Definition 23 Mar 2023

forensic image

A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space. Continue Reading
Tip 21 Mar 2023

4 ChatGPT cybersecurity benefits for the enterprise

As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
News 07 Mar 2023

Vishing attacks increasing, but AI's role still unclear

The volume of vishing attacks continues to rise. But threat researchers say it's difficult to attribute such threats to artificial intelligence tools and deepfake technology. Continue Reading
Definition 24 Feb 2023

sudo (su 'do')

Sudo is a command-line utility for Unix and Unix-based operating systems such as Linux and macOS. Continue Reading
News 22 Feb 2023

How hackers can abuse ChatGPT to create malware

ChatGPT's capabilities for producing software code are limited. But researchers have observed cybercriminals bypassing the chatbot's safeguards to produce malicious content. Continue Reading
Definition 21 Feb 2023

AWS Key Management Service (AWS KMS)

AWS Key Management Service (KMS) is a managed service provided by Amazon Web Services (AWS) that allows companies to create, control and manage the cryptographic keys that encrypt and protect their data. Continue Reading
News 16 Feb 2023

Dynatrace security AI roots out Log4j, sets tone for roadmap

Dynatrace must prove itself beyond application security, but its AI's effectiveness against the Log4j vulnerability has some customers receptive to its product expansion plans. Continue Reading
News 14 Feb 2023

Cribl Search marks fresh observability sortie for upstart

The Splunk nemesis begins new forays onto the turf of incumbent vendors with federated search that doesn't require data migration or indexing -- and big roadmap plans. Continue Reading
Opinion 08 Feb 2023

DevSecOps needs to improve to grow adoption rates, maturity

Organizations are adding security processes and oversight to DevOps, but there's still work ahead to truly marry cybersecurity with DevOps and create a functioning DevSecOps. Continue Reading
Tip 20 Jan 2023

How to select a security analytics platform, plus vendor options

Security analytics platforms aren't traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about these powerful and important tools. Continue Reading
Definition 27 Dec 2022

IT automation

IT automation is the use of instructions to create a repeated process that replaces an IT professional's manual work in data centers and cloud deployments. Continue Reading
Feature 19 Dec 2022

11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
Tutorial 07 Dec 2022

How to use Wireshark OUI lookup for network security

Wireshark OUI lookup helps cyber defenders, pen testers and red teams identify and target network endpoints -- and it can be accessed from any browser. Continue Reading
Opinion 02 Dec 2022

XDR definitions don't matter, outcomes do

Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023. Continue Reading
Opinion 02 Dec 2022

7 steps to implementing a successful XDR strategy

There's still confusion around what extended detection and response is, but it will play a key role in enterprise security. To successfully implement XDR, follow these steps. Continue Reading
Tip 17 Nov 2022

Industrial control system security needs ICS threat intelligence

Threat actors and nation-states constantly try to find ways to attack all-important industrial control systems. Organizations need specialized ICS threat intelligence to fight back. Continue Reading
Tip 31 Oct 2022

Why and how to use container malware scanning software

Malware is on the rise, and containers are potential attack vectors. Learn why it's crucial to check containers for vulnerabilities and compare container malware scanning tools. Continue Reading
News 25 Oct 2022

Cryptomining campaign abused free GitHub account trials

Cloud security vendor Sysdig uncovered the largest cryptomining operation it's ever seen as threat actors used free account trials to shift the costs to service providers. Continue Reading
News 19 Oct 2022

Mandiant launches Breach Analytics for Google's Chronicle

Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month. Continue Reading
Feature 12 Oct 2022

The history and evolution of zero-trust security

Before zero-trust security, enterprise insiders were trusted and outsiders weren't. Learn about the history of zero trust and the public and private sector efforts to adopt it. Continue Reading
Tip 01 Sep 2022

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
News 30 Aug 2022

VMware aims to improve security visibility with new services

Unveiled at VMware Explore, the company's new security services include Project Trinidad, Project Watch and Project Northstar. All three offer customer visibility enhancements. Continue Reading
Tip 22 Aug 2022

Why security chaos engineering works, and how to do it right

While 'chaos' doesn't sound like something software security managers would want, chaos engineering has an enticing amount of value when it comes to identifying potential threats. Continue Reading
Tip 10 Aug 2022

Compare SAST vs. DAST vs. SCA for DevSecOps

SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from. Continue Reading
News 08 Aug 2022

U.S. sanctions another cryptocurrency mixer in Tornado Cash

The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds. Continue Reading
Tip 01 Aug 2022

Top 10 UEBA enterprise use cases

The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading
Feature 01 Aug 2022

Proof of work vs. proof of stake: What's the difference?

Proof of work and proof of stake use algorithms to validate cryptocurrency on a blockchain network. The main difference is how they choose and qualify users to add transactions. Continue Reading
Definition 15 Jul 2022

user behavior analytics (UBA)

User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. Continue Reading