Security analytics and automation
Security analytics and automation provide enterprises the data needed to help defend against a barrage of cyber threats. A toolkit combining threat intelligence sharing and services with SIEM and SOAR systems as well as threat hunting is key to success.
Top Stories
-
News
19 Nov 2024
Microsoft to offer hackers millions in Zero Day Quest event
Microsoft launched Zero Day Quest on Tuesday with a preliminary event offering bug bounty researchers rewards with multipliers for select security scenarios. Continue Reading
-
Tip
12 Nov 2024
SIEM vs. SOAR vs. XDR: Evaluate the key differences
SIEM, SOAR and XDR each possess distinct capabilities and drawbacks. Learn the differences among the three, how they can work together and which your company needs. Continue Reading
-
Tip
12 Nov 2024
EDR vs. XDR vs. MDR: Key differences and benefits
One of the most important goals of cybersecurity professionals is to quickly identify potential or in-progress cyberattacks. These three approaches can help. Continue Reading
-
News
10 Oct 2024
OpenAI details how threat actors are abusing ChatGPT
While threat actors are using generative AI tools like ChatGPT to run election influence operations and develop malware, OpenAI says the efforts are rarely successful. Continue Reading
-
Definition
10 Oct 2024
What is threat intelligence?
Threat intelligence, also known as cyberthreat intelligence, is information gathered from a range of sources about current or potential attacks against an organization. Continue Reading
-
Definition
09 Oct 2024
What is user behavior analytics (UBA)?
User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. Continue Reading
-
News
12 Sep 2024
Mastercard to acquire Recorded Future for $2.65B
Mastercard says the addition of threat intelligence vendor Recorded Future will bolster its cybersecurity services as threats against the financial sector continue to rise. Continue Reading
-
Definition
12 Sep 2024
What is threat detection and response (TDR)? Complete guide
Threat detection and response (TDR) is the process of recognizing potential cyberthreats and reacting to them before harm can be done to an organization. Continue Reading
-
Definition
06 Sep 2024
What is network detection and response (NDR)?
Network detection and response (NDR) technology continuously scrutinizes network traffic to identify suspicious activity and potentially disrupt an attack. Continue Reading
-
Definition
16 Aug 2024
What is machine learning? Guide, definition and examples
Machine learning is a branch of AI focused on building computer systems that learn from data. Continue Reading
-
News
14 Aug 2024
GitHub Copilot Autofix tackles vulnerabilities with AI
GitHub says Copilot Autofix drastically reduced the median time to remediate vulnerabilities in beta testing from 90 minutes for manual fixes to 28 minutes with the GenAI tool. Continue Reading
-
News
08 Aug 2024
CrowdStrike, AI dominate conversation at Black Hat USA 2024
Although the trend of vendors pitching AI-powered products nonstop has continued at Black Hat USA 2024, CrowdStrike and the recent IT outage was an even larger point of discussion. Continue Reading
-
News
08 Aug 2024
Zenity CTO on dangers of Microsoft Copilot prompt injections
Zenity's CTO describes how hidden email code can be used to feed malicious prompts to a victim's Copilot instance, leading to false outputs and even credential harvesting. Continue Reading
-
News
07 Aug 2024
Nvidia AI security architect discusses top threats to LLMs
Richard Harang, Nvidia's principal AI and ML security architect, said two of the biggest pain points for LLMs right now are insecure plugins and indirect prompt injections. Continue Reading
-
News
06 Aug 2024
Security framework to determine whether defenders are winning
Columbia University researcher and longtime security practitioner Jason Healey will present at Black Hat USA a new framework to determine defensive advantage. Continue Reading
-
Opinion
30 Jul 2024
Be prepared for breach disclosure and a magnitude assessment
Organizations need to take a proactive approach to monitoring data stores continuously, and in the case of a breach, assess the magnitude quickly and accurately. DSPM can help you. Continue Reading
-
Definition
26 Jul 2024
What is a key performance indicator (KPI)? Strategy and guide
Key performance indicators (KPIs) are quantifiable business metrics that corporate executives, managers and other stakeholders use to track and analyze factors deemed crucial to meeting the organization's stated objectives. Continue Reading
-
News
18 Jul 2024
Amazon CISO discusses the company's cautious approach to AI
At the recent AWS re:Inforce 2024 conference, Amazon CISO CJ Moses spoke about the risks and threats associated with new AI technology and how the cloud giant addresses them. Continue Reading
-
Tip
15 Jul 2024
6 tips to plan a digital transformation budget
Formulating budgets for digital transformation projects is fraught with complexities, expectations and unknowns that differentiate it from traditional IT and business planning. Continue Reading
-
Tip
12 Jul 2024
How to prevent deepfakes in the era of generative AI
Businesses must be ever vigilant in detecting the increasingly sophisticated nuances of deepfakes by applying security techniques that range from the simple to the complex. Continue Reading
-
News
17 Jun 2024
Post-lawsuit, Splunk and Cribl meet again in data pipelines
Weeks after a jury awarded Splunk $1 in its lawsuit against Cribl, the two vendors remain on a collision course, this time in the realm of data pipelines and federated analytics. Continue Reading
-
???topicInfoType.history_content???
13 Jun 2024
History and evolution of machine learning: A timeline
Machine learning's legacy dates from the early beginnings of neural networks to recent advancements in generative AI that democratize new and controversial ways to create content. Continue Reading
-
News
13 Jun 2024
Microsoft's Recall changes might be too little, too late
Criticism of Microsoft's Recall feature continues even after the software giant announced several updates to address concerns from the infosec community. Continue Reading
-
News
12 Jun 2024
Acronis XDR expands endpoint security capabilities for MSPs
Extended detection and response capabilities for the Acronis platform can automatically lock accounts and generate incident summaries for MSPs looking for additional security. Continue Reading
-
News
23 May 2024
93% of vulnerabilities unanalyzed by NVD since February
New research from VulnCheck shows the NIST's National Vulnerability Database has struggled to manage a growing number of reported vulnerabilities this year. Continue Reading
-
News
22 May 2024
Arctic Wolf CPO: Most AI deployment is generic, 'pretty weak'
Dan Schiappa, chief product officer at Arctic Wolf, said that while generative AI technology has enormous potential, many companies are deploying it for the wrong reasons. Continue Reading
-
Definition
21 May 2024
cloud workload protection platform (CWPP)
A cloud workload protection platform (CWPP) is a security tool designed to protect workloads that run on premises, in the cloud or in a hybrid arrangement. Continue Reading
-
Feature
17 May 2024
How AI-driven patching could transform cybersecurity
At RSAC 2024, a Google researcher described how the search giant has already seen modest but significant success using generative AI to patch vulnerabilities. Continue Reading
-
News
16 May 2024
IBM sells QRadar SaaS assets to Palo Alto Networks
The deal with Palo Alto Networks comes one year after IBM announced QRadar Suite, an AI-enhanced security platform that combined existing SIEM and XDR products. Continue Reading
-
Podcast
15 May 2024
Risk & Repeat: Recapping RSA Conference 2024
Artificial intelligence was center stage at RSA Conference 2024, but the show also focused on secure-by-design principles, the ransomware landscape and more. Continue Reading
-
News
10 May 2024
US officials optimistic on AI but warn of risks, abuse
Federal government leaders at RSA Conference 2024 touted the benefits of AI pilot programs but also outlined how a variety of threat actors are currently abusing the technology. Continue Reading
-
News
08 May 2024
Microsoft touts expansion of Secure Future Initiative
At RSA Conference 2024, Microsoft vice president Vasu Jakkal discussed some of the criticisms leveled against the company and how the Secure Future Initiative will address them. Continue Reading
-
News
06 May 2024
Google unveils new threat intelligence service at RSAC 2024
Google Threat Intelligence combines investigation findings from Mandiant with crowdsourced intelligence from VirusTotal and operationalizes the data with Google's Gemini AI model. Continue Reading
-
News
06 May 2024
Splunk details Sqrrl 'screw-ups' that hampered threat hunting
At RSA Conference 2024, Splunk's David Bianco emphasizes that enterprises need revamped threat hunting frameworks to help with threat detection and response challenges. Continue Reading
-
News
06 May 2024
IBM study shows security for GenAI projects is an afterthought
IBM's survey of C-suite executives finds that 82% say trustworthy and secure AI are essential, but only 24% have a security component included in their GenAI projects. Continue Reading
-
News
06 May 2024
Cisco details Splunk security integrations, AI developments
Just two months after Cisco completed its $28 billion acquisition of analytics giant Splunk, the company added XDR capabilities into Splunk Enterprise Security. Continue Reading
-
Opinion
29 Apr 2024
RSAC 2024: Real-world cybersecurity uses for GenAI
Security pros can expect a lot of buzz around GenAI at RSA 2024, where vendors and experts will share how the latest generative AI tools can enhance cybersecurity. Continue Reading
-
News
02 Apr 2024
Microsoft Copilot for Security brings GenAI to SOC teams
Microsoft's latest AI-powered tool, now generally available, has been beneficial for security teams regarding efficiency, but infosec experts see some room for improvements. Continue Reading
-
Opinion
19 Mar 2024
Surprising ways Microsoft Copilot for Security helps infosec
Microsoft Copilot is the first of many GenAI tools that should help security leaders accelerate their program development and strengthen security postures. Continue Reading
-
Tip
14 Mar 2024
How to craft a generative AI security policy that works
The advent of generative AI threatens to poke additional holes in your cybersecurity strategy. Compiling a GenAI-based security policy to guide your responses can help. Continue Reading
-
News
29 Feb 2024
AWS on why CISOs should track 'the metric of no'
AWS' Clarke Rodgers believes that tracking the number of times CISOs say no to line-of-business requests will ultimately help them build a stronger security culture. Continue Reading
-
Opinion
27 Feb 2024
Threat intelligence programs need updating -- and CISOs know it
Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services. Continue Reading
-
News
14 Feb 2024
Microsoft, OpenAI warn nation-state hackers are abusing LLMs
Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
-
Tip
14 Feb 2024
What is cybersecurity mesh and how can it help you?
The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading
-
Tip
12 Feb 2024
Top metaverse cybersecurity challenges: How to address them
As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
-
Feature
25 Jan 2024
Top benefits and challenges of SOAR tools
To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
-
Feature
23 Jan 2024
Top incident response service providers, vendors and software
Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading
-
Tip
22 Jan 2024
Incident response automation: What it is and how it works
Many of today's security operations teams are understaffed and overwhelmed. Learn how incident response automation can help them work smarter, instead of harder. Continue Reading
-
Answer
17 Jan 2024
SOAR vs. SIEM: What's the difference?
When it comes to the SOAR vs. SIEM debate, it's important to understand their fundamental differences to get the most benefit from your security data. Continue Reading
-
Definition
31 Oct 2023
AI watermarking
AI watermarking is the process of embedding a recognizable, unique signal into the output of an artificial intelligence model, such as text or an image, to identify that content as AI generated. Continue Reading
-
Tip
27 Oct 2023
9 tips to measure and improve digital transformation ROI
Amid a rapidly changing business landscape and competing priorities, a compelling ROI is all the more critical to justify and secure funding for digital transformation projects. Continue Reading
-
News
24 Oct 2023
JPMorgan Chase CISO explains why he's an 'AI optimist'
Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
-
News
05 Oct 2023
IBM launches new AI-powered TDR Services
IBM followed its first AI-focused offering from April, QRadar Suite, with an MDR product -- Threat Detection and Response Services -- featuring AI capabilities. Continue Reading
-
Feature
22 Sep 2023
How SOAR helps improve MTTD and MTTR metrics
By automating initial incident response tasks, SOAR can help SOC analysts improve MTTD and MTTR metrics and ensure they focus on true positive alerts. Continue Reading
-
Feature
22 Sep 2023
How to create a SOAR playbook in Microsoft Sentinel
Using automation through tools such as SOAR and SIEM can improve incident response alert efficiency. One automated feature analysts can use is the SOAR playbook. Continue Reading
-
News
21 Sep 2023
IT pros react to blockbuster $28B Cisco-Splunk deal
Cisco goes through with its long-rumored acquisition of Splunk for security and observability. But the two aren't necessarily a perfect fit, according to some industry observers. Continue Reading
-
News
23 Aug 2023
Google launches AI-powered data classification for Workspace
Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
-
Tip
11 Aug 2023
Evaluate the risks and benefits of AI in cybersecurity
Incorporating AI in cybersecurity can bolster organizations' defenses, but it's essential to consider risks such as cost, strain on resources and model bias before implementation. Continue Reading
-
News
10 Aug 2023
Trend Micro discloses 'silent threat' flaws in Azure ML
During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
-
News
10 Aug 2023
Researchers put LLMs to the test in phishing email experiment
A Black Hat USA 2023 session discussed an experiment that used large language models to see how effective the technology can be in both detecting and producing phishing emails. Continue Reading
-
News
09 Aug 2023
Generative AI takes center stage at Black Hat USA 2023
About one year after generative AI launched into the spotlight, the technology is showing early signs of potential for security at Black Hat USA 2023 in Las Vegas. Continue Reading
-
News
09 Aug 2023
Tenable launches LLM-powered ExposureAI product
ExposureAI will be integrated into Tenable One, the vendor's encompassing exposure management platform, and is the latest cybersecurity produce to employ large language models. Continue Reading
-
News
07 Aug 2023
Google to discuss LLM benefits for threat intelligence programs
Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA. Continue Reading
-
News
01 Aug 2023
Experts expect Sumo Logic match post-New Relic acquisition
New Relic and Sumo Logic were both taken private by the same firm, as consolidation -- and attrition -- continues among observability tools. Continue Reading
-
Guest Post
28 Jul 2023
Intersection of generative AI, cybersecurity and digital trust
The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges. Continue Reading
-
Opinion
26 Jul 2023
Security hygiene and posture management: A work in progress
Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
-
News
19 Jul 2023
Microsoft to expand free cloud logging following recent hacks
Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies. Continue Reading
-
News
19 Jul 2023
Chainguard automates SBOMs, but has Images-based agenda
Container images, that is. Chainguard Enforce now automates SBOMs, but execs and an early customer say they aren't the ultimate answer to software supply chain security. Continue Reading
-
News
18 Jul 2023
Splunk AI update adds specialized models for SecOps tasks
Splunk AI updates this week included specialized models for SecOps that detect and automatically respond to common issues such as DNS exfiltration and suspicious processes. Continue Reading
-
Tip
12 Jul 2023
The history, evolution and current state of SIEM
SIEM met the need for a security tool that could pinpoint threats in real time. But new threats mean that the next evolution of SIEM will offer even more firepower. Continue Reading
-
News
12 Jul 2023
Chainalysis observes sharp rise in ransomware payments
The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021. Continue Reading
-
Opinion
11 Jul 2023
Top developer relations trends for building stronger teams
Learn about enterprise trends for optimizing software engineering practices, including developer relations, API use, community building and incorporating security into development. Continue Reading
-
News
27 Jun 2023
ChatGPT users at risk for credential theft
As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials. Continue Reading
-
Opinion
21 Jun 2023
How AI benefits network detection and response
Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
-
News
21 Jun 2023
Critical VMware Aria Operations bug under active exploitation
Reports of exploitation for a critical command injection flaw in VMware Aria Operations for Networks came roughly a week after a researcher published a proof-of-concept for it. Continue Reading
-
News
13 Jun 2023
AWS shuffles DevSecOps deck with CodeGuru Security SAST
A new DevSecOps service links AWS security code scanning to third-party pipeline tools, potentially a shot at GitHub Copilot that increases overlap with AWS SAST partners. Continue Reading
-
News
08 Jun 2023
Sysdig CNAPP runtime threat detection wins over BigCommerce
Sysdig's fast, comprehensive data collection, now part of a larger CNAPP product, sealed the deal with the e-commerce company. Next, it might replace vulnerability management tools. Continue Reading
-
News
07 Jun 2023
What generative AI's rise means for the cybersecurity industry
ChatGPT's moment in cybersecurity is significant for both technological and marketing reasons. Security analysts and experts have their own reasons why. Continue Reading
-
Definition
05 Jun 2023
security analytics
Security analytics is a cybersecurity approach that uses data collection, data aggregation and analysis tools for threat detection and security monitoring. Continue Reading
-
Opinion
10 May 2023
2023 RSA Conference insights: Generative AI and more
Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways. Continue Reading
-
Definition
09 May 2023
application blacklisting (application blocklisting)
Application blacklisting --increasingly called application blocklisting -- is a network or computer administration practice used to prevent the execution of undesirable software programs. Continue Reading
-
Podcast
02 May 2023
Risk & Repeat: Security industry bets on AI at RSA Conference
This podcast episode covers the focus on AI-powered security products and uses at RSA Conference 2023 in San Francisco last week, as well as other trends at the show. Continue Reading
-
News
28 Apr 2023
ChatGPT uses for cybersecurity continue to ramp up
The use of OpenAI's technology in cybersecurity products is growing as companies look to improve threat detection and assist short-staffed and fatigued security teams. Continue Reading
-
News
27 Apr 2023
Secureworks CEO weighs in on XDR landscape, AI concerns
Secureworks CEO Wendy Thomas talks with TechTarget Editorial about the evolution of the threat detection and response market, as well as the risks posed by new AI technology. Continue Reading
-
News
25 Apr 2023
RSAC panel warns AI poses unintended security consequences
A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
-
News
25 Apr 2023
Rising AI tide sweeps over RSA Conference, cybersecurity
AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity. Continue Reading
-
News
24 Apr 2023
IBM launches AI-powered security offering QRadar Suite
IBM aims to use QRadar Suite's AI features, which it calls the 'unified analyst experience,' to enable security analysts to focus on higher-priority work. Continue Reading
-
News
11 Apr 2023
Recorded Future launches OpenAI GPT model for threat intel
The new OpenAI GPT model was trained on Recorded Future's large data set and interprets evidence to help support enterprises struggling with cyberdefense. Continue Reading
-
Tutorial
10 Apr 2023
Automate firewall rules with Terraform and VMware NSX
In this hands-on tutorial, learn how infrastructure-as-code tools such as Terraform can streamline firewall management with automated, standardized configuration of firewall rules. Continue Reading
-
Opinion
06 Apr 2023
Top RSA Conference 2023 trends and topics
Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
-
News
28 Mar 2023
Microsoft launches AI-powered Security Copilot
Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model. Continue Reading
-
Definition
23 Mar 2023
forensic image
A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space. Continue Reading
-
Tip
21 Mar 2023
4 ChatGPT cybersecurity benefits for the enterprise
As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
-
News
07 Mar 2023
Vishing attacks increasing, but AI's role still unclear
The volume of vishing attacks continues to rise. But threat researchers say it's difficult to attribute such threats to artificial intelligence tools and deepfake technology. Continue Reading
-
Definition
24 Feb 2023
sudo (su 'do')
Sudo is a command-line utility for Unix and Unix-based operating systems such as Linux and macOS. Continue Reading
-
News
22 Feb 2023
How hackers can abuse ChatGPT to create malware
ChatGPT's capabilities for producing software code are limited. But researchers have observed cybercriminals bypassing the chatbot's safeguards to produce malicious content. Continue Reading
-
Definition
21 Feb 2023
AWS Key Management Service (AWS KMS)
AWS Key Management Service (KMS) is a managed service provided by Amazon Web Services (AWS) that allows companies to create, control and manage the cryptographic keys that encrypt and protect their data. Continue Reading
-
News
16 Feb 2023
Dynatrace security AI roots out Log4j, sets tone for roadmap
Dynatrace must prove itself beyond application security, but its AI's effectiveness against the Log4j vulnerability has some customers receptive to its product expansion plans. Continue Reading
-
News
14 Feb 2023
Cribl Search marks fresh observability sortie for upstart
The Splunk nemesis begins new forays onto the turf of incumbent vendors with federated search that doesn't require data migration or indexing -- and big roadmap plans. Continue Reading
-
Opinion
08 Feb 2023
DevSecOps needs to improve to grow adoption rates, maturity
Organizations are adding security processes and oversight to DevOps, but there's still work ahead to truly marry cybersecurity with DevOps and create a functioning DevSecOps. Continue Reading
-
Tip
20 Jan 2023
How to select a security analytics platform, plus vendor options
Security analytics platforms aren't traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about these powerful and important tools. Continue Reading
-
Definition
27 Dec 2022
IT automation
IT automation is the use of instructions to create a repeated process that replaces an IT professional's manual work in data centers and cloud deployments. Continue Reading