Threat detection and response
Just as malicious actors' threats and attack techniques evolve, so too must enterprise threat detection and response tools and procedures. From real-time monitoring and network forensics to IDS/IPS, NDR and XDR, SIEM and SOAR, read up on detection and response tools, systems and services.
Top Stories
-
Guest Post
19 Dec 2024
Add gamification learning to your pen testing training playbook
Organizations that embrace gamification in their pen testing training are better positioned to build and maintain the skilled security teams needed to address evolving threats. Continue Reading
By- Ed Skoudis, SANS Technology Institute
-
News
16 Dec 2024
Blackberry sells Cylance to Arctic Wolf for $160M
After exiting the mobile device market, Blackberry acquired Cylance for $1.4 billion in 2018 to expand its presence in enterprise security. Continue Reading
By- Arielle Waldman, News Writer
-
Tip
23 Feb 2021
How to achieve security observability in complex environments
Security observability is a novel approach to incident detection that goes beyond traditional monitoring. Read on to learn if this emerging strategy is right for your enterprise. Continue Reading
By -
Tip
08 Dec 2020
Pros and cons of an outsourced SOC vs. in-house SOC
Security operations centers have become an essential element of threat detection. Here's how to decide whether to build one in-house or outsource SOC capabilities. Continue Reading
-
Tip
03 Dec 2020
8 challenges every security operations center faces
Staffing shortages, budget allocation issues, and inadequate analytics and filtering are among the challenges organizations will face as they implement a security operations center. Continue Reading
By- John Burke, Nemertes Research
-
Feature
27 Oct 2020
Zero-trust network policies should reflect varied threats
Role-based access systems create enormous pools of responsibility for administrators. Explore how to eliminate these insecure pools of trust with zero-trust network policies. Continue Reading
By- Katie Donegan, Social Media Manager
- O'Reilly Media
-
Tip
29 Jul 2020
As network security analysis proves invaluable, NDR market shifts
IT infrastructure threat detection and response have emerged as critical elements of enterprise cybersecurity as network security analysis proves invaluable to protecting data. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Quiz
28 Jul 2020
IDS/IPS quiz: Intrusion detection and prevention systems
Want a baseline of your intrusion detection and prevention system knowledge? Test your insights with this IDS/IPS quiz. Continue Reading
By- Sharon Shea, Executive Editor
-
News
24 Mar 2020
Cisco security GM discusses plan for infosec domination
At RSA Conference 2020, Gee Rittenhouse, senior vice president and general manager of Cisco's security group, talks about the company's strategy to reshape the infosec industry. Continue Reading
By- Rob Wright, Senior News Director
-
News
06 Feb 2020
Forescout acquired by private equity firm for $1.9 billion
Network security vendor Forescout Technologies was acquired for $1.9 billion by Advent International, a private equity firm looking to increase its cybersecurity investments. Continue Reading
By- Arielle Waldman, News Writer
-
Answer
10 Dec 2019
How to prevent port scan attacks
The popular port scan is a hacking tool that enables attackers to gather information about how corporate networks operate. Learn how to detect and prevent port scanning attacks. Continue Reading
By -
Tip
18 Nov 2019
Use network traffic analysis to detect next-gen threats
Network traffic analysis, network detection and response -- whichever term you prefer, the technology is critical to detecting new breeds of low-and-slow threats. Continue Reading
By- Kevin Tolly, The Tolly Group
-
News
01 Oct 2019
Sophos launches Managed Threat Response service
The new offering is built on Sophos' endpoint security platform Intercept X Advanced, with capabilities supported by the company's recent acquisition of Rook Security and DarkBytes. Continue Reading
By -
News
05 Sep 2019
Awake Security adds adversarial model to security platform
The new feature is meant to enable companies to identify attackers faster. Other updates to the security system include extending cloud capabilities to Amazon Web Services. Continue Reading
-
News
26 Aug 2019
Puppet launches its first vulnerability remediation product
Puppet Remediate is a vulnerability remediation product that shares data between security and IT ops, provides risk-based prioritization and offers agentless remediation. Continue Reading
-
News
06 Aug 2019
LogicHub introduces automation updates to its SOAR platform
Security vendor LogicHub introduced new features to its SOAR platform that intend to automate tedious threat detection and response processes and save security teams time. Continue Reading
By- Sabrina Polin, Managing Editor
-
Tip
23 Jul 2019
Which is better: anomaly-based IDS or signature-based IDS?
Even as vendors improve IDS by incorporating both anomaly-based IDS and signature-based IDS, understanding the difference will aid intrusion protection decisions. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
Answer
31 May 2019
How can SIEM and SOAR software work together?
Many security pros initially thought SOAR software could replace SIEM. Our security expert advocates learning how SIEM and SOAR can work together. Continue Reading
By- Andrew Froehlich, West Gate Networks
-
Tip
29 Apr 2019
2019's top 5 free enterprise network intrusion detection tools
Snort is one of the industry's top network intrusion detection tools, but plenty of other open source alternatives are available. Discover new and old favorites for packet sniffing and more. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
15 Apr 2019
Blue Hexagon bets on deep learning AI in cybersecurity
Cybersecurity startup Blue Hexagon uses deep learning to detect network threats. Security experts weigh in on the limitations of AI technologies in cybersecurity. Continue Reading
By -
Answer
14 Feb 2019
Why did a Cisco patch for Webex have to be reissued?
Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch with Judith Myerson. Continue Reading
-
Tip
10 Dec 2018
5 actionable deception-tech steps to take to fight hackers
Consider taking these five 'deceptive' steps to make your detection and response capabilities speedier, more effective and to improve your company's security posture. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Opinion
03 Dec 2018
Ron Green: Keeping the payment ecosystem safe for Mastercard
"We have invested a billion dollars over the last couple of years just in security," says Ron Green, Mastercard's chief of security, who joined the company in 2014. Continue Reading
- 03 Dec 2018
-
Feature
03 Dec 2018
Threat hunting techniques move beyond the SOC
Tired of waiting for signs of an attack, companies are increasingly adding threat hunting capabilities to their playbooks to find likely ways their systems could be infiltrated. Continue Reading
By - 03 Dec 2018
-
Opinion
03 Dec 2018
The threat hunting process is missing the human element
Threat hunting hinges on an analyst's ability to create hypotheses and to look for indicators of compromise in your network. Do you have the resources to hunt? Continue Reading
- 03 Dec 2018
- E-Zine 03 Dec 2018
-
Tip
29 Nov 2018
Is network traffic monitoring still relevant today?
An increase in DNS protocol variants has led to a higher demand for network traffic monitoring. The SANS Institute's Johannes Ullrich explains what this means for enterprises. Continue Reading
By- Johannes Ullrich, SANS Technology Institute
-
Answer
22 Nov 2018
How was a black box attack used to exploit ATM vulnerabilities?
Researchers from Positive Technologies found flaws affecting NCR ATMs. Discover how these ATM vulnerabilities work and how a patch can mitigate this attack. Continue Reading
-
Tip
05 Nov 2018
How deception technologies improve threat hunting, response
Deception tech tools enable more effective threat hunting and incident response. Learn how these tools can give security pros an edge in defending their company systems and data. Continue Reading
By- Dave Shackleford, Voodoo Security
-
Answer
07 Aug 2018
What does the expansion of MANRS mean for BGP security?
The Internet Society expanded MANRS to crack down on BGP security. Expert Michael Cobb explains what MANRS is and its implications for BGP server security. Continue Reading
By -
Tip
07 Jun 2018
Where machine learning for cybersecurity works best now
Need to up your endpoint protection endgame? Learn how applying machine learning for cybersecurity aids in the fight against botnets, evasive malware and more. Continue Reading
By- Nick Cavalancia, Techvangelism
-
Tip
07 Jun 2018
AI and machine learning in network security advance detection
Applying AI, and specifically machine learning, in network security helps protect enterprises against advanced persistent threats and sophisticated cybercriminals. Continue Reading
By- Nick Cavalancia, Techvangelism
-
Tip
05 Jun 2018
How entropy sources help secure applications with SDLC
Some applications need cryptographic algorithms to test and work properly. Expert Judith Myerson discusses this division in terms of the software development lifecycle. Continue Reading
-
News
16 Feb 2018
SonicWall spots Meltdown exploits with machine learning tech
SonicWall says its new deep memory inspection technology, which powers the vendor's Capture Cloud sandbox service, can block Meltdown threats and other zero-day attacks. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
29 Jan 2018
Devil's Ivy vulnerability: How does it put IoT devices at risk?
A gSOAP flaw was found in an Axis Communications security camera and branded the Devil's Ivy vulnerability. Learn how it threatens IoT devices with expert Nick Lewis. Continue Reading
By -
Answer
06 Sep 2017
How can enterprises secure encrypted traffic from cloud applications?
As enterprises use more cloud applications, they generate more encrypted traffic. Expert Matthew Pascucci discusses the challenges that presents for network security teams. Continue Reading
-
Feature
23 May 2017
Learn what breach detection system is best for your network
Breach detection systems are essential in these days of machine learning and artificial intellingence. Learn how to identify the features and functions your network needs. Continue Reading
By- David Geer, Geer Communications
-
Answer
28 Apr 2017
How does an active defense system benefit enterprise security?
Active defense systems work as deception techniques on private networks, but are they good for enterprise use? Expert Judith Myerson discusses some options. Continue Reading
-
Answer
17 Apr 2017
How does the PoisonTap exploit bypass password locks on computers?
The PoisonTap exploit can bypass password locks on computers, enabling an attacker to remotely control systems. Expert Nick Lewis explains how the attack works. Continue Reading
By -
Answer
06 Apr 2017
How serious is a malicious DLL file vulnerability for enterprises?
A flaw that allows attackers to load malicious DLL files in Symantec products was labeled as severe. Expert Michael Cobb explains the vulnerability and its classification. Continue Reading
By -
Answer
10 Mar 2017
Attack by TIFF images: What are the vulnerabilities in LibTIFF?
Attackers using crafted TIFF images can exploit flaws in the LibTIFF library to carry out remote code execution. Expert Michael Cobb explains how these vulnerabilities work. Continue Reading
By -
News
17 Feb 2017
Q&A: Digging into darknet technology with Farsight's Andrew Lewman
At RSAC, former Tor Project CEO Andrew Lewman explains the latest research into darknet technology and how that tech continues to evolve as an attack vector. Continue Reading
By- Peter Loshin, Former Senior Technology Editor
-
News
10 Feb 2017
Corero: Telecom carriers have fallen behind on DDoS defense
Corero Network Security's Dave Larson talks with SearchSecurity about how DDoS defense has changed and why telecom service providers have struggled to keep up with new threats. Continue Reading
By- Rob Wright, Senior News Director
-
Answer
02 Feb 2017
What are the best anti-network reconnaissance tools for Linux systems?
Anti-network reconnaissance tools can prevent attackers from getting access to system information. Expert Judith Myerson goes over the best enterprise options. Continue Reading
-
News
26 Jan 2017
Heartbleed bug still found to affect 200,000 services on the web
Researchers found the infamous Heartbleed bug is still unpatched on as many as 200,000 services connected to the internet and experts don't expect that number to change. Continue Reading
By- Michael Heller, TechTarget
-
Tip
24 Jan 2017
Monitoring outbound traffic on your network: What to look for
Outbound network traffic remains a weakness for many enterprises and is a major attack vector. Expert Kevin Beaver explains how to spot irregular occurrences in your network. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Buyer's Guide
21 Sep 2016
Wireless intrusion prevention systems: A buyer's guide
In this SearchSecurity buyer's guide, learn why it's important to have a wireless intrusion prevention system to protect your Wi-Fi networks and how to pick the right WIPS product. Continue Reading
-
Feature
29 Jul 2016
Mojo AirTight WIPS overview
Expert Karen Scarfone looks at the features and functionality of Mojo Networks' AirTight WIPS, a wireless intrusion prevention system designed to detect and block WLAN attacks. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Tip
18 May 2016
Why signature-based detection isn't enough for enterprises
Signature-based detection and machine learning algorithms identify malicious code and threats. Expert Michael Cobb explains how both techniques defend networks and endpoints. Continue Reading
By -
Tip
07 Mar 2016
What enterprises need to know about Internet traffic blocking
Traffic blocking by Internet carriers has stirred up some controversy in the security industry. Expert Kevin Beaver discusses the pros and cons of blocking network traffic. Continue Reading
By- Kevin Beaver, Principle Logic, LLC
-
Feature
14 Jan 2016
The business case for vulnerability management tools
Expert Ed Tittel describes business use cases for vulnerability management tools and examines how organizations of all sizes benefit from these products. Continue Reading
By -
Tip
21 Dec 2015
Why relying on network perimeter security alone is a failure
A network perimeter security strategy alone can no longer protect enterprises. Expert Paul Henry explains why organizations must adapt. Continue Reading
By- Paul Henry, SANS Institute
-
Feature
12 Nov 2015
Comparing the best intrusion prevention systems
Expert contributor Karen Scarfone examines the best intrusion prevention systems to help you determine which IPS products may be best for your organization. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Feature
28 Oct 2015
Three criteria for selecting the right IPS products
Expert contributor Karen Scarfone examines important criteria for evaluating intrusion prevention system (IPS) products for use by an organization. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Feature
20 Oct 2015
Enterprise benefits of network intrusion prevention systems
Expert Karen Scarfone explains how most organizations can benefit from intrusion prevention systems (IPSes), specifically dedicated hardware and software IPS technologies. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Feature
13 Oct 2015
The basics of network intrusion prevention systems
Expert Karen Scarfone explores intrusion prevention systems and their acquisition, deployment and management within the enterprise. Continue Reading
By- Karen Scarfone, Scarfone Cybersecurity
-
Tip
23 Feb 2015
Final five considerations when evaluating intrusion detection tools
Before making an investment in an intrusion detection and prevention system, be sure to read this list of five final considerations to keep in mind during intrusion detection system evaluation. Continue Reading
By -
Tip
23 Feb 2015
Introduction to intrusion detection and prevention technologies
Intrusion detection and preventions systems can be critical components to an enterprise's threat management strategy. Learn the history behind the technologies and why they are so important. Continue Reading
By -
Tip
20 Feb 2015
Evaluating enterprise intrusion detection system vendors
Selecting an intrusion detection and prevention system vendor can be a time-consuming task. Get help evaluating vendors and products with this list of must-ask questions. Plus, a comprehensive vendor list. Continue Reading
By -
Feature
03 Sep 2014
Introduction to Information Security: A Strategic-Based Approach
In this excerpt of Introduction to Information Security: A Strategic-Based Approach, authors Timothy J. Shimeall and Jonathan M. Spring discuss the importance of intrusion detection and prevention. Continue Reading
By- SearchSecurity and Syngress
-
Answer
11 Feb 2014
Why TCP traffic spikes with source port zero should sound an alarm
Are spikes in TCP traffic with source port zero warning signs that future attacks are imminent? Discover why enterprises should be concerned. Continue Reading
By -
News
19 Jun 2013
RSA Silver Tail improves online fraud detection, enterprise security
Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface. Continue Reading
By- Kathleen Richards, Features Editor
-
Answer
08 May 2013
Fiber optic networking: Assessing security risks
Matthew Pascucci discusses the potential security risks associated with fiber optic networking. Continue Reading
-
Quiz
07 Mar 2013
Quiz: Targeted attacks
Think you know a targeted attack when you see one? Check if you're up to speed and ready to protect your organization from this pernicious threat with this five-question quiz. Continue Reading
By -
Answer
30 Jan 2013
How to implement firewall policy management with a 5-tuple firewall
Matt Pascucci explains how to implement firewall policy management for 5-tuple firewalls when ports must be kept open for business reasons. Continue Reading
-
Answer
03 May 2012
Does .cc domain malware demand domain blocking?
Learn how to deal with .cc domain malware threats found within DNS traffic. Is domain blocking at the perimeter the best defense strategy? Continue Reading
By -
Tip
20 Dec 2010
ngrep: Learn how to find new malware with ngrep examples
In this video, Peter Giannoulis of the AcademyPro.com uses several ngrep examples to show how to find new malware that antivirus or IPS might not pick up on with this free tool. Continue Reading
By- Peter Giannoulis, Contributor
-
Answer
11 Aug 2009
Port scan attack prevention best practices
While it's impossible to prevent against all port scanning attacks, there are best practices for port scanning security (such as a port scanning firewall) that can keep your network secure. Expert Mike Chapple weighs in. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Feature
24 Jul 2009
Rogue AP containment methods
Wireless network monitoring systems are quickly moving from detection alone to detection and prevention. In particular, many now provide options to "block" rogue devices, preventing wireless or wired network access. This tip explores how these containment features work, their potential side-effects, and what network administrators should consider before activating them. Continue Reading
-
Tip
07 May 2009
Do you need an IDS or IPS, or both?
Cut through the hype and learn the differences and benefits of intrusion detection and prevention systems. Continue Reading
By- Joel Snyder, Opus One
-
Answer
14 Apr 2009
How to analyze a TCP and UDP network traffic spike
What does it mean when TCP and UDP network traffic spikes? Network security expert Mike Chapple explains what this means for enterprise network security management. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Answer
09 Jan 2009
What is the cause of an 'intrusion attempt' message?
Have you ever received a message from your endpoint security product stating that an intrusion attempt has been blocked? Mike Chapple gives three possibilities for the alert's likely cause. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Answer
13 Jun 2008
How to hide system information from network scanning software
Network scanning software is capable of obtaining sensitive system information. Mike Chappel explains how implementing various firewalls can stop intrusive software in its tracks. Continue Reading
By- Mike Chapple, University of Notre Dame
-
Tip
17 Mar 2008
Intrusion detection system deployment recommendations
Before you take the time and effort to deploy an IDS, consider this advice. Continue Reading
By- Edward Yakabovicz, Contributor
-
Answer
09 Apr 2007
How can hackers bypass proxy servers?
Hackers are bypassing proxy servers all the time and doing so for a variety of reasons. In this SearchSecurity.com expert Q&A, Ed Skoudis points out the holes in your protective filtering tools. Continue Reading
By- Ed Skoudis, SANS Technology Institute
- Quiz 18 Jul 2005
-
Quiz
18 Jul 2005
Quick Quiz: Intrusion-prevention systems
Test your knowledge of intrusion-prevention systems (IPS) with these five multiple-choice questions. Continue Reading
-
Tip
05 May 2005
Where to place IDS network sensors
JP Vossen explains where to place IDS sensors. Continue Reading
By- JP Vossen, CISSP