XDR: What Does Extended Detection and Response Really Mean?

Posted by Andrew Maloney on Jul 26, 2021 10:33:53 AM

If you do a search for “extended detection and response,” you will find several different definitions. In general, Extended Detection and Response (XDR) focuses on either a single vendor being utilized to cover all the different areas of security or an open model that incorporates multiple vendors. However, by looking at analyst definitions and finding the commonalities, you can get a better sense of what XDR really means. 

Read More

Topics: XDR, Hybrid XDR, Open XDR

A New Paradigm to Meet the Executive Order Incident Response Mandate

Posted by Query.AI on Jul 18, 2021 11:25:04 PM

The Executive Order on Improving the Nation’s Cybersecurity (Executive Order) sets out an ambitious plan for enhancing federal agency and supply chain security. Covering everything from cloud-first initiatives to zero trust architecture, the Executive Order covers many topics. It will likely have a wider reach than just Federal Civilian Executive Branch (FCEB) agencies. For security operations center (SOC) teams, Section 6, “Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents,” has the most significant impact on their day-to-day activities. 

Read More

Topics: cybersecurity, SOC, NIST, data, National Institute of Standards and Technologies

Will XDR Help the Future of Modern SOC?

Posted by Andrew Maloney on Jul 8, 2021 12:15:00 AM

We’re all seeing the market buzz

Extended Detection and Response(XDR) is getting a lot of attention these days. Given two, leading endpoint detection and response (EDR) vendors, SentinelOne and Crowdstrike, recently announced acquisitions of Scaylr and Humio, respectively, it seems more vendors are making the daily pivot to enter the XDR market.

Read More

Topics: SOC, NDR, XDR, EDR, SIEM, NTA, UEBA, Hybrid XDR, Open XDR

Query.AI Named a 2021 Cool Vendor in the Gartner Cool Vendors in Security Operations

Posted by Dhiraj Sharan on Jun 30, 2021 12:00:00 PM

Today we are ecstatic to share that we have been recognized by Gartner as a Cool Vendor in Security Operations! [1] 

Read More

Topics: Gartner Cool Vendor, Security Operations

Attempting to Understand how Colonial Pipeline Attack was perpetrated

Posted by Sourav Ravish on Jun 7, 2021 12:06:23 PM

We, cybersecurity professionals, need to understand what happened in the Colonial Pipeline ransomware attack. Though internal details are not public, based upon what little we know from the media, let’s try to put ourselves in the shoes of the cybersecurity professionals who had to respond to this attack.

Read More

Topics: Cyber Security, cybersecurity, Cyber attack

What is threat hunting?

Posted by Craig Jorgensen on May 7, 2021 12:01:41 AM

The term threat hunting spawns different ideas and has different meanings for seemingly everyone you talk to. Understanding what threat hunting is will help you better equip your security teams to respond to alerts and mitigate risk. But is it basic triage of known indicators of compromise (IOC) in a proactive manner or some magical Jedi skill that only masters can summon and execute?

Read More

Topics: Cyber Security, cybersecurity, threat hunting, threat hunter

Top Challenges with Data Centralizing for Threat Investigations

Posted by Andrew Maloney on Apr 22, 2021 11:35:21 PM

Threat investigations are one of the most important tasks security analysts face today. To quantify the importance and complexity here are a couple of statistics from a recent IBM “Cost of a Data Breach Report 2020.”  According to the report, the average time to detect and contain a data breach caused by a malicious actor was 315 days. That's a long time. Additionally, we’ve all heard the saying that “time is money” well how about this? “Organizations that are able to contain a data breach in less than 200 days saved an average of $1.12 million compared to organizations that took more than 200 days to contain a breach,” that is pretty compelling.  

Read More

Topics: cybersecurity, incident response, Data Centralization, Centralizing Data

What is incident response?

Posted by Eric Parker on Apr 15, 2021 5:30:00 AM

 

Creating an incident response program and team is the core of any strong cybersecurity program. According to one 2020 report, 7 million data records are compromised every day. With a better understanding of incident response, you can mature your security posture to reduce data breach risks.

Read More

Topics: cybersecurity, incident response

Understanding Solarwinds, Microsoft Windows, VMware Attack of 2020

Posted by Craig Jorgensen on Mar 31, 2021 9:18:02 AM

An introduction of the supply chain attack caused in the Orion update protocol of the Solarwinds network management software suite of 2020.

Read More

Topics: Malware, cybersecurity, solarwinds

How Distributed Denial of Service (DDoS) Attacks Work

Posted by Craig Jorgensen on Dec 16, 2020 8:00:00 AM

Introduction

You might have read several of our other network security blogs covering topics that people in  the cybersecurity field need to know. Now is an excellent time to talk about Distributed Denial of Service (DDoS).

Read More

Topics: Distributed Denial of Service, DDoS