Exabeam News Wrap-up – August 8, 2022

We’ll be regularly bringing you a summary of Exabeam’s key topics and headlines. Stay up to date with the Exabeam News Wrap-up!

Twilio Discloses a Data Breach Resulting From Stolen Employee Credentials

Jeannie Warner, director of product marketing at Exabeam, sees the recent Twilio breach as a cautionary tale about the dangers of phishing:

“There are many public and commercial data providers that offer blacklisting services or databases for potential phishing domains/URL lookups. However, like any signature-based approach, newly-crafted phishing URLs cannot be identified this way. New machine learning approaches can actually flag a suspicious phishing URL previously unknown to blacklist data providers and should be considered by frequently targeted industries, such as technology and communications providers. Innovative organizations need a modern approach to securing their environments in order to spot these types of attacks quickly. To help achieve this, machine learning-powered SIEM, automated investigation and response tools, and UEBA technology should absolutely be part of their security stack.”

Why Does Every Hack Involve Stolen Credentials? Because It Works Every Time

At enterprises today, cybersecurity teams are narrowly focused on addressing exploits. In addition to monitoring security alerts and incident data, security teams scan technology company news and software releases for information about new vulnerabilities that need to be patched. At the same time, they’re likely paying experts to monitor online criminal marketplaces to understand the latest threats that are being productized and weaponized. All of this data helps these experts quickly evolve their strategies and reduce their company’s attack surface.

This model, unfortunately, is broken. It’s more than likely that the adversary is already hiding within the network, and equally as likely that they got in with stolen, now compromised, credentials.

The Benefits of Building a Mature and Diverse Blue Team

Red teams include many roles ranging from penetration testers to attackers and exploit developers. These roles attract most of the buzz, and the many certifications revolving around these roles (OSCP, OSEP, CEH) make them seem fancy. Movies usually make hackers the heroes, while typically ignoring the defending side, the complexities and challenges of blue teamers’ roles are far less known.

While blue teams’ defending roles might not sound as fancy and gather little to no buzz, they include essential and diverse titles that cover exciting and challenging functions and, finally, pay well. In fact, Hollywood should look into it!

XDR Alliance Launches CIM and Celebrates One Year

In honor of the XDR Alliance’s one-year anniversary, the Alliance has announced its Common Information Model (CIM), which provides the broader cybersecurity industry with a common foundation for understanding, normalizing, getting deeper visibility into, and enriching log data across technologies to provide organizations with simplified integration and a more holistic picture of their environments.

Exabeam Spotlight22 to Debut Product Innovations Live from New York at NASDAQ MarketSite

We have announced the upcoming date for our fifth annual users’ conference, Spotlight22, which will take place in person and be broadcast worldwide to Exabeam global customers, partners, and employees live from the NASDAQ MarketSite in New York on Oct. 17, 2022. Attendees will see and experience the latest security information and event management (SIEM) and behavioral analytics product innovations.

Vote for Exabeam CMO Sherry Lowe for a SXSW Speaking Slot! 

Help select Exabeam CMO Sherry Lowe’s talk, “Breaking Cyber Ceiling — The Path to the C-Suite,” for a speaking slot at SXSW. 

Sherry has experienced firsthand how tough it can be for women to find their way to the C-suite in marketing — but she knows what the rewards for the industry could be if more women get on the path to the boardroom. In her talk, she plans to highlight how diversifying leadership in marketing or any field will benefit an organization in terms of recruitment, sales and future company success.

Stolen credentials are a persistent problem that many organizations have yet to effectively solve. Frequently, credential-stuffing attacks occur wherein a threat actor successfully steals credentials, logs in to the environment, and moves laterally to gain higher-level access. All activities have a singular focus: to access private data or high-value assets. The MITRE ATT&CK knowledge base provides information about tactics, techniques, and procedures (TTPs) used by threat actors that can help security teams build stronger security processes.

This guide will show you five ways to leverage Exabeam’s machine learning-powered solution to detect these activities through analytics, including mapping the activities to the MITRE ATT&CK framework.