16 InfoSec Resources You Might Have Missed in May

At Exabeam, part of our mission is to help keep security professionals educated and informed on threat detection and incident response topics. In May, we created several resources for you. In case you missed them, here are 16 of our most recent pieces geared toward helping you mature your SOC and enhance your security posture with XDR and next-gen SIEM. Whether you’re a CISO or a security practitioner, there is something on this list for you.

1. Brute Force: Guide to Mitigating Attacks | Guide 

When executed successfully, a brute force attack gives the attacker access to the environment using legitimate credentials so they can freely move around to perform reconnaissance, establish footholds, identify vulnerabilities, and a myriad of other tasks associated with their ultimate objective. Read this guide for more information on common brute force attack challenges and five steps you can take to protect your organization.

2. Exabeam Expert as a Service Offering | Data Sheet

Finding skilled information security resources can feel like an impossible mission for many organizations. With such a unique skill set, these experts are in high demand. This situation leaves many organizations with understaffed security operations centers (SOCs), relying on their limited in-house security expertise to deploy, maintain, and use complex security stacks. The result? Organizations are vulnerable, dependent upon the few expert employees on their team. These risks lead many Chief Information Security Officers (CISOs) to explore different options to mitigate the risk and manage the lack of resources within their SOC. Learn how Exabeam’s Expert as a Service offering can help.

3. Exabeam Ingester for CrowdStrike | Solution Brief 

With threats constantly targeting end users, entities, and devices, EDR solutions are valuable tools for proactive threat detection, investigation, and protection. And, while endpoint data provides essential information about your security posture, it does not offer a complete picture for teams tasked with assessing all attack vectors. Read this solution brief to learn about the powerful combination of Exabeam and CrowdStrike, which uses endpoint visibility and behavioral analytics to bridge the gap between endpoint activity and other security and IT infrastructure tools.

4. Incident Response: 6 Steps, Technologies, and Tips | Blog

As the frequency and types of data breaches increase, the lack of an incident response plan can lead to longer recovery times, increased cost, and further damage to your information security effectiveness. This makes incident response a critical activity for any security organization. Read this article to learn about the six steps of incident response and five tips for success. 

5. What Can We Learn From the Lapsus$ Attacks? | Blog

Adversaries are persistent and clever, as demonstrated by recently documented breaches including T-Mobile and the SITEL Group. The attacks attributed to Lapsus$ have shed light on the importance of monitoring user credential activity. Read this article to learn more about the timeline of the Lapsus$ attacks and how behavioral analytics improves threat detection and incident response. 

6. User Behavior Analytics: The Key to Uncovering Insider and Unknown Security Threats | Blog

User Behavior and Entity Analytics (UEBA) is a category of cybersecurity tools that analyze the behavior of users and entities — such as routers, servers, endpoints, and other network devices — and apply advanced analytics to detect anomalies and malicious behavior. These can be used to discover security threats like malicious insiders and privileged account compromise, which traditional security tools cannot see. This article discusses the components and key capabilities of UEBA systems, and specific use cases demonstrating how behavioral analytics help key organizations.

7. You Can’t Defend What You Can’t See: The Top Three Questions for Every CISO | Blog

Based on actual conversations, Ralph Pisani, President at Exabeam, presents five CISO strategies that completely miss the moment and are worth rethinking. This article also explores the top three security operations questions every CISO must answer. 

8. A CISO’s Guide to Communicating Risk | Blog 

On average, it takes 212 days before a data breach is detected. Breaches can be astronomically costly and can cause you to face fines and reputational damage. Read this recap of a recent webinar in which Exabeam Senior Product Marketing Manager, Mike Moreno, talked with Exabeam CISO, Tyler Farrar, about the importance of CISOs being prepared for worst-case scenarios while driving the appropriate forms of communication with C-level executives. 

9. Top 3 Questions from the CISO’s Guide to Communicating Risk Webinar | Blog 

In addition to the above, Tyler Farrar took the time in this article to address the three most pressing questions we received in the “CISO’s Guide to Communicating Risk” webinar.

10. The Battle Against Insider Threats and Why You Need Behavior-based Cybersecurity Strategies | Blog

Insider threats are a growing concern for all organizations — one that is increasingly difficult to manage using conventional security technologies. Unlike other types of security threats, insider threats are complicated by the fact that only a few are caused by intentional malicious insiders — which include full and part-time employees, contractors, vendors, customers, interns, and others. This article details why insider threats require a comprehensive cybersecurity strategy.

11. Exabeam: A Multiplier for Any Zero Trust Strategy | Blog

There’s a lot of confusion in the market about what exactly is zero trust. Last year, the White House’s Executive Order recognized the need to adopt zero trust models across federal agencies. This article goes in-depth on zero trust capabilities versus products, the pillars of zero trust, how user behavior is central to zero trust, and how to engage the optimal Zero Trust Architecture.  

12. Log4j by Another Name. It’s Coming; How Can You Keep Pace? | Blog

For the last several months, the cybersecurity field has experienced multiple challenges as a result of the discovery of the Log4j vulnerability, part of the threat family of Remote Code Execution (RCE). While Log4j was new to us, we are very familiar with RCEs and their devastating impact. This article discusses other historical RCEs of note and how you can be prepared to detect and respond to Log4j, as well as have zero-day protection against whatever it’s called next time.

13. An Outcome-based Approach to Use Cases: Solving for Lateral Movement | Blog

Last year, we announced a set of new functionalities aligned across Exabeam’s products to solve specific security challenges. These new TDIR use case packages provide a powerful, prescriptive solution to help security operations teams improve workflows from collection to detection, investigation, and response using an outcome-based approach. This article covers why prescriptive use cases are necessary, the coverage for common threats, what lateral movement is, and how Exabeam can help. 

14. Dynamic Alert Prioritization Now Available in Exabeam Alert Triage | Blog 

Too many alerts, too little time. One of the most critical and time-consuming areas of a security operations analyst’s job is managing and triaging alerts. More than 25% of alerts investigated are false positives. Yet, if you are a team or analyst tasked with reviewing all alerts that have been triggered in your organization, you must treat them all as though they are a threat to your organization — investigating and chasing down alerts with no security significance that distract from responding to true threats. Learn about a new capability within Exabeam Alert Triage that automates security alert prioritization from outside vendors — the first step in triaging.

15. The Responsibility of Risk: Regulations, Certifications – What do Privacy and Data Security Mean? | Blog

At every organization, it is someone’s job to oversee the compliance and/or privacy programs relative to their products or services. In the software business, particularly security software, governance directives like SOC 2, ISO, and FedRAMP drive a compliance roadmap for new and upcoming programs. As more organizations embrace business transformation and cloud migration initiatives for both customers and vendors, keeping a close eye on changing compliance standards, measurements, and best practices are key to managing business risk. This article covers recent laws and directives, who owns risk, and gives actionable advice on strategies to employ and what your organization can do.

16. PCI Compliance: A Quick Guide | Explainer

The main goal of PCI compliance is to reduce the opportunities for attack. This involves using a secure Card Data Environment (CDE), and it applies regardless of whether you use your in-house environment or a third-party secure payment option. This is especially important for e-commerce sites, which rely exclusively on the transfer of payment card data through the internet. Read on to learn about the risks and consequences of PCI non-compliance.