29 InfoSec Resources You May Have Missed in April
At Exabeam, part of our mission is to help keep security professionals educated and informed on threat detection and incident response topics. In April, we created several resources for you. In case you missed them, here are 29 of our most recent pieces geared toward helping you mature your SOC and enhance your security posture with XDR and next-gen SIEM. Whether you’re a CISO or a security practitioner, there is something on this list for you.
1. Forrester TEI Study | Report
Exabeam commissioned Forrester Consulting to conduct a Total Economic Impact™ study to examine the measurable benefits six organizations achieved with Exabeam Fusion SIEM. In this study, you’ll read about how the Exabeam Fusion SIEM behavioral analytics-driven approach transformed Security Operations at these organizations by delivering a quantifiable return with ROI as high as 245%, and payback in under six months.
If there is a lesson to be learned from the onslaught of cyberattacks that have occurred in 2021, it is that no organization is immune from becoming a victim of an attack, intrusion, or breach. Adding to the challenges SOC teams face delivering cybersecurity to their organizations, is an executive view that this is entirely a cost center versus an enabler to the business. Although many leaders understand the need for robust cybersecurity, regrettably, it often takes a breach to get their attention.
This guide will provide an outline of how to communicate risk and how Exabeam can help reduce your risk exposure.
3. 6 Benefits of SIEM in the Cloud | Guide
Security Information and Event Management (SIEM) solutions have been around for more than 20 years in various incarnations. In the original SIEM models, the operational back end was entirely on-premises from the databases to the front-end applications, including user interfaces, case management features, and more. Whether home-grown SIEM or licensed SIEM from a vendor, there were always considerations from rack space to data storage costs, as well as other operational overhead. Download this guide to learn more about the advantages of cloud-delivered SIEM solutions.
With the dramatic rise in medical technology and the value of patient data, it’s no surprise healthcare organizations are increasingly finding themselves on the receiving end of cyberattacks. Not a title any industry is eager to hold, the healthcare industry has been designated as having the most cyberattacks.
Stolen credentials are a persistent problem that many organizations have yet to effectively solve. Frequently, credential-stuffing attacks occur wherein a threat actor successfully steals credentials, logs into the environment, and moves laterally to gain higher-level access. All activities have a singular focus: to access private data or high-value assets. The MITRE ATT&CK knowledge base provides information about tactics, techniques, and procedures (TTPs) used by threat actors that can help security teams build stronger security processes.
This guide will show you five ways to leverage Exabeam’s machine learning-powered solution to detect these activities through analytics, including mapping the activities to the MITRE ATT&CK framework.
When an organization decides to modernize a Security Operations Center (SOC) or implement a more formal security program, they must make a number of important decisions. What workbench will they use? Will the IT operate 24 hours a day? How will they resource the SOC? What team structure will they use? How long will it take for the SOC to become operational? Do they outsource any part of it? What do they do in the meantime?
Given the short tenures of many CISOs, it is quite likely that they might devote their entire time modernizing a SOC that they never get to see fully utilized. To that end, today’s CISO needs to seriously consider what a SOC modernization project looks like: a full-blown project or making smaller incremental changes that can drive fast improvements. Certainly, in some cases, a new CISO may find the SOC in such disrepair that the only option is to start from scratch, but that situation is an outlier.
7. The Challenges of Cybersecurity in Higher Education | Infographic
Colleges and universities are faced with balancing small cybersecurity teams and limited budgets. This balance is challenged even more by the large number of regulations they are required to adhere to. This infographic displays how Exabeam helps with these challenges.
8. Top Trends in Cybersecurity 2022 | Report
The endlessly expanding digital footprint of modern organizations is driving this year’s top cybersecurity trends. Security and risk management leaders who understand these trends will be better able to address new risks and elevate their standing in their organizations.
Customers ask for it; the vendor promises it; sometimes it’s delivered; often it’s not. It seems as though the SIEM market has been full of these unkept promises, and security operations teams pay the ultimate price. Whether an organization is deploying a SIEM for the first time or has an established system in place not meeting their needs, they do share a common goal: to establish a cybersecurity practice that provides not only protection, but value for their investment. So when choosing a SIEM, you’ll want to select wisely so you can eliminate blindspots and respond to insider threats faster and more accurately.
To truly define the value in our Fusion SIEM, we have turned to an independent third-party analysis to validate what we’ve known all along. Known for their comprehensive research across industries, Forrester Consulting conducted a Total Economic ImpactT™ (TEI) study to examine the potential return on investment of Exabeam Fusion SIEM. Through their thorough interviews and financial analysis, Forrester found that the potential ROI from Exabeam customers is 245% over three years, with a payback period of less than six months.
Exabeam recently released a new and improved Auto Parser Generator. Automating your SOC is not an ingest-based problem; parsing out every possible log promotes a “garbage in/garbage out approach.” This will not work — security is an outcome-based problem driven by use cases essential to the business. Security analysts need the most help ingesting the appropriate logs and data to help detect threats and enable the expected security outcomes. This article will teach about parsers, common problems, and how Auto Parser Generator from Exabeam can help.
11. Mitigating Risk: How the Financial Services Sector Is Handling Today’s ForrCybersecurity Challenges | Blog
Like many industries, financial institutions face ongoing challenges from the threat of cybersecurity attacks. Attacks may come in the form of ransomware, credential theft, or fraud — all of which put customer assets at risk of theft and other issues. Not only does this harm customer relationships, but it can also cause permanent damage to your institution’s reputation, costing you future accounts.
On average, cybersecurity professionals spend 20.9 hours responding to a single security incident, according to the 2021 Voice of SecOps report. With new attacks surfacing every day, cybersecurity professionals need their SOC tools to be an asset to their day-to-day operations. Yet, many cybersecurity professionals are dissatisfied with their tools; the report states that 69% expressed a lack of confidence in their existing solutions.
Security solutions can be resource-intensive and difficult to manage, adding complexity to resource-strapped security teams. Instead, organizations need a solution they can rely on so that they can spend less time on management, and more time on what really matters — detecting and responding to threats.
13. Attack Beasts and How to Find Them | Blog
In a popular movie, ”Fantastic Beasts and Where to Find Them,” a character named Newt Scalamander said, “Worrying means you suffer twice.” Newt may have been an IT security guru in another life; there’s no point lying awake worrying, guessing what the next cyberattack is going to be. All you can be certain of is that it will come, and you want to be ready for it. We are used to blaming failures and incidents on insufficient patching or not staying up to date with software and libraries, and then there’s “that guy in sales that clicked on a malicious website.” Some have monetized the great fear of zero-days and exploits for sale on the dark web (a romantic name for non-indexed websites). Honestly, the vast majority of current attacks are based on existing public vulnerabilities and publicly posted exploit codes rather than secret zero-days sold on some evil villain’s .Onion or Tor site. This doesn’t make them any less deadly, but for the beast hunter — I mean security guru — knowledge, preparation, and having the right tools in your proverbial satchel can help you stop the beasts in their tracks.
Being a CISO is a collaborative existence. The CISO community is critical to attaining the role in the first place, as well as succeeding in it once you’ve gotten there. From attending events to connecting with other industry professionals online, having a strong network will help those who are searching for a job. And CISOs help each other by sharing knowledge from lessons learned in cyberattacks. So while it may seem like a breach is the worst possible thing that could happen, there are positive payoffs for the CISO and their information security risk management program. This article summarizes what Chris Wolski, the CISO of Port of Houston, discussed as a guest on The New CISO Podcast.
Security big data analytics, or cybersecurity analytics, helps security analysts and solution vendors do much more with log and event data. Legacy Security Information and Event Management (SIEM) solutions are limited to manually defining correlation rules, which are brittle, hard to maintain, and result in many false positives.
Machine learning techniques can help security systems identify patterns and threats with no prior definitions, rules, or attack signatures — and with much higher accuracy. However, to be effective, machine learning needs very big data. The challenge is storing more data, analyzing it in a timely manner, and extracting new insights.
16. A Four-Layered Approach to Malware | Blog
The best way to detect and respond to malware is to create a layered approach within your network and among your workforce. According to the MIT Technology Review, the number of zero-day exploits discovered in 2021 more than doubled the number discovered in 2020. The exponential increase in zero-days in 2021 was not attributable to better detection capabilities, according to the publication, but rather it was greater access to purchased zero-days by international hacking groups. Consultants and security vendors might assure you that your network is locked down against malware and ransomware threats, but no environment is completely secured against the unknown unknowns that zero-day attacks represent. There are a great many security solutions that protect against malware in many different ways. In this article, we’ll explore a multi-layered approach that allows us to use all the tools in our security toolkit to thwart the tools in a hacker’s toolkit. When it comes to malware events, security practitioners “gotta catch ’em all”, while hackers just have to get lucky once.
17. User and Entity Behavior Analytics | Blog
User and Entity Behavior Analytics (UEBA) is a category of security solutions that use innovative analytics technology, including machine learning and deep learning, to discover abnormal and risky behavior by users, machines, and other entities on the corporate network often in conjunction with a Security Information and Event Management (SIEM) solution.
UEBA can detect security incidents that traditional tools do not see because they do not conform to predefined correlation rules or attack patterns and span multiple organizational systems and data sources.
Before today’s user and entity behavior analytics (UEBA), security information and event management (SIEM) analytics had been about the design of rules — fact-based rules and correlation rules. These rigid, static, and deterministic rules are point-in-time, offering little protection against insider threats since they don’t consider dynamic behaviors of users and entities. Since 2014, when Gartner first coined the term “UEBA,” rules have evolved to now incorporate the concept of normal and abnormal behaviors. How this works is that the system builds behavior profiles or states from historical activities of users and entities. Then, a rule can trigger when the current behavior does not match the profiles. For example, a behavior profile may be a histogram tracking login counts from past countries the user came from. A current login event coming from a country that is never or rarely seen in the profile triggers an alert.
Discovering your organization has suffered a significant compromise or data breach due to rogue, negligent, or compromised insiders can be devastating. Regardless of the type of insider risk, security teams must have a plan in place that enables early detection and mitigation of breaches caused by them.
This amounts to more than just picking the right security solutions. It’s also a matter of defining and creating a security program that puts people, processes, and technology together to effectively defend against these kinds of threats — all the while with an eye to optimizing the resources they already have. This article goes over five steps to effectively identify insider threats:
20. Protect Personal Data With GDPR Compliance | Blog
The General Data Protection Regulation (GDPR) came into effect on May 25th, 2018. This legislation aims to provide a single body of legislation regarding data privacy laws, enforcing the protection and rights of individuals.
Any organization dealing with the personal data of European data subjects is bound by the rules of GDPR and is required to implement steps and technology solutions to ensure such data is properly handled and secured, including preventing data loss and reporting relevant data breaches to the appropriate authorities.
Organizations strive to protect their sensitive data and information. Many organizations allocate numerous resources to their cyber defensive measures and form a security operations center (SOC) to protect themselves against cyberattacks.
While cyberattacks are a threat to companies, they are not as common and, in some cases, not as dangerous as hard-to-detect insider threats. In this article, we provide you with information about insider threats, including what they are, the indicators that can help you detect them, and the best tools to provide protection against them.
22. Exabeam’s Cloud-based Security Operations Platform Improves Insights and Efficiency for BBS | Blog
Is it possible to integrate log management with a small staff? This was a question Japan’s Business Brain Showa-Ota Inc. (BBS) team asked when they started exploring a better way to secure their organization. Listed on the Tokyo Stock Exchange, BBS provides services ranging from consulting, sales intelligence (SI), and business establishment to system maintenance/operation and business process outsourcing (BPO). After conducting a routine information security assessment, IS General Manager Hitoshi Uehara began a search for a platform for monitoring, analyzing, managing, and accumulating multiple log files. After assessing many SIEM products, BBS discovered Exabeam fulfills its need without replacing equipment or adding additional personnel.
23. Fantastic Attack Types and How to Find Them | Blog
With cyberattacks on the rise, it is vital to understand the different types of attack beasts and what tools are needed to stop them or mitigate the damage they can cause. This article goes over the topics covered in a recent webinar, Fantastic Attack Types and How to Find Them, where Jeannie Warner, CISSP, Director of Product Marketing at Exabeam, and Randeep Gill, Principal Sales Engineer at Exabeam and certified Beast Hunter Trainer, discuss the different ways attackers enter environments and the tools needed to mitigate damage from cyberattacks.
One of the key benefits of a Security Information and Event Management (SIEM) platform with User and Entity Behavior Analytics (UEBA) is the ability to solve security use cases without needing to be a data scientist. The platform masks the underlying complexity of data science so that Security Operations Center (SOC) staff can focus on keeping the enterprise safe from attacks. But if you’ve wondered what exactly is going on under the hood, this article provides a high-level overview of how Exabeam Security Management Platform (SMP) uses data science to address one of the most important and elusive use cases: insider threat detection.
Insiders are people who are trusted by the organization — employees or third parties, like contractors. If they sabotage business operations or steal intellectual property or sensitive data, the financial, regulatory, and reputational repercussions can bring huge fallout. The big problem for SOCs is that insiders are authorized to use IT resources. Conventional security tools using legacy correlation rules offer little detection power to distinguish when someone’s apparently authorized actions have malicious intent.
A key part of being a successful leader is ensuring that employees feel comfortable being their real selves — each person brings something unique to the workplace. This article goes over the topics discussed in an episode of The New CISO podcast, where Azzam Zahir, Global Director of Insider Threat and Security at General Motors, discusses the following:
- How to review people and give feedback
- The value of mentorship
- The importance of diversity and inclusion
- The types of people to look for in a team
- Career tips for his younger self
In this article, we introduce the basics of incident response and discuss Security Orchestration, Automation and Response (SOAR) — a tool that makes incident response more efficient, more effective, and more manageable at scale.
Residents participating in a neighborhood crime watch lookout for signs of suspicious activity. A new car parked on the street is probably the first thing to register in a resident’s mind. Other hints like the time of day, what the driver carries, or how they loiter all add up before one decides whether to call the police. A User and Entity Behavior Analytics (UEBA) system works much the same way, with various statistical indicators jointly working together for insider threat detection. Just like seeing a new car on the street in a neighborhood watch, a frequently deployed indicator among UEBA vendors is whether a user accessed a network entity for the first time, be it a machine, a network zone, or an application. Indeed, alerts from this indicator correlate well with malicious insider or compromised account activities. This makes sense, particularly for the detection of lateral movement where an adversary is new to the network, accessing multiple entities for the first time.
The annual cost of detecting and resolving insider threats averaged $15.38 million in the US, up 34% from 2020, according to the 2022 Ponemon Cost of Insider Threats Report. Large organizations often spend more than small ones to mitigate insider incidents, with negligence accounting for about two-thirds of the incidents. Careless employees or contractors are typically the worst offenders. The Ponemon report also found that 26 percent of incidents actually involved a malicious insider with criminal intent, and 18 percent of those involved stolen credentials — nearly double since the last study.
Ponemon confirms what you likely already know: the frequency and cost of insider threats of all types are rapidly increasing. Yet such a study exposes only known data regarding insider incidents. Within the 278 organizations surveyed, how many incidents went undetected? There is no way to know for sure, but frequently cyber threats and incidents go undetected and unreported — sometimes for years. What is known is that it’s likely your organization faces possible exposure to insider threats — and it’s probably larger than what you’ve anticipated.
Learn how cybercriminals exploit the weakest link in the security chain by manipulating users and employees, and why machine learning is critical for defending against social engineering techniques.
Social engineering is a cybersecurity threat that takes advantage of the weakest link in our security chain — our human workforce — to gain access to corporate network and cloud resources. Attackers use increasingly sophisticated trickery and emotional manipulation to cause employees, even senior staff, to surrender sensitive information. Learn about the latest types of social engineering threats and best practices to defend against them.
For more insights, register for our webinar, “The Responsibility of Risk”
You’ll learn about:
- How big tech should commit to support compliance and defenses
- The risk responsibility by mandate – what needs to change in your organization?
- How state and federal regulations can be met in a programmatic way
- Road stories – how Exabeam structures cybersecurity and emergency response teams
Exabeam News Wrap-up – Week of September 5, 2022
The 4 Steps to a Phishing Investigation
Subscribe today and we'll send our latest blog posts right to your inbox, so you can stay ahead of the cybercriminals and defend your organization.
See a world-class SIEM solution in action
Most reported breaches involved lost or stolen credentials. How can you keep pace?
Exabeam delivers SOC teams industry-leading analytics, patented anomaly detection, and Smart Timelines to help teams pinpoint the actions that lead to exploits.
Whether you need a SIEM replacement, a legacy SIEM modernization with XDR, Exabeam offers advanced, modular, and cloud-delivered TDIR.
Get a demo today!