9 InfoSec Resources You Might Have Missed in September

At Exabeam, part of our mission is to help keep security professionals educated and informed on threat detection and incident response (TDIR) topics. In September, we created several resources for you. In case you missed them, here are nine of our most recent pieces geared toward helping you mature your security operations team or SOC and enhance your security posture with XDR and next-gen SIEM. Whether you’re a CISO or a security practitioner, there is something on this list for you.

1. A Crash Course on Security Analytics — And How to Spot Fake UEBA From a Mile Away | Blog Post

CISOs interested in having a better understanding of security analytics, such as machine learning or user and entity behavior analytics (UEBA), have limited — or shall we say poor — sources of information. They can only find either 1) technical and academic research papers that are a bit… dry, or 2) vendors’ marketing literature that usually equates advanced analytics with some type of magic wand that can “automagically” solve all the security problems in the world. This article aims to equip CISOs and cybersecurity directors with a base level of information to understand how security analytics can help them in a key pillar of their mission to make sure that the organization can efficiently detect, investigate, and respond to threats and incidents, as well as spot fake UEBA from a mile away. 

2. The New CISO Podcast Episode 74: “Success After CISO – How to Become Your Own Boss” with guest Aaron Bailey from The Missing Link  | Podcast

In this episode of The New CISO, Steve Moore is joined by Aaron Bailey, CISO and co-founder of The Missing Link. They discuss what it takes to start your own security business. Getting his first computer at eleven years old, Steve has always loved working with technology. Through explaining his professional journey, Steve shares the benefits and difficulties of being a cybersecurity founder. Listen to the episode to learn more about Aaron’s first job, joining an established startup, and success after being a corporate CISO.

3. The New CISO Podcast Episode 75: “Broad Knowledge is Power: Building a Better Security Team” with Bryan Willett  | Podcast

In this episode of The New CISO, Steve Moore is joined by Bryan Willett, CSO at Lexmark International, Inc., to highlight the importance of collaboration and team building. With more than two decades of experience, Bryan understands the CISO role and how to support your team. With this in mind, he shares what CISOs can do once they achieve this status to develop their skills further. Listen to the episode to learn more about transitioning into management, sharing your knowledge, and the benefits of diversity.

4. Supply Chain Breaches and OT/IoT Scenarios | Blog Post

Today, with international sourcing, the mixture of proprietary and open-source code, and enormous variability in vendor practices, it is nearly impossible to perfectly secure the enterprise’s supply chain borders. The list of supply chain attacks is long and infamous, and, of course, this applies to hardware as well: peripherals, networking equipment, and IoT devices. But in the end, the commonality to all IoT devices and supply chain attacks is the compromise of credentials and authentication, followed by abuses of network privileges in proliferation and spread. This blog post discusses highlights from our recent webinar, where Christopher Beier, Senior Product Marketing Manager, discussed supply chain attacks and provided steps to mitigation. 

5. Security Automation is Real. Science Fiction is Not  | Blog Post

Automation has great potential to alleviate many issues in cybersecurity, such as lack of qualified expertise and resources, too many alerts to deal with, and numbing approaches to solving boring problems. However, automation is not a binary proposition — yes, I have automation or no, I don’t have automation — but rather a phased journey that organizations must embark on, similar to a crawl, walk, run approach. This blog post discusses organizations’ automation journey and each of the phases in this maturity model.

6. The 4 Steps to a Phishing Investigation | Exabeam Security Research Team Blog Post

The most common initial attack vector is stolen or compromised credentials, averaging $4.5 million per breach, according to the 2022 Cost of a Data Breach Report. And the costliest initial attack vector was phishing, at an average of $4.91 million. Phishing emails are one of the most common ways attackers attempt to trick users into providing their user credentials and other information via links to websites that imitate legitimate ones. In this blog post, we’ll give some background on phishing and walk you through the steps involved in a phishing investigation.

7. Advanced SIEM and User Behavior Analytics Gives MTI a Clearer View of Risk Posture | Case Study 

MTI Ltd. wanted to strengthen its security measures and countermeasures to detect and manage all current and future environmental threats. The company’s security challenges centered around the inability to rapidly and efficiently monitor and analyze system user behavior and events. Their challenge started with handling event logs. These logs were kept for retrospective investigation rather than detection, and not managed centrally or analyzed for internal fraud. Previously, the company burned valuable time investigating acquired logs and matching them individually in an inefficient attempt to monitor network activity. Read the case study to learn how introducing the Exabeam SIEM solution platform positively impacted MTI Ltd.

8. The Top Three Cybersecurity Challenges Facing Cryptocurrency Exchanges and Custodians, and How to Address Them | Guide

Cryptocurrency-based crime, including cyberattacks, hit a new all-time high in 2021. External sources and compromised insiders continually threaten financial services and crypto trading companies. Defending against complex threats requires advanced tools, processes, and expertise to effectively monitor, detect, and respond. With Marcum Technology and Exabeam, you get a managed SOC team to detect, investigate, and respond to threats while providing industry-leading compliance. Read the guide to see how Marcum Technology and Exabeam can help with the top three challenges cryptocurrency exchanges and custodians deal with in wrangling cyberthreats.

9. 6 Ways Exabeam Delivers Better Security Outcomes Than Splunk | Guide

No security solution can prevent every attack, but some are definitely better than others. Exabeam delivers the best security outcomes for your organization because our innovative and market-leading solution is built for the evolving world of cyber threats. Built by security people for security people, it’s the SIEM that many organizations choose to replace Splunk. Download the guide now to see why Exabeam is the superior SIEM choice.

5 Tips for Modernizing a Security Operations Center

When an organization decides to modernize a security operations center (SOC) or implement a more formal security program, they must make a number of important decisions:

• What workbench will they use?
• Will the IT operate 24 hours a day?
• How will they resource the SOC?
• What team structure will they use?
• How long will it take for the SOC to become operational?
• Do they outsource any part of it?
• What do they do in the meantime?

CISOs must seriously consider what a SOC modernization project looks like: a full-blown project or making smaller incremental changes that can drive fast improvements? Download our guide where we will outline a pragmatic approach that a CISO can follow to make their security operations more efficient as quickly as possible.

Download the guide.