Top 12 Posts from the Exabeam Blog

If your schedule has been like ours, it’s been a quick start to the new year for us and before the year gets away we’d like to highlight and share the most notable posts from last year. These articles cover Exabeam capabilities, remote work and security research.

Editor’s choice: An Incident Investigator’s Cheat Code

This post stood out among the many great articles and addressed an issue that’s important to security professionals across all industries and experience levels. It was written by Anthony Randazzo, who has more than a decade of experience in cybersecurity. Currently, Randazzo serves as manager of global response at Expel, a SOC-as-a-service provider that provides 24/7 detection, response, and resilience to its clients.

Randazzo’s article, An Incident Investigator’s Cheat Code, discusses the value of endpoint detection and response (EDR) tools for SOC analysts. With EDR tools, analysts get a timeline of events that they can review to investigate incidents. He describes how Expel uses EDR tools to learn more about security incidents, taking us step by step through an incident that happened on their system.

Readers’ choice: Advanced Analytics Use Case: Detecting Compromised Credentials

In this post, Keith Buswell and Andy Skrei describe how Exabeam helped a client detect and investigate an incident that used MITRE ATT&CK techniques.

Credential stuffing attacks continue to be a common way for threat actors to steal credentials and move laterally by gaining higher level-privileges. In this case, Exabeam Advanced Analytics was installed with no customization and supported only by a straight Syslog feed from the customer’s existing SIEM into Advanced Analytics. Read Advanced Analytics Use Case: Detecting Compromised Credentials for details on how the events unfolded.

Must-reads

1. Securing Your Remote Workforce, Part 2: Detecting Unusual VPN Access and Best Practices to Secure VPN Services ­– For most of 2020 corporate employees worked remotely. This post helps businesses ensure their VPN access keeps their networks secure when users are working from home.
2. Disruptive Transformation: What Caterpillars Can Teach Us about Cybersecurity in the Pandemic Era ­– As the world prepares for life after the pandemic, one thing is clear: change is inevitable. In this post, Orion Cassetto uses the analogy of the caterpillar and its transformational journey to illustrate how companies can best adapt to those changes.
3. Detecting Credential Stuffing Attacks and Lateral Movement – Chris Tillet describes how credential stuffing attacks work and how to use user entity and behavior analytics (UEBA) user profiles to better detect anomalies.
4. How to Syslog Windows Logs for Free – Windows logs can be a goldmine of information. This post by Jim Chrisos steps you through how to gather the data you need from Windows events.
5. Securing Your Remote Workforce, Part 1: Detecting Phishing Scams Disguised as Updates – Phishing attacks continued in 2020 leveraging topical issues to gain access. This post describes how phishing attempts are growing more sophisticated and, therefore, tougher to spot.
6. 7 Tips for Successfully Onboarding Your Analysts – We didn’t forget about the talent challenges the industry continues to face. This post by Andy Skrei covers onboarding to help you ensure you retain those new hires.
7. Add Intelligence to Elastic’s SIEM with Exabeam – Elastic’s SIEM gives cybersecurity analysts a powerful tool to help you search and filter volumes of security data. Pramod Borkar explains how Exabeam added intelligence to further enhance Elastic’s SIEM capabilities.
8. Detecting SIGRed (CVE-2020-1350) with Exabeam – In July, Microsoft revealed a vulnerability in the Windows DNS server. Usha Narra describes how Exabeam detects the vulnerability, as well as offering alternative ways to detect it.
9. Exabeam 2020 Cybersecurity Survey Reveals Job Satisfaction Despite Stress and Opportunities for Change– Exabeam’s 2020 Cybersecurity Professionals Salary, Skills and Stress Survey takes an in-depth look at how cybersecurity analysts fared in 2020.
10. Exabeam 2020 State of the SOC Report: The SOC Practitioner’s Perspective In this post, Erik Randall looks at how analysts feel about hiring, skills, funding, and technologies based on findings in the Exabeam 2020 State of the SOC Report.

We hope you enjoy reading the posts on our list. If you haven’t already subscribed to the blog, consider signing up for security news, views and updates.