Security analytics and automation

Security analytics and automation provide enterprises the data needed to help defend against a barrage of cyber threats. A toolkit combining threat intelligence sharing and services with SIEM and SOAR systems as well as threat hunting is key to success.

Top Stories

News 02 Apr 2024
Microsoft Copilot for Security brings GenAI to SOC teams

Microsoft's latest AI-powered tool, now generally available, has been beneficial for security teams regarding efficiency, but infosec experts see some room for improvements. Continue Reading
Opinion 19 Mar 2024
Surprising ways Microsoft Copilot for Security helps infosec

Microsoft Copilot is the first of many GenAI tools that should help security leaders accelerate their program development and strengthen security postures. Continue Reading

Tip 14 Mar 2024

How to craft a generative AI security policy that works

The advent of generative AI threatens to poke additional holes in your cybersecurity strategy. Compiling a GenAI-based security policy to guide your responses can help. Continue Reading
News 29 Feb 2024

AWS on why CISOs should track 'the metric of no'

AWS' Clarke Rodgers believes that tracking the number of times CISOs say no to line-of-business requests will ultimately help them build a stronger security culture. Continue Reading
Opinion 27 Feb 2024

Threat intelligence programs need updating -- and CISOs know it

Most enterprise threat intelligence programs are in dire need of updating. Security executives need to formalize programs, automate processes and seek help from managed services. Continue Reading
News 14 Feb 2024

Microsoft, OpenAI warn nation-state hackers are abusing LLMs

Microsoft and OpenAI observed five nation-state threat groups leveraging generative AI and large language models for social engineering, vulnerability research and other tasks. Continue Reading
Tip 14 Feb 2024

What is cybersecurity mesh and how can it help you?

The concept of cybersecurity mesh could help solve and simplify issues created by multi-cloud deployments and the increase in remote work environments. Continue Reading
Tip 12 Feb 2024

Top metaverse cybersecurity challenges: How to address them

As the metaverse takes shape, companies must consider a slew of new cybersecurity challenges and how to deal with them. Continue Reading
Feature 25 Jan 2024

Top benefits and challenges of SOAR tools

To ensure successful adoption, IT leaders need to understand the benefits of SOAR tools, as well as potential disadvantages. Explore pros, cons and how to measure SOAR success. Continue Reading
Feature 23 Jan 2024

Top incident response service providers, vendors and software

Get help deciding between using in-house incident response software or outsourcing to an incident response service provider, and review a list of leading vendor options. Continue Reading
Tip 22 Jan 2024

Incident response automation: What it is and how it works

Many of today's security operations teams are understaffed and overwhelmed. Learn how incident response automation can help them work smarter, instead of harder. Continue Reading
Answer 17 Jan 2024

SOAR vs. SIEM: What's the difference?

When it comes to the SOAR vs. SIEM debate, it's important to understand their fundamental differences to get the most benefit from your security data. Continue Reading
Definition 31 Oct 2023

AI watermarking

AI watermarking is the process of embedding a recognizable, unique signal into the output of an artificial intelligence model, such as text or an image, to identify that content as AI generated. Continue Reading
Tip 27 Oct 2023

9 tips to measure and improve digital transformation ROI

Amid a rapidly changing business landscape and competing priorities, a compelling ROI is all the more critical to justify and secure funding for digital transformation projects. Continue Reading
News 24 Oct 2023

JPMorgan Chase CISO explains why he's an 'AI optimist'

Pat Opet, CISO at JPMorgan Chase & Co., discussed how the financial services giant invests in cybersecurity and where generative AI could provide game-changing benefits. Continue Reading
News 05 Oct 2023

IBM launches new AI-powered TDR Services

IBM followed its first AI-focused offering from April, QRadar Suite, with an MDR product -- Threat Detection and Response Services -- featuring AI capabilities. Continue Reading
22 Sep 2023

History and evolution of machine learning: A timeline

Machine learning's legacy dates from the early beginnings of neural networks to recent advancements in generative AI that democratize new and controversial ways to create content. Continue Reading
Feature 22 Sep 2023

How SOAR helps improve MTTD and MTTR metrics

By automating initial incident response tasks, SOAR can help SOC analysts improve MTTD and MTTR metrics and ensure they focus on true positive alerts. Continue Reading
Feature 22 Sep 2023

How to create a SOAR playbook in Microsoft Sentinel

Using automation through tools such as SOAR and SIEM can improve incident response alert efficiency. One automated feature analysts can use is the SOAR playbook. Continue Reading
News 21 Sep 2023

IT pros react to blockbuster $28B Cisco-Splunk deal

Cisco goes through with its long-rumored acquisition of Splunk for security and observability. But the two aren't necessarily a perfect fit, according to some industry observers. Continue Reading
Definition 15 Sep 2023

What is machine learning and how does it work? In-depth guide

Machine learning (ML) is a type of artificial intelligence (AI) focused on building computer systems that learn from data. The broad range of techniques ML encompasses enables software applications to improve their performance over time. Continue Reading
News 23 Aug 2023

Google launches AI-powered data classification for Workspace

Available now in preview, the new capability can automatically label files across a customer's Drive environment to protect data from exposure and exfiltration. Continue Reading
Tip 11 Aug 2023

Evaluate the risks and benefits of AI in cybersecurity

Incorporating AI in cybersecurity can bolster organizations' defenses, but it's essential to consider risks such as cost, strain on resources and model bias before implementation. Continue Reading
News 10 Aug 2023

Trend Micro discloses 'silent threat' flaws in Azure ML

During a Black Hat 2023 session, Trend Micro researchers discussed several vulnerabilities they discovered in Azure Machine Learning that allow sensitive information disclosure. Continue Reading
News 10 Aug 2023

Researchers put LLMs to the test in phishing email experiment

A Black Hat USA 2023 session discussed an experiment that used large language models to see how effective the technology can be in both detecting and producing phishing emails. Continue Reading
News 09 Aug 2023

Generative AI takes center stage at Black Hat USA 2023

About one year after generative AI launched into the spotlight, the technology is showing early signs of potential for security at Black Hat USA 2023 in Las Vegas. Continue Reading
News 09 Aug 2023

Tenable launches LLM-powered ExposureAI product

ExposureAI will be integrated into Tenable One, the vendor's encompassing exposure management platform, and is the latest cybersecurity produce to employ large language models. Continue Reading
News 07 Aug 2023

Google to discuss LLM benefits for threat intelligence programs

Large language models are the backbone of generative AI products launching in the security space. Google will discuss how best to integrate the technology at this week's Black Hat USA. Continue Reading
News 01 Aug 2023

Experts expect Sumo Logic match post-New Relic acquisition

New Relic and Sumo Logic were both taken private by the same firm, as consolidation -- and attrition -- continues among observability tools. Continue Reading
Guest Post 28 Jul 2023

Intersection of generative AI, cybersecurity and digital trust

The popularity of generative AI has skyrocketed in recent months. Its benefits, however, are being met with cybersecurity, digital trust and legal challenges. Continue Reading
Opinion 26 Jul 2023

Security hygiene and posture management: A work in progress

Security hygiene and posture management may be the bedrock of cybersecurity, but new research shows it is still decentralized and complex in most organizations. Continue Reading
News 19 Jul 2023

Microsoft to expand free cloud logging following recent hacks

Microsoft faced criticism over a lack of free cloud log data after a China-based threat actor compromised email accounts of several organizations, including some federal agencies. Continue Reading
News 19 Jul 2023

Chainguard automates SBOMs, but has Images-based agenda

Container images, that is. Chainguard Enforce now automates SBOMs, but execs and an early customer say they aren't the ultimate answer to software supply chain security. Continue Reading
News 18 Jul 2023

Splunk AI update adds specialized models for SecOps tasks

Splunk AI updates this week included specialized models for SecOps that detect and automatically respond to common issues such as DNS exfiltration and suspicious processes. Continue Reading
Tip 12 Jul 2023

The history, evolution and current state of SIEM

SIEM met the need for a security tool that could pinpoint threats in real time. But new threats mean that the next evolution of SIEM will offer even more firepower. Continue Reading
News 12 Jul 2023

Chainalysis observes sharp rise in ransomware payments

The rise in total ransomware payments so far this year is a reversal of the decline Chainalysis saw in 2022, when payments fell sharply to $457 million from $766 million in 2021. Continue Reading
Opinion 11 Jul 2023

Top developer relations trends for building stronger teams

Learn about enterprise trends for optimizing software engineering practices, including developer relations, API use, community building and incorporating security into development. Continue Reading
News 27 Jun 2023

ChatGPT users at risk for credential theft

As ChatGPT's user base continues to grow, Group-IB says threat actors have exploited stolen accounts to collect users' sensitive data and professional credentials. Continue Reading
Opinion 21 Jun 2023

How AI benefits network detection and response

Interest in security tools with AI is growing as security leaders uncover AI's potential. One area that could especially benefit from AI is network detection and response. Continue Reading
News 21 Jun 2023

Critical VMware Aria Operations bug under active exploitation

Reports of exploitation for a critical command injection flaw in VMware Aria Operations for Networks came roughly a week after a researcher published a proof-of-concept for it. Continue Reading
News 13 Jun 2023

AWS shuffles DevSecOps deck with CodeGuru Security SAST

A new DevSecOps service links AWS security code scanning to third-party pipeline tools, potentially a shot at GitHub Copilot that increases overlap with AWS SAST partners. Continue Reading
News 08 Jun 2023

Sysdig CNAPP runtime threat detection wins over BigCommerce

Sysdig's fast, comprehensive data collection, now part of a larger CNAPP product, sealed the deal with the e-commerce company. Next, it might replace vulnerability management tools. Continue Reading
News 07 Jun 2023

What generative AI's rise means for the cybersecurity industry

ChatGPT's moment in cybersecurity is significant for both technological and marketing reasons. Security analysts and experts have their own reasons why. Continue Reading
Definition 05 Jun 2023

security analytics

Security analytics is a cybersecurity approach that uses data collection, data aggregation and analysis tools for threat detection and security monitoring. Continue Reading
Opinion 10 May 2023

2023 RSA Conference insights: Generative AI and more

Generative AI was the talk of RSA Conference 2023, along with zero trust, identity security and more. Enterprise Strategy Group analyst Jack Poller offers his takeaways. Continue Reading
Definition 09 May 2023

application blacklisting (application blocklisting)

Application blacklisting --increasingly called application blocklisting -- is a network or computer administration practice used to prevent the execution of undesirable software programs. Continue Reading
Podcast 02 May 2023

Risk & Repeat: Security industry bets on AI at RSA Conference

This podcast episode covers the focus on AI-powered security products and uses at RSA Conference 2023 in San Francisco last week, as well as other trends at the show. Continue Reading
News 28 Apr 2023

ChatGPT uses for cybersecurity continue to ramp up

The use of OpenAI's technology in cybersecurity products is growing as companies look to improve threat detection and assist short-staffed and fatigued security teams. Continue Reading
News 27 Apr 2023

Secureworks CEO weighs in on XDR landscape, AI concerns

Secureworks CEO Wendy Thomas talks with TechTarget Editorial about the evolution of the threat detection and response market, as well as the risks posed by new AI technology. Continue Reading
Definition 27 Apr 2023

key performance indicators (KPIs)

Key performance indicators (KPIs) are quantifiable business metrics that corporate executives and other managers use to track and analyze factors deemed crucial to the success of an organization. Continue Reading
News 25 Apr 2023

RSAC panel warns AI poses unintended security consequences

A panel of experts at RSA conference 2023 warned of hallucinations and inherent biases but also said generative AI can assist in incident response and other security needs. Continue Reading
News 25 Apr 2023

Rising AI tide sweeps over RSA Conference, cybersecurity

AI is everywhere at RSA Conference 2023, though experts have differing views about why the technology has become omnipresent and how it will best serve cybersecurity. Continue Reading
News 24 Apr 2023

IBM launches AI-powered security offering QRadar Suite

IBM aims to use QRadar Suite's AI features, which it calls the 'unified analyst experience,' to enable security analysts to focus on higher-priority work. Continue Reading
Tip 12 Apr 2023

How to prevent deepfakes in the era of generative AI

Businesses must be ever vigilant in detecting the increasingly sophisticated nuances of deepfakes by applying security techniques that range from the simple to the complex. Continue Reading
News 11 Apr 2023

Recorded Future launches OpenAI GPT model for threat intel

The new OpenAI GPT model was trained on Recorded Future's large data set and interprets evidence to help support enterprises struggling with cyberdefense. Continue Reading
Tutorial 10 Apr 2023

Automate firewall rules with Terraform and VMware NSX

In this hands-on tutorial, learn how infrastructure-as-code tools such as Terraform can streamline firewall management with automated, standardized configuration of firewall rules. Continue Reading
Opinion 06 Apr 2023

Top RSA Conference 2023 trends and topics

Enterprise Strategy Group's Jack Poller outlines his picks for getting the most out of the 2023 RSA Conference, from keynotes to startups, AI, innovation and more. Continue Reading
News 28 Mar 2023

Microsoft launches AI-powered Security Copilot

Microsoft Security Copilot is an AI assistant for infosec professionals that combines OpenAI's GPT-4 technology with the software giant's own cybersecurity-trained model. Continue Reading
Definition 23 Mar 2023

forensic image

A forensic image (forensic copy) is a bit-by-bit, sector-by-sector direct copy of a physical storage device, including all files, folders and unallocated, free and slack space. Continue Reading
Tip 21 Mar 2023

4 ChatGPT cybersecurity benefits for the enterprise

As OpenAI technology matures, ChatGPT could help close cybersecurity's talent gap and alleviate its rampant burnout problem. Learn about these and other potential benefits. Continue Reading
News 07 Mar 2023

Vishing attacks increasing, but AI's role still unclear

The volume of vishing attacks continues to rise. But threat researchers say it's difficult to attribute such threats to artificial intelligence tools and deepfake technology. Continue Reading
Definition 24 Feb 2023

sudo (su 'do')

Sudo is a command-line utility for Unix and Unix-based operating systems such as Linux and macOS. Continue Reading
News 22 Feb 2023

How hackers can abuse ChatGPT to create malware

ChatGPT's capabilities for producing software code are limited. But researchers have observed cybercriminals bypassing the chatbot's safeguards to produce malicious content. Continue Reading
Definition 21 Feb 2023

AWS Key Management Service (AWS KMS)

AWS Key Management Service (KMS) is a managed service provided by Amazon Web Services (AWS) that allows companies to create, control and manage the cryptographic keys that encrypt and protect their data. Continue Reading
News 16 Feb 2023

Dynatrace security AI roots out Log4j, sets tone for roadmap

Dynatrace must prove itself beyond application security, but its AI's effectiveness against the Log4j vulnerability has some customers receptive to its product expansion plans. Continue Reading
News 14 Feb 2023

Cribl Search marks fresh observability sortie for upstart

The Splunk nemesis begins new forays onto the turf of incumbent vendors with federated search that doesn't require data migration or indexing -- and big roadmap plans. Continue Reading
Opinion 08 Feb 2023

DevSecOps needs to improve to grow adoption rates, maturity

Organizations are adding security processes and oversight to DevOps, but there's still work ahead to truly marry cybersecurity with DevOps and create a functioning DevSecOps. Continue Reading
Tip 20 Jan 2023

How to select a security analytics platform, plus vendor options

Security analytics platforms aren't traditional SIEM systems, but rather separate platforms or a SIEM add-on. Learn more about these powerful and important tools. Continue Reading
Definition 27 Dec 2022

IT automation

IT automation is the use of instructions to create a repeated process that replaces an IT professional's manual work in data centers and cloud deployments. Continue Reading
Feature 19 Dec 2022

11 cybersecurity predictions for 2023

Analysts and experts have looked into their crystal balls and made their cybersecurity predictions for 2023. Is your organization prepared if these predictions come true? Continue Reading
Tutorial 07 Dec 2022

How to use Wireshark OUI lookup for network security

Wireshark OUI lookup helps cyber defenders, pen testers and red teams identify and target network endpoints -- and it can be accessed from any browser. Continue Reading
Opinion 02 Dec 2022

XDR definitions don't matter, outcomes do

Despite remaining confusion about what XDR is, security teams need to improve threat detection and response. ESG research revealed plans for increased XDR spending in 2023. Continue Reading
Opinion 02 Dec 2022

7 steps to implementing a successful XDR strategy

There's still confusion around what extended detection and response is, but it will play a key role in enterprise security. To successfully implement XDR, follow these steps. Continue Reading
Tip 17 Nov 2022

Industrial control system security needs ICS threat intelligence

Threat actors and nation-states constantly try to find ways to attack all-important industrial control systems. Organizations need specialized ICS threat intelligence to fight back. Continue Reading
Tip 31 Oct 2022

Why and how to use container malware scanning software

Malware is on the rise, and containers are potential attack vectors. Learn why it's crucial to check containers for vulnerabilities and compare container malware scanning tools. Continue Reading
News 25 Oct 2022

Cryptomining campaign abused free GitHub account trials

Cloud security vendor Sysdig uncovered the largest cryptomining operation it's ever seen as threat actors used free account trials to shift the costs to service providers. Continue Reading
News 19 Oct 2022

Mandiant launches Breach Analytics for Google's Chronicle

Mandiant Breach Analytics for Google Cloud's Chronicle marks a new product launch from the security giant after its acquisition by Google was completed last month. Continue Reading
Feature 12 Oct 2022

The history and evolution of zero-trust security

Before zero-trust security, enterprise insiders were trusted and outsiders weren't. Learn about the history of zero trust and the public and private sector efforts to adopt it. Continue Reading
Tip 01 Sep 2022

Cybersecurity budget breakdown and best practices

Once budget is secured, CISOs must figure out where it should be allocated -- as well as how to justify the costs. Get the lowdown on a cybersecurity budget breakdown here. Continue Reading
News 30 Aug 2022

VMware aims to improve security visibility with new services

Unveiled at VMware Explore, the company's new security services include Project Trinidad, Project Watch and Project Northstar. All three offer customer visibility enhancements. Continue Reading
Tip 22 Aug 2022

Why security chaos engineering works, and how to do it right

While 'chaos' doesn't sound like something software security managers would want, chaos engineering has an enticing amount of value when it comes to identifying potential threats. Continue Reading
Tip 10 Aug 2022

Compare SAST vs. DAST vs. SCA for DevSecOps

SAST, DAST and SCA DevSecOps tools can automate code security testing. Discover what each testing method does, and review some open source options to choose from. Continue Reading
News 08 Aug 2022

U.S. sanctions another cryptocurrency mixer in Tornado Cash

The U.S. Treasury Department issued sanctions against Tornado Cash, a cryptocurrency mixer accused of helping North Korea's Lazarus Group launder stolen funds. Continue Reading
Tip 01 Aug 2022

Top 10 UEBA enterprise use cases

The top user and entity behavior analytics use cases fall in cybersecurity, network and data center operations, management and business operations. Check out the risks. Continue Reading
Feature 01 Aug 2022

Proof of work vs. proof of stake: What's the difference?

Proof of work and proof of stake use algorithms to validate cryptocurrency on a blockchain network. The main difference is how they choose and qualify users to add transactions. Continue Reading
Definition 15 Jul 2022

user behavior analytics (UBA)

User behavior analytics (UBA) is the tracking, collecting and assessing of user data and activities using monitoring systems. Continue Reading
News 06 Jul 2022

5G networks vulnerable to adversarial ML attacks

A team of academic researchers introduced an attack technique that could disrupt 5G networks, requiring new ways to protect against adversarial machine learning attacks. Continue Reading
Tip 13 Jun 2022

11 open source automated penetration testing tools

From Nmap to Wireshark to Jok3r, these open source automated pen testing tools help companies determine how successful their security strategies are at protecting their networks. Continue Reading
Tip 07 Jun 2022

8 benefits of DevSecOps automation

DevSecOps automation can help organizations scale development while adding security, as well as uniformly adopt security features and reduce remedial tasks. Continue Reading
Tip 23 May 2022

Learn to work with the Office 365 unified audit log

Administrators who need to check on suspicious activities in the Office 365 platform can perform a unified audit log search to help with their investigation. Continue Reading
Definition 21 Apr 2022

security information management (SIM)

Security information management (SIM) is the practice of collecting, monitoring and analyzing security-related data from computer logs and various other data sources. Continue Reading
Tip 20 Apr 2022

EDR vs. XDR vs. MDR: Which does your company need?

Explore the differences and similarities between EDR vs. XDR vs. MDR and the role they play to help improve behavioral analysis for better threat response. Continue Reading
Tip 14 Apr 2022

The benefits and challenges of managed PKIs

Managing a public key infrastructure is a difficult task. Discover the benefits and challenges of PKI as a service to determine if managed PKI would benefit your organization. Continue Reading
News 07 Apr 2022

Government officials: AI threat detection still needs humans

At the Ai4 Cybersecurity Summit, infosec professionals from CISA and the state of Tennessee discussed the promise and potential obstacles of AI for threat detection. Continue Reading
News 01 Apr 2022

Zimperium acquired by Liberty Strategic Capital for $525M

Zimperium is the latest cybersecurity investment for Liberty Strategic Capital, a private equity firm founded by former Treasury Secretary Steven Mnuchin. Continue Reading
Guest Post 28 Mar 2022

The benefits and challenges of SBOMs

While software bills of material present new challenges for security teams, they offer the benefits of improved visibility, transparency and security. Continue Reading
Tip 25 Mar 2022

Review Microsoft Defender for endpoint security pros and cons

Microsoft wants to make Defender the only endpoint security product companies need, but does the good outweigh the bad? Read up on its features and pitfalls. Continue Reading
Tip 15 Mar 2022

How to secure NetOps initiatives using Agile methodology

As more NetOps teams implement Agile methods, network and security testing must be part of a holistic approach that involves developers, networking and security teams working together. Continue Reading
Answer 10 Mar 2022

Use microsegmentation to mitigate lateral attacks

Attackers will get into a company's system sooner or later. Limit their potential damage by isolating zones with microsegmentation to prevent lateral movement. Continue Reading
Tip 23 Feb 2022

How to use PKI to secure remote network access

Public key infrastructure is a more secure option than password-based or multifactor authentication. Learn how those benefits can extend to remote employees and access. Continue Reading
Opinion 17 Feb 2022

Shifting security left requires a GitOps approach

Shifting security left improves efficiency and minimizes risk in software development. Before successfully implementing this approach, however, key challenges must be addressed. Continue Reading
Feature 08 Feb 2022

Pros and cons of manual vs. automated penetration testing

Automated penetration testing capabilities continue to improve, but how do they compare to manual pen testing? Get help finding which is a better fit for your organization. Continue Reading