SIEM features

Must-Have Features of a Modern SIEM

Initially, Security Information and Event Management (SIEM) solutions were readily adopted because of their capability to provide actionable insights into the deep corners of an organization’s network. Legacy SIEM systems helped in understanding when and where security incidents are happening in real-time. Soon enough, these SIEM systems faced an avalanche of false positives, and they required a dedicated team to filter out irrelevant alerts.

Following this, we saw the emergence of next-generation SIEM solutions that provide functionalities and features that were not available with legacy or first-generation SIEM solutions. In this article, we demonstrate the features of a modern, next-gen SIEM solution.

Continue reading

How to Initiate a Threat Hunting Program?(Part 2)

How to Initiate a Threat Hunting Program (Part 2)?

6.   Responding to Threat or Vulnerability

In the previous steps, analysts have gathered enough data to answer their hypothesis. Two types of situations can occur. Either the real threat is found or the vulnerability is detected. In both cases, analysts action is necessary. The analysts must respond immediately when a real threat is identified. However, if there is any vulnerability, they should also resolve this before it becomes a really big nightmare.

Continue reading

How to Initiate a Threat Hunting Program (Part 1)?

Over the past many years, cyber threats have become greater in frequency and more sophisticated than ever. Current security mechanisms are based on traditional reactive approaches such as antivirus programs and firewalls who react once the incident has occurred. Under such circumstances, intruders have a chance to compromise your network either partially or entirely. In order to prevent this situation from happening, security practitioners initiate a threat hunting program as a vital part of their Security Operation Center (SOC).

Continue reading

How to Automate Threat Hunting?

Security Orchestration Use Case: How to Automate Threat Hunting?

Threat hunting is the practice of iteratively and proactively hunting for threats or Advanced Persistent Threats (APT) that are launched by adversaries. Unlike traditional security systems such as antivirus program, firewalls, or SIEM, who use a reactive approach to threats, threat hunting utilizes a proactive approach to pursuing threats even before they compromise organization’s network or IT infrastructure.

Continue reading