Profile cover photo
Profile photo
Bricata Inc.
Hunt. Detect. Prevent Threats.
Hunt. Detect. Prevent Threats.


Post is pinned.Post has attachment

What is network threat hunting?

Most organizations have some sort of static detection in use. Often this is a combination of signature detection and rules-based detection tools aimed at detecting activity known to be malicious.

While these are necessary and catch much of the basic malware, sophisticated threat actors are aware of these measures – they understand how these tools work and are good at evading them. As such, hunting becomes a method to find an activity that isn’t being detected.

Why conduct threat hunting?

1) To find unknown malicious activity.

2) Threat hunting can improve static detection.

3) Threat hunting can improve professional development.

The full post is well worth a read!

#cybersecurity #threathunting #IDS #IPS #NGIPS
Add a comment...

Post has attachment
Intrusion detection doesn’t get the attention like other security trends such as deception or identity. However, it is still a proven, if not essential, part of a layered security posture.

It’s a segment of the security market that’s prime for modernization because the threat landscape has evolved so much. For example, modern intrusion detection deploys sensors that capture metadata rich enough to get started with threat hunting.

Here are seven trends we see shaping intrusion detection technology.

#cyber #security #intrusion #detection #trends
Add a comment...

Post has attachment
Sophisticated attacks are managed by sophisticated threat actors. This is the catalyst behind threat hunting – the idea that in a zero-trust environment threats are already inside the network waiting for the perfect moment to initiate an attack.

To find these hidden threats, security analysts use a combination of threat intel, data and intuition to examine areas of interest.

#threathunting #networksecurity
Add a comment...

Post has attachment
Earlier this year, we rounded up 20 security predictions for 2018 from across the industry. As we are nearing the halfway mark of the year, we thought it might be useful to revisit those predictions and see how they were panning out.

Here we look back at the first three predictions – and the last three – because we made those and have continued to follow the trendline on them. All 20 predictions have been transformed into the infographic below for your review.

Prediction #1: Ransomware would evolve into blackmail.
Prediction #2: End users will still be the weakest part of security.
Prediction #3: Identify verification services expand to banks.


Prediction #18: CFOs demand smarter spending on IT security.
Prediction #19: Network behavioral analysis emerges as a cornerstone.
Prediction #20: Standalone IDS and IPS go back to the future, but better.

#cybersecurity #infographic
Add a comment...

Post has attachment
Not long ago we had the opportunity to submit the Bricata product for a review that was published on CSO Online The reviewer, John Breeden II, has a long list of reviews he’s completed for the publication.

But that’s not all.

For those that have been around the cybersecurity community in the greater Washington, DC area for a while, Mr. Breeden previously ran the lab at Government Computer News for the better part of 15 years.

It’s pretty obvious he has looked under the hood, or so to speak, of a lot of technology tools and excels at distilling what these tools do in a simple and concise manner.

It’s because of his experience, we find this review doubles as a useful reference for security organizations seeking to improve processes and skills too.

Indeed, this review serves as more than just a demonstration of product capabilities – it also serves as an outline for how a security operations center (SOC) can begin hunting threats with a familiar tool the staff already know and use.

#threathunting #IDS #IPS #networksecurity #cybersecurity
Add a comment...

Post has attachment

#DevOps and the challenge of security vs. efficacy.

Large healthcare organizations typically have teams of developers building or improving applications for the business.

Often these teams work in #cloud environments because it provides the means to standup simulated test environments quickly.

#Security is continuously challenged to provide the flexibility they need to get the work done while also ensuring high standards.

Add a comment...

Post has attachment
Cloud presents security issues, that as an industry, we still need to work through collectively. In other words, security needs to be baked into the strategic IT plan – it can’t be an afterthought any longer.

#cloud #security
Add a comment...

Post has attachment
When new cyber threat intel is published, security professionals need the ability to compare new threats against existing, or previously recorded, data. This is because threats may have slipped into the infrastructure long before being identified.

#IDS #threathunting #cybersecurity
Add a comment...

Post has attachment
What is Bro? Bro is an open source software framework for analyzing network traffic that is most commonly used to detect behavioral anomalies on a network for cybersecurity purposes.

Bro provides capabilities that are similar to network intrusion detection systems (IDS), however, thinking about Bro exclusively as an IDS doesn’t effectively describe the breadth of its capabilities.

This is because Bro enables security operations centers (SOC) to do much more – including performing incident response, forensics, file extraction, and hashing among other capabilities.

#IDS #IPS #cybersecurity #networksecurity
Add a comment...

Post has attachment
The refrigerator was internet-enabled, a recent evolution of the internet of things (IoT). Unfortunately, the product was rushed to market and security was merely an afterthought. That’s how a refrigerator winds up as the weakest link in enterprise network security.

The malware got in through that device the night before and spread to other devices in the home, including the home office. When the remote worker logged into the corporate network through a VPN the next day, the malicious code has successfully gained entry to the enterprise, and it began to spread laterally.

That’s the nightmare scenario that keeps folks like John Pirc up at night. It hasn’t happened yet, but he thinks it’s coming and he’s doing everything he can to help businesses prevent it.

The co-author of three books on cybersecurity and the director of product management for the Managed iSensor IPS product for Secureworks, he’s put a lot of thought into the economics of security, threat forecasting and the adaptability of cybersecurity products.

We had the good fortune of catching up with him for an interview by phone and posed several questions we think will be of interest to the community here.

#IoT #cybersecurity
Add a comment...
Wait while more posts are being loaded