Part 1: Critical severity threats and MITRE ATT&CK tactics In the ongoing battle to defend your organization, deciding where to dedicate resources is vital. To do so efficiently, you need to have a solid understanding of your local network topology, cloud implementations, software and hardware assets, and the security policies in place. On top of that, you need to have an … [Read more...] about Threat Landscape Trends: Endpoint Security
Endpoint
MITRE ATT&CK: The Magic of Endpoint Protection
In our first blog, we introduced the Magic of Mitigations. They’re the key to getting started with MITRE ATT&CK. Now let’s look at some of the most magical ones, starting today with Behavior Prevention on Endpoint (M1040), Exploit Protection (M1050) and Execution Prevention (M1038). Wait, what’s the difference? At a quick glance, they might all sound about the same. So … [Read more...] about MITRE ATT&CK: The Magic of Endpoint Protection
Getting more value from your endpoint security tool #5: Querying Tips for Vulnerability & Compliance
Thank you for tuning in to the fifth and final installment of this blog series. As I stated in my previous blog posts on orbital advanced search, my father was an automobile mechanic. More specifically, he was a “brakes and front-end mechanic”. On several occasions, Pops would point out the wear on a set of tires and would tell me that either the car was out of alignment, … [Read more...] about Getting more value from your endpoint security tool #5: Querying Tips for Vulnerability & Compliance
Getting more value from your endpoint security tool #4: Querying Tips for IT Operations
As the son of a retired automotive mechanic, the lessons my father taught me are still just as important today. As I mentioned in my previous post about Orbital Advanced Search, “Pops” was always teaching me something. This time it was to always clean the tools after every job, maintain the tools that need oil, etc., and to always keep your tools organized neatly in the … [Read more...] about Getting more value from your endpoint security tool #4: Querying Tips for IT Operations
Getting more value from your endpoint security tool #3: Querying Tips for Incident Investigation
Have you ever looked around the house for a specific tool to complete a task? And, after looking high and low, even scouring through that bottomless “junk drawer,” you were unsuccessful locating it. Then, you decide to just use what you have readily available. You know, using that flathead screwdriver as a chisel or a prybar, which inevitably breaks because you did not use the … [Read more...] about Getting more value from your endpoint security tool #3: Querying Tips for Incident Investigation
Finding the malicious needle in your endpoint haystacks
Accelerate Threat Hunts and Investigations with Pre-Curated Complex Queries Security teams often lack the ability to gain deep visibility into the state of all their endpoints in real time. Even with a bevy of tools at their fingertips, once an incident occurs, conducting investigations can be likened to searching for a needle in a haystack. Teams struggle to make well informed … [Read more...] about Finding the malicious needle in your endpoint haystacks
Relentless Breach Defense Endpoint Protection Platform + Endpoint Detection and Response
As evasive and complex as today’s threats have become, it’s no wonder security professionals in organizations of all sizes are ripping out their legacy antivirus completely in favor of Endpoint Protection Platforms (EPP) and Endpoint Detection and Response (EDR) technologies. Endpoint Protection Platform (EPP) delivers next generation antivirus that stops today’s complex … [Read more...] about Relentless Breach Defense Endpoint Protection Platform + Endpoint Detection and Response
How CrowdStrike’s Vision Redefined Endpoint Security
The CrowdStrike® “Vision” video features Co-founders George Kurtz, CEO, and Dmitri Alperovitch, CTO, offering a look at the driving forces that led them to create CrowdStrike beginning with their realization that an entirely new approach to endpoint security was needed. This blog focuses on Kurtz as he talks about what compelled him and Alperovitch to embark on this path and … [Read more...] about How CrowdStrike’s Vision Redefined Endpoint Security
Using CESA to Solve Endpoint Blindness for a World Class InfoSec Team
Cisco has an amazing set of products like AMP for Endpoints and Cisco Umbrella protecting devices from advanced malware threats. There were other user and endpoint scenarios that remained unsolved until we introduced the new Cisco Endpoint Security Analytics (CESA) solution that was recently announced. CESA provides an unprecedented level of endpoint and user networking … [Read more...] about Using CESA to Solve Endpoint Blindness for a World Class InfoSec Team
Find What Your Endpoint Anti-Malware is Missing with CESA Built on Splunk
There are many aspects to securing an endpoint beyond finding the malware on it. What do you know about the behavior of your endpoints? Can you track anomalous traffic? Can you tell what the applications and other software processes are up to? What is happening when the device is off the corporate network? Has a user or device evaded endpoint security measures? With insight … [Read more...] about Find What Your Endpoint Anti-Malware is Missing with CESA Built on Splunk