< ciso
brief />
Tag Banner

All news with #incident response tag

247 articles · page 5 of 13

Multi-vector attack forensics with Log Explorer platform

🔍 Cloudflare's Log Explorer centralizes 14 new datasets to give analysts correlated, edge-to-core telemetry for investigating multi-vector attacks. By combining HTTP requests, Firewall, Zero Trust access, IDS, DNS and gateway logs, teams can rapidly reconstruct reconnaissance, exploitation, and exfiltration chains. The platform reduces detection time and supports schema-driven ingestion for future data sources. It also improves ingestion latency and enables concurrent queries for faster, correlated forensics.
read more →

Germany enacts NIS-2 law; thousands register late now

🛡️ The German law implementing the NIS-2 directive came into force on 6 December 2025, introducing stricter incident reporting and registration requirements. The Bonn-based Federal Office for Information Security (BSI) reported a surge of more than 4,000 registrations in the final week before the deadline and expects further last-minute filings. Affected organisations must report significant incidents within 24 hours, provide updates within 72 hours and submit a final report after one month, with potential fines for serious violations.
read more →

Preparing Your SOC for Agentic AI: Four Key Actions

🤖 Organizations must prepare SOCs for agentic AI by reskilling staff, redesigning processes, and instituting governance to ensure safe autonomous operations. The piece explains that AI is already augmenting alert triage, enrichment, IOC validation and initial containment, and could soon handle more complex tasks like incident investigation and response. It recommends new roles—content engineers, data architects and orchestration platform engineers—and stresses auditability, least-privilege, red-teaming and clear approval thresholds for autonomous actions.
read more →

Preparation and Hardening for Destructive Cyberattacks

🛡️ This article outlines practical, scalable recommendations to prepare and harden environments against destructive malware, wipers, and modified ransomware. It emphasizes resilience through verified, immutable backups, out-of-band incident communication, and prioritized recovery plans. The post recommends strengthening external-facing assets with multi-factor authentication and continuous attack-surface discovery, protecting Domain Controllers and virtualization infrastructure, and applying network and cloud segmentation alongside tuned detections. It also highlights available detections in Google SecOps and Mandiant rule packs.
read more →

What Cybersecurity Actually Delivers for Business Value

🔒 Cybersecurity often looks uneventful when it succeeds, because routine controls quietly prevent incidents from escalating into business crises. Rather than just proving which disasters were avoided, security should be evaluated by what it enables: uninterrupted operations, customer trust, regulatory compliance and future growth. Operational services like MDR extend continuous detection and response to smaller organisations, reducing attacker dwell time and improving resilience.
read more →

CPR Act: Check Point's Unified Full Lifecycle Security

🛡️ Check Point Services has launched CPR Act, an expert-led unit that unifies security across the full lifecycle with continuous intelligence, coordinated action, and measurable outcomes. The service addresses fragmented products and visibility gaps by connecting research, monitoring, and response so each phase feeds the next. A dedicated team of researchers, analysts, and responders delivers clear, research-based insight for decisive action.
read more →

CrowdStrike Earns NCSC CIR Assurance for Incident Response

🛡️CrowdStrike has been independently assessed and assured against the UK National Cyber Security Centre’s CIR Standard. The CrowdStrike certification confirms independent evaluation of provider capability, technical competence, and service delivery for incident handling across the UK and Europe. It reinforces the company's incident response services—breach response, retainers, and resilience work—powered by the Falcon platform.
read more →

Automating Security Decisions to Counter AI-Driven Attacks

🔒 Security experts warn that defenders must embrace greater automation to keep pace with AI-powered attacks that operate at machine speed. Recent research, including CrowdStrike findings showing average breakout times falling to 29 minutes (and as fast as 27 seconds), highlights the urgency. Industry leaders recommend automating routine SOC work and responses to known threats while reserving humans for novel, high-risk incidents. Cultural shifts and revised risk appetites will be required to enable faster, autonomous mitigations.
read more →

Five Ways Broken Triage Raises Business Risk and Remediation

🛡️ Triage often increases organizational risk when investigators make decisions without execution evidence, when outcomes vary by analyst seniority, or when manual steps and escalations slow response. The article outlines five specific failures—lack of early evidence, seniority-dependent quality, slow time-to-decision, over-escalation, and repetitive manual work—and recommends execution-driven fixes such as using ANY.RUN interactive sandboxing to produce fast, observable behavior that enables evidence-backed verdicts, reduces rework, and shortens MTTR.
read more →

Boards Want Risk Signals, Not Just Cybersecurity Metrics

🔍Boards and security leaders must shift reporting from raw counts to risk signals that map to exposure, trajectory, and consequence. Metrics such as mean time to detect and mean time to contain translate technical activity into business impact and serve as proxies for loss avoided. Experts warn that countable metrics can obscure structural risk, near misses, and changing assumptions that boards must know. AI has not created new board-level metrics but amplifies visibility and governance gaps that directors need signaled.
read more →

Moving Cyber Defense from Reactive Response to Proactive

🔒 Organizations are shifting from reactive incident response to proactive cyber defense to anticipate and block attacks before they cause damage. Speakers from PwC and Microsoft highlighted AI-accelerated threats, phishing deepfakes, and a criminal supply chain of ransomware-as-a-service, urging layered controls, zero trust, multicloud resilience, and security by design. Microsoft's Defender for Cloud, integrated with Microsoft 365 and third-party tools and deployed with PwC services, automates detection and response to reduce exposure time and staffing burdens.
read more →

AWS Observability Added as Kiro Power for Faster MTTR

⚡ AWS announced that AWS Observability is now available as a Kiro Power, enabling AI agent-assisted workflows to speed investigation of application and infrastructure health issues. The power packages four MCP servers—CloudWatch, Application Signals, CloudTrail, and AWS Documentation—to supply contextual observability, tracing, security signals, and references. It also provides automated gap analysis to identify missing instrumentation and eight steering guides to accelerate incident response and observability improvements.
read more →

Cloudflare BYOIP BGP Withdrawal Outage — February 20, 2026

⚠️ On February 20, 2026, Cloudflare introduced a change to how it manages BYOIP addresses that triggered a cleanup sub-task to erroneously withdraw customer prefixes via BGP, causing connectivity failures for affected customers. About 1,100 prefixes (≈25% of BYOIP prefixes on the peer) were withdrawn, including a subset of one.one.one.one. Engineers reverted the change, restored configurations, and resolved the incident in roughly six hours; Cloudflare confirmed the issue was not due to malicious activity.
read more →

INTERPOL's Operation Red Card 2.0: Coordinated Disruption

🚨 Operation Red Card 2.0 demonstrates how synchronized public‑ and private‑sector action can disrupt transnational fraud. Between December 2025 and January 2026, authorities across 16 African countries used shared intelligence and operational coordination to identify victims, arrest operators, seize devices, and dismantle malicious infrastructure. Fortinet supported the effort through data contributions and the Cybercrime Atlas, helping turn intelligence into enforcement outcomes.
read more →

INTERPOL's Red Card 2.0: 651 Arrests in Africa Crackdown

🔍 A coordinated operation led by INTERPOL and the African Joint Operation against Cybercrime (AFJOC) arrested 651 suspects across 16 countries between December 8 and January 30. Authorities recovered over $4.3 million and identified 1,247 victims linked to schemes responsible for more than $45 million in losses. Investigators seized 2,341 devices, dismantled networks of fraudulent accounts and took down 1,442 malicious websites, domains, and servers.
read more →

Three Practical Intelligent Workflows for Security and IT

⚙️ Intelligent workflows combine automation, AI-driven decisioning, and human oversight to accelerate outcomes and reduce operational drag across Security and IT. This contributed piece presents three production-ready use cases — automated phishing response, AI agents for IT service requests, and vulnerability monitoring tied to CISA and Tenable — with pre-built templates to integrate into existing stacks. These Tines templates are designed to help teams prove value quickly while keeping humans in the loop and maintaining governance.
read more →

Context-Aware Cloud Forensics: Reconstructing Attacks

🔍 This webinar examines how modern cloud forensics replaces slow, manual log stitching with automated, context-aware investigation across transient infrastructure. You’ll learn why traditional incident response fails when compromised instances, rotating identities, and expiring logs erase evidence, and why three capabilities — host-level visibility, context mapping, and automated evidence capture — are essential. The session demonstrates real investigations where correlated signals rebuild full attack timelines in minutes, enabling faster scoping, clearer attribution, and more confident remediation.
read more →

Unit 42 Managed XSIAM 2.0: 24/7 Managed SOC Service

🔒 Unit 42 Managed XSIAM 2.0 delivers a 24/7 managed SOC built on Cortex XSIAM and operated by Unit 42 analysts, threat hunters, responders and SOC engineers. Designed to close the gap with machine-speed attacks, MSIAM 2.0 replaces alert-driven models with continuous detection, proactive hunting and ongoing engineering of detections, correlations and playbooks. The service supports native and third-party EDR telemetry, enables pre-authorized full-cycle remediation across endpoints, firewalls, identity and cloud, and includes a Breach Response Guarantee with up to 250 hours of Unit 42 incident response to streamline crisis containment and recovery.
read more →

UK Cyber Threat Shifts from Ransomware to Disruption

🔍 In 2025 the UK became the most targeted country in Europe, and the nature of attacks shifted dramatically. Where ransomware once dominated, attackers prioritized disruption over monetization, altering tactics and intent. Many organizations that hardened defenses for extortion found those assumptions outdated and exposures increased. Detection, response and business-continuity strategies must be reevaluated.
read more →

The Foundation Problem: Accountability in Cybersecurity

🔧 Cybersecurity suffers not from a true talent shortage but from a leadership and accountability gap. Many organizations recruit for experience instead of building it, accept surface‑level post‑mortems, and allow technical debt to accumulate into risk. Fixing this requires structured training, persistent follow‑through, and translating technical debt into business terms so leaders can demand action.
read more →