< ciso
brief />
Tag Banner

All news with #threat hunting tag

75 articles · page 2 of 4

Supercharged Security: Responding to Frontier AI Risks

🔐 AI is compressing the timeline of cyber risk, turning vulnerabilities that once took weeks to exploit into issues weaponized in hours, while also enabling defenders to analyze and mitigate faster. Fortinet has used AI in FortiGuard Labs since 2015 and now leverages generative and frontier models—including early access to Anthropic’s Mythos preview—to scale code analysis, threat hunting, and automated remediation. The recommendation is clear: embed AI across development, detection, and response, shorten mitigation cycles with automation and virtual patches, and design systems for continuous, integrated security.
read more →

How AI Is Reshaping Threat Detection and Response Now

🔍 Artificial intelligence is transforming how security teams detect and hunt threats by processing vast telemetry at scale, correlating noisy signals, and surfacing behavioral anomalies faster than traditional tools. Organizations report efficiency gains—often 40–50% on lower-tier SOC tasks—as AI automates alert triage, log review, documentation, and evidence collection. Vendors say AI reduces alert fatigue by clustering and prioritizing incidents, but experts stress a human-in-the-loop approach and strong governance to avoid amplifying weak security practices.
read more →

Tabletop Exercises Grow Up: AI Transforms Cyber Drills

🤖 Traditional tabletop exercises build shared understanding, clarify escalation paths and satisfy compliance, but they often test knowledge of a plan rather than the ability to execute it. The authors—experienced facilitators—note scripted injects and calls to “suspend disbelief” reveal a gap between documentation and operational reality. AI agentic capabilities can simulate adaptive adversaries and reactive stakeholders, turning static scenarios into dynamic, consequence-driven drills. Even so, skilled facilitators and a judgment-focused post-mortem remain essential.
read more →

Shifting to Proactive Cyber: Disruption Over Passive Defense

🔒 The White House's new cyber strategy and recent moves by major tech firms mark a clear shift from reactive defense toward proactive cyber, emphasizing disruption of adversaries earlier in the attack chain. Industry leaders frame this as the legal, intelligence-driven use of takedowns, litigation, public exposure of tools, and product hardening to impose cost and friction on attackers. While large platform providers can act at scale, enterprises are urged to focus on fundamentals, share telemetry, and support coordinated disruption rather than conduct offensive operations themselves.
read more →

How to Evaluate AI SOC Agents: 7 Gartner Questions

🔍 Gartner's new guidance outlines seven focused questions security teams should ask when evaluating AI SOC agents, urging outcome-driven assessments rather than feature demos. The research highlights the need to measure improvements in TDIR and MTTC, assess vendor viability and pricing, verify deep integrations with SIEM/EDR/SOAR/identity stacks, and confirm that agents transparently augment analyst skills rather than merely shifting workload. Prophet Security is cited as an example of a platform emphasizing explainable investigations and non-centralized integrations.
read more →

How Google Does It: Inside Look at Cybersecurity Practices

🔐 This collection from Google Cloud offers a behind-the-scenes look at how Google approaches modern cybersecurity challenges, from fundamentals to AI. Across practical essays and expert perspectives, it covers modernizing threat detection, building AI agents for defense, red teaming at scale, vulnerability management and supply chain controls like Binary Authorization. The pieces emphasize operational rigor, the application of SRE to security, and a commitment to Secure by Design principles to help defenders adopt scalable, enterprise-ready practices.
read more →

Why CISOs Should Embrace AI-Powered Honeypots Today

🛡️ AI-driven honeypots pair large language models with deception servers to create dynamic, realistic environments that keep attackers engaged longer and collect richer threat intelligence. Academic research by Dr. M. Abdullah Canbaz and others showed LLMs can parse traffic and handle complex Linux commands, prompting open-source and commercial efforts such as Beelzebub and Deutsche Telekom’s T-Pot. These systems significantly lower the cost and engineering effort of high-interaction deception while enabling deployment in novel locations like APIs and AI agents. However, defenders must balance benefits with risks—attackers are using AI to automate attacks and may develop countermeasures such as deception-detection services or data poisoning—so CISOs should view AI honeypots as a complement to existing sensors and an important tool for improved visibility and hunting.
read more →

Google Named Leader in IDC MarketScape for SLG Security

🔒 Google has been named a Leader in the IDC MarketScape: U.S. State and Local Government Professional Security Services 2025–2026 assessment. The recognition highlights Mandiant integration with Gemini AI and Google’s secure, AI-optimized infrastructure to accelerate detection rule generation, attacker script analysis, and incident investigations. The report also notes Mandiant’s full incident lifecycle support—including crisis communications, legal coordination, and board-level reporting—delivered across engagements with Fairfax County, the State of Nevada, and the University of Hawaii.
read more →

AI, Zero Trust and Modern Security Require Visibility

🔍 Modern security frameworks — including AI, automation, and Zero Trust — depend on deep, trustworthy visibility to function effectively. An October 2025 Forrester study commissioned by NETSCOUT reports that 72% and 69% of organizations view NAV and packet-level visibility as essential to threat hunting, detection, and incident response. Omnis Cyber Intelligence offers packet-level fidelity, behavioral analytics, unified hybrid visibility, context-rich metadata, and retrospective investigation to strengthen detection, validation, and safe automation.
read more →

Rethinking the Human Layer: Farmers vs. Mercenaries

🛡️ Employees are commonly labeled "the last line of defense," but this article argues that such expectations misplace responsibility. The real human layer is the trained security team—CISOs, SOC analysts and threat hunters—whose capacity is being consumed by high false-positive volumes and noisy user-reporting. Organizations should reduce alert noise, improve tooling and restore analyst capacity rather than relying on broader awareness programs.
read more →

Using AI to Turn the Tables on Malicious Agents and Defend

🤖 AI accelerates attackers' ability to craft targeted social engineering, but defenders can leverage the same capabilities to create decoy personas and AI-generated employees that attract malicious profiling tools. By planting social posts, CVs, emails, and messaging accounts for fictitious staff, teams can detect reconnaissance, update IP/URL blocklists, and treat any interaction with those accounts as hostile telemetry. This approach turns attacker tooling into a source of actionable threat intelligence and enables rapid blocking and investigation.
read more →

Hands-On with NDR: Using Corelight Investigator in SOC

🧭 I spent a day using Corelight's Investigator NDR to learn how network detection and response supports SOC workflows. The interface prioritized high-risk detections, showed packet-level evidence and MITRE ATT&CK context, and let me dig into suspicious DNS, reverse shells, and exploit tool activity. Built-in GenAI provided step-by-step investigative actions, and integrations with SIEM, EDR and firewalls demonstrated how NDR enriches and correlates network telemetry for faster triage.
read more →

Purple Teaming Must Evolve: Focus After Detection Now

🛡️ Purple teaming has become transactional and shallow, creating a false sense of security. Standard engagements often highlight the bypass or the “win” without exploring what happens next, leaving invisible omissions that matter most under pressure. Two mature organizations were deeply compromised despite apparent controls, and embedded AI did not change the outcome. The article argues for rehearsal, co-ownership, and a shift to outcome-driven, systems-level thinking.
read more →

Human-AI Feedback Loop Powering Agentic Security at Scale

🔁 CrowdStrike describes a continuous human-AI feedback loop that pairs expert analysts with agentic AI to detect, investigate, and contain threats at machine speed. Human-annotated telemetry from Falcon Complete and Adversary OverWatch trains and reinforces models such as Charlotte AI, improving triage accuracy and reducing investigator effort. The system emphasizes analyst-validated reasoning to handle novel tradecraft and minimize false positives.
read more →

Schrodinger's Cat and the Enterprise Security Paradox

🔒 Many security leaders live with a practical paradox: the organization that appears secure on paper often coexists with a messier, attacker-facing reality. The author uses Schrödinger’s cat to show that without direct observation—alerts, correlated logs, or third-party findings—you cannot know whether you are safe or compromised. The piece reframes security as an observation problem, urging measurement of telemetry coverage, operationalized threat hunting, and cultural change that rewards surfacing ambiguity rather than hiding it.
read more →

Profiling Cloud Threat Actors via MITRE-Mapped Alerts

🔎 Unit 42 demonstrates a practical method to map cloud alert events to MITRE ATT&CK tactics and techniques and use the resulting alert patterns as operational fingerprints for known threat actors. The study examined alerts from cloud providers, containers, cloud-hosted applications, and SaaS across 22 industries between June 2024 and June 2025. Comparing cybercrime actor Muddled Libra and nation-state group Silk Typhoon, researchers found distinct, identifiable alert fingerprints and recommend proactive monitoring and mitigation, including Cortex Cloud runtime detection.
read more →

Shadow Campaigns: Global State-Aligned Cyber Espionage

🔎 Unit 42 details a newly tracked, state-aligned cyberespionage group labeled TGR-STA-1030 that has targeted government and critical infrastructure across 37 countries. The report documents coordinated phishing using a Diaoyu loader, exploitation of known N-day vulnerabilities, and a transition from Cobalt Strike to Go-based C2 frameworks. It also describes a bespoke Linux eBPF rootkit, ShadowGuard, and provides actionable IoCs (IPs, domains, hashes) to support defenders.
read more →

Practical Value of Cyberthreat Attribution in Defense

🔎 Analysts often stop at sandboxing and blocklisting, but that approach fails against targeted, multi-stage intrusions. Attribution — linking artifacts to known groups — enables defenders to find related tools, tactics and IOCs and to prioritize remediation. Using the Kaspersky Threat Intelligence Portal, the article shows how TTP correlation, YARA rules and SIEM signatures can accelerate containment and reduce false positives.
read more →

How risk culture makes cyber teams predictive and resilient

🔍 Forecasting in cybersecurity is framed as disciplined habits and clear choices rather than guesswork. The author argues teams trapped in constant incident mode must build a risk culture where weak signals and near misses are captured, named, and acted on without fear. Practical steps include lightweight near-miss logs, explicit decision rights, concise behavioral standards, and a steady operating rhythm of weekly reviews, monthly scenario practices and quarterly tests to shift from reflexive response to proactive foresight.
read more →

73% of CISOs Now Prefer AI-Enabled Security Solutions

🛡️Foundry’s Security Priorities Study finds 73% of security decision-makers are now more likely to consider a security solution that uses artificial intelligence, up from 59% a year earlier. CISOs plan to deploy AI for malware and threat detection, anomaly detection, real-time risk prediction, IAM, DLP, automation of responses, and improved visibility. Respondents cited faster detection of unknown threats, accelerated response times, and lower analyst workload. Experts caution against vendor hype, data-quality issues, hallucinations, and governance gaps, and recommend building AI-ready security data platforms.
read more →