< ciso
brief />
Tag Banner

All news with #threat hunting tag

75 articles · page 3 of 4

Iran's Partial Internet Shutdown: Opportunity for Intel

🔍 The near-total internet blackout Iran imposed on January 8 may offer SOC teams a rare chance to observe and digitally fingerprint government-controlled traffic. Vendors argue that with residential and business noise silenced, remaining connections likely originate from state assets, making them high-confidence signals for threat modeling and short-term intelligence collection. Analysts caution, however, that sophisticated state actors can deceive attribution, legitimate government traffic may be benign, and routing artifacts often disappear once services are restored, so captured data should be treated as contextual input, not definitive proof.
read more →

Incident Response Perspectives with Terryn Valikodath

🔍 Terryn Valikodath, Senior Incident Response Consultant at Cisco Talos, describes a role that blends technical investigation with clear communication and proactive planning. He explains how his team balances developing incident response plans, running tabletop exercises and threat hunts with hands-on reactive investigations and remediation. Terryn highlights the reward of teaching through multi-day cyber range trainings and the satisfaction of helping organizations recover and build trust.
read more →

Seven Signs Your Cybersecurity Framework Needs Overhaul

🛡️ Cybersecurity frameworks require ongoing reassessment; this article highlights seven warning signs that your program may need substantial revision. Industry experts recommend adopting a dynamic detection-and-response model, integrating AI, and aligning frameworks to NIST while avoiding purely compliance-driven designs. Common problems include failing continuous monitoring, reactive alert triage, declining KRIs/KPIs, and recent incidents. Practical advice: schedule structured reviews, add interim check-ins, and rebuild when incremental fixes no longer suffice.
read more →

Fix SOC Blind Spots with Industry and Geo Threat Context

🔍 Modern SOCs frequently operate in a reactive mode, discovering threats only after incidents escalate. ANY.RUN's Threat Intelligence Lookup augments alerts with behavioral insight, infrastructure links, and sandbox observations so analysts can prioritize high-risk findings. Paired with continuous TI Feeds and industry/geographic attribution, teams reduce noise, speed triage, and tune detections to protect the business proactively.
read more →

Mandiant and ThreatSpace: Testing Real-World Resilience

🔒 Mandiant uses the ThreatSpace cyber range to recreate realistic corporate networks and adversary TTPs without risking production assets. The disposable, stateless environment—backed by Google Threat Intelligence Group and frontline Mandiant insights—lets teams miss indicators, exercise playbooks, and stress-test collaboration under crisis conditions. Paired with unscripted red team assessments, these services reveal operational gaps and drive rapid remediation.
read more →

NCSC Addresses Guidance Gap for Cyber-Deception Use

🛡️The NCSC published findings from an Active Cyber Defence 2.0 pilot that evaluated cyber-deception solutions across 121 UK organisations and 14 vendors. The report highlights barriers including inconsistent terminology, a lack of impartial guidance, difficulty producing outcome-based metrics, and risks from misconfiguration. The centre plans large-scale deployment of honeypots, honeytokens and cloud traps and urges planning, continual tuning and peer learning to realise benefits safely.
read more →

Schrödinger’s Cat and the Hidden State of Cybersecurity

🐱 The article argues organisations often exist in a 'pre-breach' or "quantum breach" state — effectively both breached and not until they observe their environments. It warns that perimeter-focused measures can be insufficient when attackers steal credentials or use social engineering, and that deploying EDR/XDR without skills can create signal overload. Connolly recommends vendor-led MDR services as a practical path to continuous detection, hunting and remediation.
read more →

Saved Searches Now Available in Google GTI and VirusTotal

🔍 The new Saved Searches feature is now live in Google Threat Intelligence (GTI) and VirusTotal, enabling analysts to store complex queries for reuse. Users can save multi-clause, tuned searches and share them with colleagues across their organization to preserve investigative logic and ensure consistency. The release includes public campaign searches from the #monthofgoogletisearch to help teams get started quickly.
read more →

Changing the Physics of Cyber Defense with Graphs Today

🔍 John Lambert of MSTIC argues defenders should model infrastructure as directed graphs of credentials, entitlements, dependencies and logs so they can trace the attacker’s “red thread.” He introduces the algebras of defense—graphs, relational tables, anomalies, and vectors over time—that let analysts and AI ask domain-specific questions like blast radius or path to crown jewels. Lambert also emphasizes preventative hygiene: asset and entitlement management, deprecating legacy systems, segmentation, and phishing-resistant MFA. He urges collaborative intelligence and AI-enabled tooling to shift advantage back to defenders.
read more →

Offensive Security Rises as AI Transforms Threat Landscape

🔍 Offensive security is becoming central to enterprise defenses as CISOs increasingly add red teams and institutionalize purple teaming to surface gaps and harden controls. Practices range from traditional vulnerability management and pen testing to adversary emulation, social engineering assessments, and security-tool evasion testing. Vendors are embedding automation, analytics, and AI to boost effectiveness and lower barriers to entry. While budget, skills, and the risk of finding unfixable flaws remain obstacles, leaders say OffSec produces the data-driven evidence needed to prioritize remediation and counter more sophisticated, AI-enabled attacks.
read more →

NETSCOUT Omnis Wins Overall Network Security Award

🔍 NETSCOUT’s Omnis Cyber Intelligence was named “Overall Network Security Solution of the Year” in the ninth annual CyberSecurity Breakthrough Awards. The platform delivers always-on, packet-based visibility using scalable deep packet inspection to continuously capture, analyze, and retain high-fidelity network metadata. Its on-sensor storage minimizes data movement and helps address compliance and sovereignty requirements while providing the historical context analysts need to investigate threats across cloud and on-premises environments.
read more →

Network Still Serves as First Line: Investigation Is Key

🔍 Recent ESG research finds that many organizations still turn to the network first for threat detection: 53% cite network visibility as their primary defense and 93% of SecOps and NetOps now share visibility tools. Packets offer an unaltered record of communications, making modern NDR essential across hybrid and multicloud environments. Detection is only the first step; full packet capture and deep network intelligence enable thorough investigation. NETSCOUT Omnis Cyber Intelligence unifies visibility and delivers packet-level context to reduce blind spots and accelerate response.
read more →

When Detection Tools Fail: Invest in Your SOC Today

🔐 Enterprises often over-invest in rapid detection tools while under-resourcing their SOC, creating a dangerous asymmetry. A cross-company phishing campaign bypassed eight leading email defenses but was caught by SOC teams after employee reports, illustrating the SOC's broader context and investigative power. Investing in an AI-driven SOC like Radiant Security can triage alerts, reduce false positives, and extend 24/7 coverage for lean teams.
read more →

Qilin Ransomware Investigation: Huntress Forensics Analysis

🔍 Huntress Labs detailed a Qilin ransomware investigation in which visibility was constrained because their agent was installed after the compromise and only on a single endpoint. Analysts correlated managed antivirus alerts, Windows Event Logs, AmCache, PCA logs, and VirusTotal to reconstruct a timeline showing a rogue ScreenConnect RMM deployment, attempts to run infostealer binaries, tampering with Windows Defender, and likely ransomware execution from another host. The report stresses validating artifacts across multiple sources to avoid false assumptions and inform accurate remediation.
read more →

Vulnerability-Informed Hunting: Nexus of Risk and Intel

🔎 Vulnerability-informed hunting transforms static vulnerability scans into dynamic intelligence by enriching CVE data with asset context, exploit activity and threat feeds. The article shows how mapping vulnerabilities to adversary behaviors (for example, Log4Shell, ProxyShell and Zerologon) lets teams run focused hunts that detect exploitation or reveal telemetry gaps. It advocates a continuous loop where hunts inform detection engineering, improving logging, SIEM content and overall resilience.
read more →

Adversarial AI Bots vs Autonomous Threat Hunters Outlook

🤖 AI-driven adversarial bots are rapidly amplifying attackers' capabilities, enabling autonomous pen testing and large-scale credential abuse that many organizations aren't prepared to detect or remediate. Tools like XBOW and Hexstrike-AI demonstrate how agentic systems can discover zero-days and coordinate complex operations at scale. Defenders must adopt continuous, context-rich approaches such as digital twins for real-time threat modeling rather than relying on incremental automation.
read more →

Beyond Silos: DDI and AI Redefining Cyber Resilience

🔐 DDI logs — DNS, DHCP and IP address management — are the authoritative record of network behavior, and when combined with AI become a high-fidelity source for threat detection and automated response. Integrated DDI-AI correlates disparate events into actionable incidents, enabling SOAR-driven quarantines and DNS blocking at machine speed. This fusion also powers continuous, AI-driven breach and attack simulation to validate defenses and harden models.
read more →

Acronis on FileFix, SideWinder and Shadow Vector Campaigns

🔍 Acronis TRU describes practical VirusTotal hunting techniques used to track the FileFix ClickFix variant, the long-running SideWinder actor, and the Shadow Vector SVG campaign targeting Colombian users. Using Livehunt, content-based YARA rules, VT Diff, and metadata pivoting, analysts located clipboard-based web payloads, document exploits (CVE‑2017‑0199/11882), and judicial-themed SVG decoys. The post emphasizes iterative rule tuning, retrohunt for timelines, and infrastructure pivots that convert fragmented indicators into actionable intelligence.
read more →

Seeing Threats First: AI and Human Cyber Defense Insights

🔍 Check Point Research and External Risk Management experts explain how combining AI-driven analytics with seasoned human threat hunters enables organizations to detect and anticipate attacks before they strike. The AMA webinar, featuring leaders like Sergey Shykevich and Pedro Drimel Neto, detailed telemetry fusion, rapid malware analysis, and automated triage to act at machine speed. Speakers stressed continuous intelligence, cross-team collaboration, and proactive hunting to shorten dwell time. The approach blends scalable automation with human context to prevent large-scale incidents.
read more →

Continuous Exposure Management Transforms SOC Ops Today

🔍 SOC analysts are increasingly overwhelmed by alert volume and contextual blind spots that force extensive manual triage. Continuous exposure management brings environment-specific intelligence into existing EDR, SIEM, and SOAR workflows to prioritize assets, validate exploitability, and visualize attack paths. By correlating exposures with MITRE ATT&CK techniques and automating remediation workflows, teams reduce false positives, accelerate investigations, and harden detections over time.
read more →