All news with #threat hunting tag

🔒 A Cisco Talos Incident Response (IR) Retainer provides organizations with prioritized access to Talos' global threat intelligence and incident response specialists, combining proactive preparedness with rapid 24/7 mobilization. The retainer includes tailored IR plans, playbooks, readiness assessments, and tabletop exercises, plus proactive threat hunting using the PEAK Framework. Clients receive vendor-agnostic integration guidance, optional Cisco technology deployment, coordinated legal and PR support, and detailed post-incident reviews to reduce downtime and reputational harm.

🔒 Security leaders are balancing safe AI adoption with operational gains and focusing on five practical use cases where AI can improve security outcomes. Organizations are connecting LLMs to internal telemetry via standards like MCP, using agents and models such as Claude, Gemini and GPT-4o to automate threat hunting, translate technical metrics for executives, assess vendor and internal risk, and streamline Tier‑1 SOC work. Early deployments report time savings, clearer executive reporting and reduced analyst fatigue, but require robust guardrails, validation and feedback loops to ensure accuracy and trust.

🛡️ The Cyber Threat Intelligence Capability Maturity Model (CTI-CMM) offers a practical framework for assessing and advancing organizational threat intelligence efforts. It identifies 11 domains and associated CTI missions that support decision-making across areas such as asset management, threat and vulnerability management, incident response, and third-party risk. The model defines four maturity levels (CTI0–CTI3) from pre‑foundational, ad hoc practices to highly refined, strategic intelligence, and prescribes an iterative improvement cycle—prepare, assess, plan, deploy, measure. The guidance stresses focusing on stakeholder needs and delivering useful, timely intelligence rather than pursuing the highest maturity rating for its own sake.

🔐 The Cybersecurity and Infrastructure Security Agency (CISA) will present senior leaders and experts at the 16th Annual Billington CyberSecurity Summit, Sept. 9–12 in Washington, D.C. Acting Director Madhu Gottumukkala and new Executive Assistant Director for Cybersecurity Nick Andersen will deliver fireside chats outlining CISA’s strategic objectives. Other sessions address vulnerability management, threat hunting, supply chain collaboration, and AI in code security. Registration is required.

🔎 Our colleague Joseliyo Sánchez, together with SentinelOne researcher Aleksandar Milenkoski, will present a hands-on workshop at Labscon on automating large-scale threat hunting using the VirusTotal Enterprise API. Attendees will employ Python and Google Colab to process massive datasets, track APT behaviors, and apply LLMs to enhance analysis, query building, and visualizations. The session targets CTI analysts, threat hunters, incident responders, SOC analysts, and security researchers. A follow-up blog post will publish example exercises and materials for further learning.

🔒 Falcon Next-Gen SIEM provides real-time, cross-domain detection to help organizations detect and respond to the identity-centric eCrime group SCATTERED SPIDER. The platform correlates identity, cloud, SaaS, network and email telemetry, offering out-of-the-box rule templates for phishing, MFA fatigue, suspicious SSO events and exfiltration. CrowdStrike recommends comprehensive log ingestion and tuning of these templates to improve detection and response across the full attack lifecycle.