Security operations centers, or SOCs, are a core defensive component for organizations. Quickly processing alerts can give a clue if an organization is under attack. But the volume and quality of alerts can greatly vary depending on how well the detection rules have been written. Some rules may return too many low-quality alerts, which can distract analysts from more important ones. Luca Allodi and Koen Teuwen of Eindhoven University of Technology co-authored a recent academic study that examines how to write lower-noise rules for intrusion detection systems (IDSs). The researchers developed six design principles for rule writing that balance specificity with coverage. The aim is to help analysts make better sense of what’s going on in their networks. The research also resulted in the development of a command-line tool, suricata-check, which gives feedback on how a rule written for the Suricata open-source IDS can be improved.
Participants:
Luca Allodi, Associate Professor and head of the Threat Analysis group within the Security Cluster of the Eindhoven University of Technology
Koen Teuwen, PhD Candidate at Eindhoven University of Technology
Jeremy Kirk, Executive Editor, Cyber Threat Intelligence, Intel 471
Malware distribution campaigns that trick people into copying and pasting malicious commands, known as ClickFix, have been wildly successful. Here's an examination of ClickFix and how to defend against it.
The Lumma infostealer malware collects highly sensitive data including logins and session tokens. Here's how to conduct a threat hunt leveraging up-to-date tactics, techniques and procedures used by Lumma.
The Android malware landscape is expanding, with new malware families, innovative distribution methods and a rise in underground offerings appealing to nontechnical cybercriminals. This poses new threats to enterprises.
Stay informed with our weekly executive update, sending you the latest news and timely data on the threats, risks, and regulations affecting your organization.