2023-01-30 21:25   Scaling your SOC with Microsoft Defender + Intezer    #intezer #安全文章 TLDR: Highlights of Intezer’s Autonomous SOC solution for Microsoft Defender for Endpoint Automating SOC Triage and Investigations with Defender Intezer’s Autonomous SOC solution now supports Microsoft Defender for Endpoint, enabling security teams to automatically triage incidents and get deep endp

2023-01-27 00:29   Endpoint Forensics and Memory Analysis, Simplified    #intezer #安全文章 Detecting advanced in-memory threats is critical for security teams — read on about how Intezer’s Endpoint Scanner ensures your team can quickly identify and analyze fileless threats, packed malware, malicious code injections, or any unrecognized code. At Intezer, we are constantly working to improv

2022-11-10 21:31   How LNK Files Are Abused by Threat Actors    #intezer #安全文章 LNK files are based on the Shell Link Binary file format, also known as Windows shortcuts. But what seems a relatively simple ability to execute other binaries on the system can inflict great harm when abused by threat actors. Microsoft’s decision to block macros by default for files downloaded

2022-09-21 04:36   5 Key Factors for Selecting a Managed Detection and Response (MDR) Provider    #intezer #安全文章 With an increasing number of threats and vulnerabilities to contend with, businesses need all the help they can get to keep their networks and data safe. That’s where managed detection and response (MDR) providers come in. MDR is a type of security service that proactively monitors alerts from

2022-09-01 21:02   5 Reasons to Replace your Managed Detection and Response (MDR) Service    #intezer #安全文章 Managed Detection and Response (MDR) services are a fantastic way to keep your business’ cybersecurity up to date and effective. However, there are a few reasons why you might want to consider replacing your MDR service. In this article, we’ll explore five of those reasons and see if the

2022-08-25 21:59   Threat Hunting Rule Extraction and Use Cases    #intezer #安全文章 TL;DR: You can now extract IOCs and behavioral indicators to a hunting rule format for your endpoint security system. This enables you to: Easily create hunting rules from any threat or alert uploaded to Intezer’s database. Automate the threat hunting process by tracking threat actors and gett

2022-08-23 01:10   CrowdStrike + Intezer: Automation for Alert Triage and Threat Hunting    #intezer #安全文章 Intezer’s solution for CrowdStrike is powerful enough to function as a virtual Tier 1, allowing you to remove false positives and get clear recommendations for every alert. Table of Contents How Automated Alert Triage Works Benefits of Intezer as a Virtual Tier 1 How Manual Incident Triage Limits In

2022-08-16 17:07   macOS Threats: Automate Mac Alert Triage with Intezer    #intezer #安全文章 We are happy to announce that Intezer now supports scanning macOS files. 😁 Intezer’s Autonomous SecOps solution automates security operations processes, including alert triage, incident response, and threat hunting. This release is an important step towards Intezer’s mission to automate

2022-08-03 14:00   Detection Rules for Lightning Framework (and How to Make Them With Osquery)    #intezer #安全文章 On 21 July, 2022, we released a blog post about a new malware called Lightning Framework. Lightning is a modular malware framework targeting Linux. At the time of the publication, the Core module had one suspicious detection and the Downloader module was not detected by any scanning engines on Virus

2022-07-21 15:00   Lightning Framework: New Undetected “Swiss Army Knife” Linux Malware ⚡    #intezer #安全文章 Lightning Framework is a new undetected Swiss Army Knife-like Linux malware that has modular plugins and the ability to install rootkits. Year after year Linux environments increasingly become the target of malware due to continued threat actor interest in the space. Malware targeting Linux environm

2022-07-12 00:54   ? Launching Autonomous SecOps (Your Virtual, Algorithm-Driven Tier 1 SOC Team)    #intezer #安全文章 We are helping security teams go beyond individual file analysis to automate their entire Endpoint and Email alert triage processes with our new dashboard. Autonomous SecOps provides a better, more affordable alternative to in-house Tier 1 teams or external Managed Detection & Response services

2022-07-06 19:15   OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow    #intezer #安全文章 Linux is a popular operating system for servers and cloud infrastructures, and as such it’s not a surprise that it attracts threat actors’ interest and we see a continued growth and innovation of malware that targets Linux, such as the recent Symbiote malware that was discovered by our research team

2022-06-29 20:30   YTStealer Malware: “YouTube Cookies! Om Nom Nom Nom”    #intezer #安全文章 The Stage: The Dark Web Market for YouTube Account Access In 2006, the term “data is the new oil” was coined. Ever since then, the value of data has just increased. We live in a world where many corporations collect data on users in an attempt to monetize it. This is not just limited to

2022-06-22 19:22   A Straw-by-Straw Analysis: The Zero-Trust Approach for Your Alert Haystack    #intezer #安全文章 One of the greatest challenges security operations center (SOC) teams face is the high volume of daily alerts about suspicious files and endpoints that they must investigate. A lot has already been written about this “needle in the haystack problem.” SOC analysts are faced with so many alerts that t

2022-06-09 19:45   Summary of Symbiote Research (A New, Nearly-Impossible-to-Detect Linux Threat)    #intezer #安全文章 In pop culture, a symbiote often gives a host superhuman ability (and occasionally also hilarious inner monologue). But in real life, parasitic symbionts can drain a host to the brink of death without them even being aware. In a new joint research endeavor by Intezer and the BlackBerry Research &#38