As security teams rethink how they handle incident triage and look to adopt powerful artificial intelligence tools for their SOC in 2024, many are considering if it’s time to make the switch to a “next-generation” SIEM solution for log management, such as CrowdStrike Falcon LogScale. In this guide, I want to give you an introduction to CrowdStrike’s next-generation SIEM, some advantages and disadvantages compared to other leading SIEM tools, and how to make migrating to a new log management tool easier on your SOC team. What is Falcon LogScale? Falcon LogScale, a product by CrowdStrike, is a n ..read more

Welcome to our deep dive into the world of .NET malware reverse engineering. As a security researcher or analyst, you’re likely aware that the .NET framework, famed for its ability to enable rapid and robust application development, is a double-edged sword. The same features that make it attractive to legitimate developers also make it a favorite among malware authors.  So why invest time and effort in unraveling .NET malware? Simply put, the cyber threat environment is filled with malware built using .NET frameworks, and countering these threats necessitates a deep understanding of their ..read more

A few years ago leading cybersecurity professionals and industry analysts were publicly saying that even with advances in artificial intelligence and machine learning, the “Autonomous SOC” was an unrealistic pipe dream. This didn’t hold back our team’s vision for the Autonomous SOC platform, which achieved notable milestones and a 400% increased of its customer base last year. As Intezer continues to prove our innovation solution for automating security operations can successfully work for customer after customer, we think it’s time to step back and explain what “Autonomous SOC” means. What is ..read more

We’re excited to announce a new feature in Intezer that revolutionizes how security teams analyze and interact with URLs: Interactive Browsing. Interactive Browsing, powered by our partnership browser.lol, offers a seamless and immersive experience for securely analyzing URLs like never before. This new feature is designed to support interactive sessions directly from a URL analysis in Intezer, giving SOC analysts a hands-on approach to investigating and understanding the nuances of web-based threats. How Interactive Browsing Works in Intezer The secure browsing session allows you to view ..read more

Continuous improvement is a requirement in the ever-evolving cybersecurity space. That’s why Intezer is excited to introduce a new feature in the Autonomous SOC platform: a real-time feedback mechanism. This simple, yet powerful tool allows you to communicate directly with Intezer, ensuring that it gives you results that align with your organization’s unique security needs. Intezer’s latest update brings a practical enhancement to our Autonomous SOC, allowing users to provide real-time feedback. This straightforward feature gives users direct influence to improve the accuracy of Intezer’s aler ..read more

Cybersecurity is a fast-paced world, and when we talk about it, two important measurements often come up: how quickly we can spot a problem (Mean Time to Detect or MTTD) and how fast we can fix it (Mean Time to Respond or MTTR). These metrics are pivotal in evaluating the effectiveness of security operations within an organization. This article delves into the significance of MTTD and MTTR, offering insights into how they shape the security landscape and the role of innovative solutions like Intezer in enhancing these metrics. Understanding MTTD and MTTR What is MTTD in Cyber Security? Mean Ti ..read more

TL;DR We just released a new version of our popular endpoint scanner for Linux machines, so the Autonomous SOC platform can immediately get you even more of the evidence and comprehensive analysis you need. The automated endpoint scanner for memory forensics is a powerful tool in Intezer and now it’s available for investigating and triaging Linux endpoints. We’re excited to announce this new capability for Linux endpoint forensics, which we know is an important addition for all the teams who already rely on our automated endpoint scanner to investigate potential fileless threats on Windows sys ..read more

Intezer’s Autonomous SOC platform hit key performance metrics, as customers using the platform grew by 400% 2023 was an incredible year of expansion for our platform, as our product team released multiple game-changing features and integrations. We also saw the growth of our Autonomous SOC user base take off, increasing by 400%, as more security teams searched for innovative ways to improve their security operation and incident response processes. (More in out press release announcement about that here!) Real Metrics Achieved by the Autonomous SOC Platform For our team, seeing what Intezer is ..read more

Learn more here about Intezer for MSSPs. Managed Security Service Providers (MSSPs) are crucial in helping organizations protect their critical assets, maintain a strong security posture, and quickly respond to cyber attacks. To keep up with the ever-changing threat landscape, top MSSPs are increasingly leveraging advanced incident response automation like our Autonomous SOC platform to enhance their alert triage process, investigation capabilities, and speed up response time for their clients. In this blog post, we’ll cover the top benefits of incorporating Intezer into your MSSP operations t ..read more

Our research team has identified a new APT group, dubbed “WildCard,” initially detected through its use of the SysJoker malware, which targeted Israel’s educational sector in 2021. WildCard has since expanded its reach, creating sophisticated malware variants disguised as legitimate software, and a recently developed malware called ‘RustDown,’ written in Rust for potential operational advantages. Connections to Operation ElectricPowder indicate WildCard’s advanced capabilities with a focus on critical sectors within Israel. While we’ve begun to understand WildCard’s tactics and methods, their ..read more