Exabeam » Incident Response
119 FOLLOWERS
Learn how to respond to a security incident or attack utilizing a planned incident response process and technology. Exabeam helps security teams everywhere seize the breach by eliminating blindspots.
Exabeam » Incident Response
7M ago
In today’s technology-driven world, addressing the looming threat of cyberattacks is more significant than ever. On Sept. 14 Auckland Transport (AT), a critical component of New Zealand’s infrastructure and responsible for transportation on ferries, buses, and trains, fell victim to a suspected ransomware attack. The attack affected a range of AT customer services, including the HOP card ticketing and fare network. Recent weeks have been particularly painful for security teams in the travel and retail industries, as ransomware attacks have struck several well-known organisations worldwide.
Spe ..read more
Exabeam » Incident Response
8M ago
Imagine soaring through the skies, carefree, as your flight takes you to your dream destination. While you’re gazing at the clouds, the airline’s IT systems are under siege by cybercriminals. It’s not a plot from a futuristic movie; it’s the reality of today’s world. Buckle up as we explore why airlines are in the crosshairs of cyberattacks and what they can do about it.
In this article:
A skyrocketing problem
Decoding the factors behind the turbulence
Navigating stormy regulatory skies and financial upheaval
Final approach: safeguarding the skies
A skyrocketing problem
From 2019 to 2020, th ..read more
Exabeam » Incident Response
1y ago
Insider threats, whether malicious or compromised, are among the most elusive and frequently overlooked cybersecurity concerns. Traditional security information and event management (SIEM) systems just don’t seem to cut it when it comes to defining the baseline of typical behavior for an insider. By now we’ve all seen the headlines about classified U.S. government documents being leaked on Discord by a military base employee working in cyberdefense operations. It’s equal parts shocking and unsurprising to read the details of incidents like these. This particular individual managed to snap phot ..read more
Exabeam » Incident Response
1y ago
The banking industry faces numerous challenges, with insider threats ranking at the top. Contrary to popular belief, insider threats play a significant role in cyberattacks, not just involving malicious employees. In this blog post, we’ll explore the different types of insider threats, why banks are attractive targets, and how the right technology can help protect against them.
In this article:
Understanding insider threats in the banking industry
Factors making banks vulnerable to cyberattacks
The need for solid detection solutions
Identifying insider threats using behavior analytics
Assessi ..read more
Exabeam » Incident Response
1y ago
The Exabeam Security Research Team (ESRT) reviewed the attack characteristics of 24 recent breaches, and this article outlines some of our findings.
The most common initial attack vector is stolen or compromised credentials, averaging $4.5 million per breach, according to the 2022 Cost of a Data Breach Report. And the costliest initial attack vector was phishing, at an average of $4.91 million.
Phishing emails are one of the most common ways attackers attempt to trick users into providing their user credentials and other information via links to websites that imitate legitimate ones.
The recen ..read more
Exabeam » Incident Response
2y ago
For the last couple of months, the cybersecurity field has experienced multiple challenges as a result of the discovery of the Log4j CVE-2021-44228 vulnerability. This vulnerability still remains a serious danger and continues to put hundreds of millions of devices at risk of being remotely attacked.
Log4j is part of the threat family of Remote Code Execution (RCE) where the vulnerability is allowed to execute code in multiple ways, either by a basic Web Request:
curl 127.0.0.1:8080 -H 'X-Api-Version: ${jndi:ldap://127.0.0.1/a}'
or by a modification of the agent string to be used with a brow ..read more
Exabeam » Incident Response
2y ago
Adversaries are persistent and clever, as demonstrated by recently documented breaches including T-Mobile and the SITEL Group, a provider of customer experience products and solutions. Lapsus$ purchased credentials and used social engineering to recruit insiders and break into high-profile organizations. They moved laterally to access internal systems, source code, and customer data, among other highly-sensitive information. The group exploited insiders in the workforce, software supply chain, and insecure deployments and controls for credentials and access with the goal to steal information a ..read more
Exabeam » Incident Response
2y ago
In this article, we introduce the basics of incident response and discuss Security Orchestration, Automation and Response (SOAR) — a tool which makes incident response more efficient, more effective and more manageable at scale.
In this article:
What is incident response?
What is case management?
What is SOAR?
Three key SOAR capabilities
Dashboards and reporting
How does SOAR fit with SIEM?
What is incident response? Reactive incident response
Incident response is an organizational process that allows security teams to contain security incidents or cyber attacks, prevent or control damages ..read more
Exabeam » Incident Response
2y ago
The best way to detect and respond to malware is to create a layered approach within your network and among your workforce. According to the MIT Technology Review, the number of zero-day exploits discovered in 2021 more than doubled the number discovered in 2020. The exponential increase in zero-days in 2021 was not attributable to better detection capabilities, according to the publication, but rather it was greater access to purchased zero-days by international hacking groups. Consultants and security vendors might assure you that your network is locked down against malware and ransomware th ..read more
Exabeam » Incident Response
2y ago
Security incidents are events that occur with a potential impact to an organization which can represent a cybersecurity threat or attack. Identifying incidents and responding to them quickly is a critical cybersecurity process.
In this article:
The definition of a cybersecurity incident
The difference between a security incident and security event
Notable security breaches
Types of security incidents
How to respond to a security incident
Automating incident response
Security incident definition: What is a cybersecurity incident?
Security incidents indicate the failure of security measures or ..read more