Blog Post Archives - Page 3 of 4

October 29, 2021

Published by Anshul Garg on October 29, 2021

XDR: A Blessing for SOC Teams, or Another Fad?

The security industry has evolved over the years to combat new and emerging cyber threats, and as we evolved, new products were launched to help security teams. Some of these products have been great breakthroughs – driven by the venture capital and innovation flowing to the security industry – but a lot of them have been a fad as they […]

October 18, 2021

Published by RoseAnn Guttierrez on October 18, 2021

Federated Search

Visibility is an ongoing problem for security operations. Throughout an investigation, many tools are utilized to gather and collect the context needed to make informed decisions. That context is critical to advise security teams on what actions to take and what potential threats require further research. Gathering information across multiple tools and disparate data sources takes time, and time is […]

October 12, 2021

Published by Adam Montville on October 12, 2021

Enabling the Cooperative Ecosystem

The Center for Internet Security (CIS) has a mission to improve the actual practice of cyber defense, and we do this, in part, by ensuring that our best practice recommendations (in the form of CIS Benchmarks recommendations and CIS Controls Safeguards) track clear and transparent measures of security value for our users. Most recently, we’ve embarked on the journey of mapping our […]

October 5, 2021

Published by Matthew Gardiner on October 5, 2021

The Increased Need for Security Integration Standards

My experience with security standards began many years ago in 2002 during my time at Netegrity and later the Kantara Initiative. There, I was involved with the creation, standardization, and popularization of the OASIS standard, SAML, and federated SSO more broadly. The problem that we focused on solving — how to transition an authenticated user session (and the associated level of trust) from one […]

August 6, 2021

Published by Paul Coccoli on August 6, 2021

Building Your Own Kestrel Analytics and Sharing With the Community

Turning your frequently used enrichment operation and/or machine learning procedure into a reusable and shareable hunting step in Kestrel.

July 26, 2021

Published by Xiaokui Shu and Ian Molloy on July 26, 2021

Practicing Backward And Forward Tracking Hunts on A Windows Host

In our previous blog post, we showed how to get started with the Kestrel Threat Hunting Language, such as connecting to data sources and performing your first hunts using the GET and FIND commands. In this post, we’ll introduce the APPLY keyword, which adds powerful analytics and enrichment capabilities to hunts. We will show a Kestrel hunt performing backward and forward tracking on a Windows host to unearth the […]

July 26, 2021

Published by Xiaokui Shu and Ian Molloy on July 26, 2021

Building a Huntbook to Discover Persistent Threats from Scheduled Windows Tasks

In this blog post, the first in a series introducing the Kestrel Threat Hunting Language, we will show you how to get started with your first hunt. You’ll learn how to set up your environment, connect to data sources, and search for a common attack technique, scheduled tasks in Windows. You’ll also become familiar with the basic concepts that you […]

June 29, 2021

Published by Carol Geyer on June 29, 2021

IBM Contributes Kestrel Threat Hunting Tool to OASIS Open Cybersecurity Alliance (OCA)

Kestrel lets threat hunters ‘devote more time to figuring out what to hunt, as opposed to how to hunt’ Open Cybersecurity Alliance (OCA), an OASIS Open Project, today announced it has accepted IBM’s contribution of Kestrel, an open-source programming language for threat hunting that is used by Security Operations Center (SOC) analysts and other cybersecurity professionals. Kestrel streamlines cyber reasoning and […]