Check 🔥🔥out the latest #ElasticSecurityLabs research blog on Exploring the future of ChatGPT from Senior Security Researcher Mika Ayenson

https://www.elastic.co/security-labs/exploring-applications-of-chatgpt-to-improve-detection-response-and-understanding?oemf

#ElasticSecurityLabs #Elastic #chatgpt #DetectionAndResponse

Like it or not, all these names, terminologies, products, services are marketed, sold, used, referenced etc...

• Signature-Based Antivirus Software
• Next-Generation Antivirus
• Endpoint Detection and Response (EDR)
• Managed Detection and Response (MDR)
• Extended Detection and Response (XDR)

Over the years, #endpointsecurity has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response.

Read more here on #IBM SecurityIntelligence blog

#cybersecurity #infosec #DetectionAndResponse

https://securityintelligence.com/posts/antivirus-evolution-to-face-modern-threats/

Matano is live on the front page of HackerNews!! 🔥

Come join the discussion on OSS, SIEM, and why we are helping orgs build on top of vendor-agnostic Security Data Lakes instead 🙂

https://news.ycombinator.com

#cybersecurity #security #oss #hackernews #cloudsecurity #detectionandresponse #threathunting #threatdetection #datalake #awssecurity #aws #datalake #siem #securitydatalake

🌐 Announcing Matano + Suricata!

Suricata is a popular open source NIDS/NIPS engine used for network analysis and threat detection.

We just shipped out a new integration that allows you to easily push Suricata logs & alerts into a Matano Security Lake in your AWS account for realtime detection-as-code with Python and analysis using AWS Athena + SQL! 🚀

Interested in how to build your own Security Data Lake using Suricata logs?

Check out our blog post: https://www.matano.dev/blog/2023/01/12/suricata-support 🔎

#opensource #infosec #networksecurity #suricata #oisf #intrustiondetection #intrusionprevention #ids #ips #nids #nips #cloudnative #cloudsecurity #rust #datalake #aws #awssecurity #apacheiceberg #secops #security #siem #threatdetection #threathunting #detectionandresponse

I'm excited to announce that Matano is joining YCombinator's W23 Batch! 🚀

SIEM today is broken -- it's too expensive, doesn't scale, has poor support for correlation, causes vendor lock-in, is inflexible for detection engineering, the list goes on...

My brother Shaeq and I quit our jobs at AWS to solve this problem and build a better solution for security operations and analytics that fully utilizes the power of cloud and big data tech available today.

While the cybersecurity industry has been held back by legacy architectures tied to age-old vendor products, the data analytics industry has seen a ton of innovation through open source initiatives such as Apache Iceberg, Parquet, and Arrow delivering massive cost savings and performance breakthroughs.

We started Matano to close the gap between these two worlds by building an OSS platform to help security teams leverage the modern data stack (e.g. Spark, Athena, Snowflake) to efficiently analyze security data from all the disparate sources across an organization (Cloud/SaaS, Endpoint, Network, etc.).

Matano helps Detection & Response teams break free from their SIEM by deploying a vendor-agnostic Security Data Lake into their AWS account and giving them a platform to build detection-as-code using Python and SQL!

This is just the beginning in our mission to build the first open platform for threat hunting, detection & response, and cybersecurity analytics at petabyte scale.

I am super grateful to all of our early supporters for the help & joining in on this journey to reinvent SIEM. Let's goo!

https://www.ycombinator.com/launches/Hl0-matano-open-source-siem-alternative-for-aws

#startup #ycombinator #opensource #cybersecurity #cloudsecurity #awssecurity #siem #threatdetection #secops #devsecops #aws #infosec #dfir #detectionandresponse #soc #apacheiceberg #security #datalake #blueteam

𓅃 Announcing Matano + Crowdstrike!

Matano is an open source project to analyze security logs in S3 using SQL + build realtime detections-as-code.

You can now cost-effectively process & store petabytes of endpoints logs & alerts on user and network activity from Crowdstrike into a realtime security data lake in your AWS account for correlation and analysis during investigations.

Excited to launch our new managed integration for Crowdstrike logs, read more in our blog post:

https://www.matano.dev/blog/2022/12/28/crowdstrike-support

Happy threat hunting! 🦅

#security #cybersecurity #opensource #endpointsecurity #endpointprotection #awssecurity #crowdstrike #threathunting #threatdetection #siem #cloudsecurity #detectionandresponse

What's the tech that's improving SOC analyst efficiency? 🤔
.
.
.
If you guessed NDR, then you'll love this new eBook from Enterprise Strategy Group (ESG).

It's true. 60% of organizations say that network detection and response (NDR) improved their SOC analyst efficiency. Here are some other stats from the eBook to consider. Nearly half of organizations say that it:

1. Detected attacks missed by other tools
2. Accelerated incident response
3. Provided the broadest network visibility across environments

Don't just take our word for it. Read ESG's "The Evolving Role of NDR" eBook today: https://go.corelight.com/esg-report-evolving-role-of-ndr-ty

#NDR #DetectionandResponse #NetworkSecurity #CyberSecuritySolutions #NetworkSecurityEngineer #SecurityAnalyst #SOC #SecOps

For those using GCP, do you have adequate coverage with your security detection rules? If not, here is a great resource that a teammate recently shared with me https://github.com/GoogleCloudPlatform/security-analytics. This covers SQL, for both BigQuery and Log Analytics, and Yara rules. #gcp #cloud #DetectionAndResponse #incidentresponse #threathunting

Nice blog by Sekoïa about Lucky Mouse
#DetectionAndResponse

https://blog.sekoia.io/lucky-mouse-incident-response-to-detection-engineering/

They share also some Sigma rules

Here comes my late #introduction... My first interaction with #appsec was thanks to an integer overflow in railroad tycoon (the one from the 90s) allowing me as a kid to buy an infinite amount of buildings...

Then few years later Softice came and I got absolutely amazed with all the things that's possible with a computer. Spent my evenings dialing into the internet and reading hacker forums...

Fast forward a few years after building awful php apps next to university I ended up being a #pentester / security consultant at a Big4. I really loved the pace and challenges but after some time felt that I'm missing to have some type of positive impact so switched sides.

I spent the past almost 10 years at Prezi as a security engineer / engineering manager / something something / ... with a bit of back and forth between roles. I love working both with people (definitely felt more positive impact) and getting my hands dirty around anything security related be it #cloudsecurity #appsec #infrastructuresecurity or #DetectionAndResponse ... I still love to break stuff as I believe sometimes that's necessary before being able to rebuild it better.

Since my son was born my priorities shifted finally and am focusing more efficiently on simply being a happy, decent human being instead of worrying about something all the time :) or at least that's what I like to think.

I wasn't too active on twitter in the past years but looking at infosec.exchange brought up some good memories. Thanks @jerry for all the care that went and goes into it.

I'm trying to understand... If you use an EDR, what would be the need for YARA rules?

I'd like to try and learn where YARA really thrives, any input is valuable. Thanks!

#YARA #DetectionAndResponse #threathunting #blueteam

#Linux #Detection Tip: while a high #entropy on a #Windows binary isn’t a strong detection signal on its own (indicative of a packer which some legitimate software uses on windows), it IS on Linux.

It is much rarer for Linux binaries, especially for internally developed #apps, to have a high entropy.

Tools such as #Strelka (built into #SecurityOnion) can grab this sort of data for you.

#NSM #NetworkSecurity #NetSec #DetectionAndResponse #IncidentResponse #Forensics #DFIR #Cyber #cybersecurity

Did you know that @wireshark has a #Snort post-dissector?

If you’ve ever had a snort alert fire, and can’t figure out which packet triggered the alert, or perhaps you want to be able to see the surrounding context, this can be super useful!

You can search on things such as specific SIDS and everything.

If you’re curious on how to set it up, check out my blog!

https://www.signalblur.io/wiresnort/

#NIDS #IDS #IntrusionDetection #DetectionAndResponse #DFIR #forensics #networking #cyber #IncidentResponse #NetSec #InfoSec #CyberSecurity #InformationSecurity #Networking