7.26.21
SANS on Defining and Measuring Cybersecurity Visibility
Visibility is necessary for security but the concept isn't exactly clear-cut. Hear from SANS on defining visibility to help you confidently identify blind spots, strengthen security, and measure success on this cybersecurity KPI.
Carol Caley
7.9.21
Three Common Advanced Threats and How to Stop Them
Advanced persistent threats, supply chain attacks, and zero days are becoming more prevalent. A new white paper explores each threat, how they overlap, and how to detect them before they cause damage.
Carol Caley
7.7.21
TCP Resets (RST): Attack or Defender Containment Method?
TCP reset attacks can take down internet connection, but TCP RST is also used by some security solutions to automate containment. Learn why it's (honestly) a weird approach to take.
Jamie Moles
7.1.21
Methods for Security Automation and Improving MTTR
Learn how automating asset containment can improve response times and strengthen security.
Jesse Munos
6.25.21
Top 3 Trends from the Verizon DBIR
The Verizon 2021 Data Breach Investigations Report (DBIR) gives us valuable insights into cybersecurity trends. Read our top takeaways with cyberdefense tips based on their findings.
Chase Snyder
5.11.21
Adapt Your Defense Strategy to Stop Supply Chain Attacks
While the SUNBURST attack exposed how easily advanced attackers could evade defenses, it also created an opportunity to rethink modern security posture. A new SANS white paper explores how to build a comprehensive cyber defense plan.
Dale Norris
3.30.21
What is DCSync and How to Protect Against It
DCSync is an attack technique used to get user credentials. Learn how it works and how to protect against DCSync.
Kirsten Gantenbein
3.24.21
The Ground Truth: Securing Remote Work with Collaborative NetSecOps in 2021 and Beyond
Distributed workforces aren't going anywhere. Learn about the challenges and opportunities in 2021 and beyond, and how NetOps and SecOps can be more successful when they work together.
Chase Snyder
3.23.21
Gartner Blog Includes Network Detection and Response as One of the Eight Controls to Thwart SUNBURST
In a recent blog post, Gartner lists network detection and response (NDR) as one of the controls necessary to thwart supply chain attacks. After SUNBURST, ExtraHop has evidence that NDR is an effective defense against sophisticated attacks.
Carol Caley
3.18.21
There's a Better Way to Monitor DNS
Well-known cyberattacks take advantage of DNS to evade common security tools. Learn how these attacks work, and how to monitor DNS traffic for threats.
Carol Caley
2.26.21
Talking to the Board About the New Realities of IT Security
Between the recent shifts in remote access and headlines filled with high-profile cyber attacks, getting board approval has some increasing challenges. Get tips for talking to the board of directors about security.
Sri Sundaralingam
1.1.21
LDAP Encryption: What You Need to Know in 2021
Get the skinny on LDAP encryption, including whether LDAP traffic is encrypted automatically and how you can best secure traffic using this protocol.
Carol Caley
12.19.20
How to Identify Malicious Network and Port Scanning
Network scanning and port scanning aren't inherently hostile, but they're often used maliciously. Learn to identify malicious network scanning and differentiate it from benign behavior.
Christine Shaw
12.18.20
Analyzing the SUNBURST SolarWinds Attack Campaign For Threat Intelligence
SolarWinds attack: ExtraHop is sharing 1700+ suspicious IP addresses (for threat hunters and data scientists) that were associated with the Sunburst backdoor attack.
Todd Kemmerling
12.14.20
How to Detect and Respond to the SUNBURST Attack
Sunburst attack 2020: Learn how to detect and respond to the Sunburst backdoor supply chain attack with ExtraHop's spectrum of detection approaches.
ExtraHop
11.13.20
How Ransomware Works and How to Prevent It
Ransomware can cause irreparable damage. Learn how it works and how to detect it to stop attacks.
Kirsten Gantenbein
11.5.20
What Is PsExec and How to Protect Against Lateral Movement
PsExec is a Windows Sysinternals utility that enables IT administrators to run commands and executable binary files on remote servers, but it can also be used for stealthy lateral movement.
Kirsten Gantenbein
10.21.20
The Network, Security, and Cloud Blame Game
NetOps, SecOps, and Cloud teams often operate in silos. Improving collaboration and communication can help these teams resolve incidents faster.
Karen Crowley
10.19.20
What is DNS Tunneling and How to Protect Against It
Learn how DNS tunneling attacks work and what you can do to protect against them. Examples included!
Kirsten Gantenbein
10.14.20
Security Alert: 'Bad Neighbor' Vulnerability Affects Windows 10 Systems
The Windows 10 vulnerabilities unveiled by Microsoft on October 13 include a remote DoS (CVE-2020-16899) and a remote code execution flaw (CVE-2020-16898) dubbed 'Bad Neighbor'. Get the rundown on potential exploits and what you should do.
Jeff Costlow
