3.30.21
What is DCSync and How to Protect Against It
DCSync is an attack technique used to get user credentials. Learn how it works and how to protect against DCSync.
Kirsten Gantenbein
3.24.21
The Ground Truth: Securing Remote Work with Collaborative NetSecOps in 2021 and Beyond
Distributed workforces aren't going anywhere. Learn about the challenges and opportunities in 2021 and beyond, and how NetOps and SecOps can be more successful when they work together.
Chase Snyder
3.23.21
Gartner Blog Includes Network Detection and Response as One of the Eight Controls to Thwart SUNBURST
In a recent blog post, Gartner lists network detection and response (NDR) as one of the controls necessary to thwart supply chain attacks. After SUNBURST, ExtraHop has evidence that NDR is an effective defense against sophisticated attacks.
Carol Caley
3.18.21
There's a Better Way to Monitor DNS
Well-known cyberattacks take advantage of DNS to evade common security tools. Learn how these attacks work, and how to monitor DNS traffic for threats.
Carol Caley
2.26.21
Talking to the Board About the New Realities of IT Security
Between the recent shifts in remote access and headlines filled with high-profile cyber attacks, getting board approval has some increasing challenges. Get tips for talking to the board of directors about security.
Sri Sundaralingam
12.19.20
How to Identify Malicious Network and Port Scanning
Network scanning and port scanning aren't inherently hostile, but they're often used maliciously. Learn to identify malicious network scanning and differentiate it from benign behavior.
Christine Shaw
12.18.20
Analyzing the SUNBURST SolarWinds Attack Campaign For Threat Intelligence
SolarWinds attack: ExtraHop is sharing 1700+ suspicious IP addresses (for threat hunters and data scientists) that were associated with the Sunburst backdoor attack.
Todd Kemmerling
12.14.20
How to Detect and Respond to the SUNBURST Attack
Sunburst attack 2020: Learn how to detect and respond to the Sunburst backdoor supply chain attack with ExtraHop's spectrum of detection approaches.
ExtraHop
11.13.20
How Ransomware Works and How to Prevent It
Ransomware can cause irreparable damage. Learn how it works and how to detect it to stop attacks.
Kirsten Gantenbein
11.5.20
What Is PsExec and How to Protect Against Lateral Movement
PsExec is a Windows Sysinternals utility that enables IT administrators to run commands and executable binary files on remote servers, but it can also be used for stealthy lateral movement.
Kirsten Gantenbein
10.21.20
The Network, Security, and Cloud Blame Game
NetOps, SecOps, and Cloud teams often operate in silos. Improving collaboration and communication can help these teams resolve incidents faster.
Karen Crowley
10.19.20
What is DNS Tunneling and How to Protect Against It
Learn how DNS tunneling attacks work and what you can do to protect against them. Examples included!
Kirsten Gantenbein
10.14.20
Security Alert: 'Bad Neighbor' Vulnerability Affects Windows 10 Systems
The Windows 10 vulnerabilities unveiled by Microsoft on October 13 include a remote DoS (CVE-2020-16899) and a remote code execution flaw (CVE-2020-16898) dubbed 'Bad Neighbor'. Get the rundown on potential exploits and what you should do.
Jeff Costlow
10.13.20
SQL Injection Attacks: What Are They and How to Detect Them (with Examples!)
Learn how SQL injection attacks work and what you can do to protect against them. Examples included!
Kirsten Gantenbein
9.17.20
Professional Services Customer Success Stories: Scaling Digital Experiences During COVID-19
Learn how ExtraHop Professional Services helped one company secure a massive increase in personal teller machine use in lieu of in-person interactions.
Michael McPherson
9.16.20
Security Alert: Detecting CVE-2020-1472 Zerologon Exploitation with NDR
The recent Zerologon vulnerability (CVE-2020-1472) could allow attackers to get control of a Windows domain without any user credentials. Learn how it works and how to protect against exploits.
Jeff Costlow
9.11.20
Alerts That Matter: Knowing When (and How) to Take Decisive Action
Sophisticated cyberattacks go undetected for weeks or months, and when discovered, security analysts struggle to contain the compromise and assess its scope. Most detection tools are able to create incident tickets, but noisy detections quickly become "ticket spam" and contribute to the security analyst's challenge of rising above the noise.
Jesse Munos
9.4.20
How to Respond to Incidents Quickly Despite Intentionally Confusing False Flags
False flags are deliberately planted details meant to distract or mislead investigators. Learn what to look out for and how to get more context.
Chase Snyder
7.24.20
Ripple20: Finding Vulnerable Devices and Detecting Attacks
The Ripple20 group of vulnerabilities affects hundreds of millions of devices across many industries. Learn how to identify devices using the vulnerable Treck software and detect Ripple20 exploits.
Jeff Costlow
7.7.20
Easy Multi-Factor Authentication: JumpCloud SSO With SAML
Learn how you can leverage JumpCloud SSO with SAML for an uncomplicated approach to multi-factor authentication that works in environments without an existing identity provider.
Thomas Smith
