Guest Post, Author at Security IT Summit | Forum Events Ltd
  • Covid-19 – click here for the latest updates from Forum Events & Media Group Ltd

Security IT Summit Security IT Summit Security IT Summit Security IT Summit Security IT Summit

Posts By :

Guest Post

How insider threats and the dark web increase remote work risks for organizations

960 640 Guest Post

By Veriato

The “Dark Web” is often portrayed as a gloomy realm of internet land where you can find criminals and offenders lurking around every corner. Though there is some truth to this perception, there are also many misconceptions about the Dark Web and its role in the security or insecurity of businesses. Furthermore, the continuous embracement of remote work has led to an unexpected shift in the way the dark web is being used today. Without awareness and understanding of these concepts, it’s impossible to prepare for the looming threats that this obscure area of the net introduces to enterprises.

Level setting on the current remote work landscape

The global pandemic has changed the way organizations and businesses once operated. The rapid shift to remote work brought on tons of security challenges for all types of businesses. Due to the overwhelming increase in remote work, many organizations were not equipped with the right tools and security measures leaving them entirely helpless and at the mercy of the threat actors.

According to a survey conducted by Owl Labs, when the Covid-19 pandemic was at its peak, more than 70% of employees were working from home. Another survey by OpenVPN found that 90% of remote workers were not secure. As per keeper.io “Cybersecurity in the Remote Work era Global risk report”, organizational security postures saw a drastic decline during the pandemic due to remote work.

The most common cybersecurity risks associated with remote work environments include but are not limited to malware & phishing attacks, Virtual Private Networks (VPN) attacks, Insider Threats, shadow IT device threats, home Wi-Fi security, lack of visibility, accidental data exposure, and more.

The sudden rise in remote work since 2020 has overwhelmed the IT teams responsible for cybersecurity. Now, in addition to regular technical infrastructure support for the organization, they also need to support remote work-related issues. The rise of remote work coupled with overwhelmed IT teams increases the human error factor.  Adversaries leverage such situations to exploit vulnerabilities at large.

Scott Ikeda quotes in the CPO Magazine, “71% of organizations are very concerned about remote workers being the cause of a data breach, and unsurprisingly the biggest concerns are the state of their personal devices and their physical security practices. A whopping 42% of organizations are reporting that they simply do not know how to defend against cyber-attacks that are aimed at remote workers. 31% say they are not requiring remote workers to use authentication methods, and only 35% require multi-factor authentication.”

Level setting on the current Insider Threat landscape

An Insider Threat is a security risk that originates from within the organization. It includes employees, third-party contractors, former employees, and consultants who have access to the company’s resources, network infrastructure, and IT practices. An insider threat is capable of compromising an organization’s confidential data, information systems, networks, critical assets by using different attack vectors.

The intent of an insider threat is not always malicious. In fact, insider threat incidents are more likely to happen due to the carelessness of employees. According to a Forrester research report, in 2021, 33% of cybersecurity incidents will happen due to insider threats. In addition, according to the 2020 Cost of Insider Threat report by the Ponemon Institute, 62% of the incidents are due to negligent insiders, 23% due to criminal insiders, and 14% due to credential insiders. Similarly, the cost incurred by an organization due to a negligent insider is 4.58 million, more than other insiders on the category list. The world has seen a 47% increase in cybersecurity incidents caused by the insider threat.

Example insider cybersecurity incidents

Some notable cybersecurity incidents which were caused due to insider threats:

  1. Gregory Chung, a former Chinese-born engineer at Boeing was charged with economic espionage. He used his security clearance to smuggle Boeing trade secrets to China. He was sentenced to 15 years of imprisonment.
  2. Twitter faced an insider attack in 2020, where attackers used social engineering and spear-phishing attacks to compromise high-profile Twitter accounts. Scammers used their profile to promote bitcoin scams. Twitter’s forensic investigations revealed one of their admin team member accounts was compromised exposing access to admin account tools. The adversaries were able to use spear-phishing techniques to get hold of the account, which later used tactics that enabled them to take over high profile users’ accounts such as those of Bill Gates, Barack Obama, etc. and run the bitcoin scam.

Level setting on the current state of the dark web

In simple terms, the dark web is a part of the internet that is not indexed by search engines. The dark web also cannot be accessed by a normal browser. It requires the use of a special browser, for example, the Tor browser (The Onion Router).

Using the dark web, users can get access to information that is not publicly available on the surface web – the part of the internet that is used by people daily. This provides users with anonymity and privacy as it’s difficult to trace someone’s digital footprint once they are on the dark web.

Image Source: Neteffect

Though the Dark Web provides extreme privacy and protection against surveillance from various governments, it is also known as the cyber “black market”. Sophisticated criminals and malicious threat actors use this marketplace to traffic illicit drugs, child pornography, counterfeit bills, stolen credit card numbers, weapons, stolen Netflix subscriptions, and even an organization’s sensitive/critical data. People can also hire a hitman for assassination or recruit skilled hackers to hack systems or networks. The bottom line is that it can get pretty dark in there, hence the name.

Image Source: Techjury

According to a survey conducted by Precise Security, in 2019, more than 30% of North Americans used the dark web regularly. 

Where remote workers exist, insider threats and the dark web intersect

Growing insider threat trends in the remote era reveal the high-risk organizations now face. The dark web has played a crucial part in this evolution both in providing attackers with access to recruit insiders, as well as, empowering them to run lucrative garage sales with stolen data. 

External attackers breach companies and sell data on the dark web, commit fraud, and more

It’s not uncommon to learn of an organization’s critical data which includes confidential data, financial data, and trade secrets being sold on the dark web marketplace. During the global pandemic, adversaries have exploited vulnerabilities in remote working environments by using techniques such as phishing, clickjacking, ransomware attacks, malware/virus injections, social engineering attacks, and more to gain access to this data for sale. They also use this data for organizational identify theft and fraud.

Malicious insiders auction off data on the dark web

Poor working culture and employee morale in organizations may lead a disgruntled employee to sell company data or even hire a skilled hacker to break into the company’s private network and cause severe disruptions. 

Malicious actors are hiring your employees through the dark web

Attackers need a way into your organization. What better way to do that than to make a friend on the inside? Cybercriminals have turned to the dark web to recruit employees within organizations they are targeting. Conversely, malicious employees are offering to sell out their employers to attackers on the dark web as well.

Curious, non-malicious insiders expose organizations to dark web vulnerabilities 

Many people also use the dark web for anonymity and privacy and do not know the potential negative implications of doing so carelessly. While connected to the enterprise network remotely they might access the dark web and unwillingly expose the organization’s sensitive data. 

Remote workers may use their home network Wi-Fi to connect the company’s internal network via a VPN. A remote worker may visit malicious websites or download shady tools and software that can lead to severe data breaches. The malicious site or tools may contain links to a command and control center or even a dark web community forum from which a threat actor could pivot into the corporate network via the remote worker’s laptop. Once pivoted into the corporate network the adversary can launch all sorts of attacks such as ransomware, Denial of Service (DDoS), phishing attacks, and more. When employee activity is not monitored over remote work environments it becomes very difficult for organizations to take control over what they can’t see. 

Bringing light to the dark web in the remote world through advanced insider threat detection 

Artificial Intelligence plays a critical role in combatting insider threats, and thus dark web risks

The risks and threats associated with insiders are difficult to detect as they tend to have legitimate access to many important resources of the organization, and this risk increases when employees work remotely. The remote work environments and practices have increased the attack surface and level of opportunity available to cybercriminals. It is now increasingly difficult for organizations to keep pace with the sheer volume of threats, and the corresponding resources required to manually detect and respond to those threats. Threat mitigation techniques using artificial intelligence (AI) and automation have become very necessary to effectively monitor, detect, control, and mitigate insider threats. 

David Mytton, CTO Seedcamp nicely summarizes the situation as follows:

“The volume of data being generated is perhaps the largest challenge in cybersecurity. As more and more systems become instrumented — who has logged in and when what was downloaded and when what was accessed and when — the problem shifts from knowing that ‘something has happened to highlight that ‘something unusual has happened.” 

That “something unusual” might be an irregular user or system behavior, or simply false alarms.

AI and automation help in correlating threat responses and mitigation faster than any human being can. With these advancements, organizations are able to process large volumes of data, analyze logs, and perform behavioral analysis, threat detection, and mitigation with little to no human intervention.

The response time of AI is phenomenal as it can learn, act and hack in a more efficient and effective manner than the current penetration and vulnerability assessment tools. As such, AI will play a very important role in cybersecurity threat detection. AI can help data protection solutions to rectify, support, and prevent end-user threats such as data leakage, manage unauthorized access, and more. In addition, AI will continue to make threat detection and response solutions to be more efficient and effective in the near future.

Basic cyber hygiene will continue to be paramount in combatting dark web risks

Organizations need to spread awareness among their employees regarding remote work cybersecurity threats and dark web challenges. To do this, establish security awareness programs. Passwords used to log in or access the corporate networks need to be strong and complex. VPN should be properly configured and should be employed with the latest encryption technologies and protocols. Access controls should be implemented to properly limit unauthorized access to critical resources, especially for remote workers.

Visibility for overall user activity is crucial, especially in remote work environments. Organizations need to see what their employees are up to when they are accessing corporate networks for interacting with enterprise resources, sharing files, uploading or downloading files, accessing the central repository or database, using remote desktop services, and more. Close monitoring of such activities ensures organizations take appropriate steps to minimize insider threats and deploy the required countermeasures to prevent malicious activity in remote work environments.

Next-generation insider threat detection technology provides visibility and monitoring needed to shed light on dark web risks

Next-generation insider threat detection and employee monitoring solutions, like Veriato Cerebral, can be used to track down one of the key sources to dark web issues – insider threats. By integrating user behavioral analytics (UEBA), user activity monitoring (UAM), and data breach response (DBR) into a single solution, the organization’s security teams are empowered to identify and minimize insider threats. Powered by artificial intelligence and machine learning, these solutions create a unique digital fingerprint of every user on different platforms, be it a virtual or a physical endpoint. 

In the remote era, the keywords to addressing dark web risks are visibility and insight. Using next-gen technology, organizations can get the level of insight into user activity that is necessary to understand if and when your employees are engaging in sketchy activity on the dark web such as selling their corporate login credentials and more. 

Examples of the level of visibility that can help includes insight into:

  • Web activity monitoring  
  • Network activity monitoring
  • Email Activity 
  • IM & Chat Activity 
  • File and Document Tracking 
  • Keystroke logging 
  • User status 
  • Geolocation 
  • Anomaly Detection
  • Risk scoring etc.

In addition to insider threat detection solutions, organizations can also leverage remote employee monitoring and employee investigations solutions to secure the organization from rising insider threats in remote work environments.

Conclusion

Risks and threats related to remote work will continue to rise. Adversaries will continue using complex and sophisticated attack and compromise techniques to harm enterprise networks and systems via remote working environments. Veriato’s AI-based, advanced threat mitigation solutions ensure that your remote working environment is fully protected and your visibility over IT operations is also increased. These solutions proactively detect and prevent dark web threats and insider threats to secure your organization and remote work environments.

Cybersecurity is not a one-stop-shop

960 640 Guest Post

By Steve Law, CTO, Giacom and Kelvin Murray, Threat Researcher, Webroot

Boris Johnson announced the Government’s roadmap to lift Coronavirus restrictions for both businesses and the general public earlier in February, and since then, this has provided a glimmer of hope for many across the country. However, since the start of the pandemic, the way business is conducted has changed permanently, with many workforces wanting to continue to work remotely as lockdowns and restrictions ease over time.

So, as companies relax and rules are eased, life is expected to return to a form of ‘new normal.’ But, the issues around cybersecurity are here to stay, and the gas pedal must not be eased – especially with the increased risks associated with continued remote working. 

If anything, security should be more reinforced now than ever before to ensure all aspects of a business are secure. But this isn’t the case. Steve Law, CTO, Giacom and Kelvin Murray, Threat Researcher, Webroot, detail the importance of embedding a trilogy security approach into organisations, and this is where a strong CSP/MSP relationship can be invaluable. 

The Risk Grows

Despite lockdown restrictions easing, cybersecurity risks remain and are likely to grow as COVID-19 changes the working landscape. As indoor spaces begin to open in the next few months, employees will want to venture out to new spaces to work, such as coffee shops and internet cafes – but working on open networks and personal devices creates unlocked gateways for cyberattacks to take place. Since this hybrid and remote way of working looks like it’s here to stay, businesses must ensure they have the right infrastructure in place to combat any cyber threats. 

For instance, research by the National Cyber Security Centre shows that there has been a rise in COVID-19 related cyber attacks over the past year, with more than one in four UK hacks being related to the pandemic. This trend is not likely to ease up any time soon either. And, going forward, hackers could take advantage of excited travellers waiting to book their next holiday once the travel ban is lifted, deploying fake travel websites, for example. 

Aside from the bad actors in this wider scenario, part of the problem here is that many IT teams are not making use of a holistic and layered approach to security and data recovery; which can lead to damaging consequences as data is stolen from organisations. Such issues continue to resonate strongly across businesses of all sizes, who will, therefore, turn to their MSPs for a solution. 

The Importance of a Layered Approach 

Cybersecurity is not a one-stop-shop. A full trilogy of solutions is required to ensure maximum effect. This includes a layered combination of DNS networking, secure endpoint connections, and an educated and empowered human workforce. 

The need for DNS security cannot be ignored, especially with the rise of remote workforces, in order to monitor and manage internet access policies, as well as reduce malware. DNS is frequently targeted by

bad actors, and so DNS-layer protection is now increasingly regarded as an essential security control – providing an added layer of protection between a user and the internet by blocking malicious websites and filtering out unwanted material. 

Similarly, endpoint protection solutions prevent file-based malware, detect and block malicious internal and external activity, and respond to security alerts in real-time. Webroot® Business Endpoint Protection, for example, harnesses the power of cloud computing and real-time machine learning to monitor and adapt individual endpoint defences to the unique threats that users face.

However, these innovative tools and solutions cannot be implemented without educating users and embedding a cyber security-aware culture throughout the workforce. Humans are often the weakest link in cybersecurity, with 90% of data breaches occurring due to human error. So, by offering the right training and resources, businesses can help their employees increase their cyber resilience and position themselves strongly on the front line of defence. This combination is crucial to ensure the right digital solutions are in place – as well as increasing workforces’ understanding of the critical role they play in keeping the organisation safe. In turn, these security needs provide various monetisation opportunities for the channel as more businesses require the right blend of technology and education to enable employees to be secure.

The Channel’s Role 

Businesses, particularly SMBs, will look to MSPs to protect their businesses and help them achieve cyber resilience. This creates a unique and valuable opportunity for MSPs to guide customers through their cybersecurity journeys, providing them with the right tools and data protection solutions to get the most out of their employees’ home working environments in the most secure ways. Just as importantly, MSPs need to take responsibility for educating their own teams and clients. This includes delivering additional training modules around online safety through ongoing security awareness training, as well as endpoint protection and anything else that is required to enhance cyber resilience.

Moreover, cyber resilience solutions and packages can be custom-built and personalised to fit the needs of the customer, including endpoint protection, ongoing end-user training, threat intelligence, and backup and recovery. With the right tools in place to grow and automate various services – complemented by technical, organisational and personal support – channel partners will then have the keys to success to develop new revenue streams too.

Conclusion 

Hackers are more innovative than ever before, and in order to combat increasing threats, businesses need to stay one step ahead. Companies must continue to account for the new realities of remote work and distracted workforces, and they must reinforce to employees that cyber resilience isn’t just the job of IT teams – it’s a responsibility that everyone shares. By taking a multi-layered approach to cybersecurity, businesses can develop a holistic view of their defence strategy, accounting for the multitude of vectors by which modern malware and threats are delivered. Within this evolving cybersecurity landscape, it’s essential for SMBs to find an MSP partner that offers a varied portfolio of security offerings and training, as well as the knowledge and support, to keep their business data, workforces and network secure.

The Complete Guide to Online Brand Protection

150 150 Guest Post

By Digital Shadows

Effective Online Brand Protection requires continual monitoring and remediation of threats to a company’s brands across social, mobile, websites, and other external sources. This approach often requires the involvement of the security, marketing, brand, and legal teams.

While approaches to Online Brand Protection once amounted to tracking negative sentiment on Twitter, this is no longer enough.

This guide outlines the top threats to brands online and some of the best practices for protecting them.

Click here to read the guide now.

WEBINAR: Solorigate/SUNBURST – Chronology of a supply chain nightmare

960 640 Guest Post

By SentinelOne and ReliaQuest

SUNBURST was one of the most devastating cyberattacks in recent years and has sent shockwaves like no other attack before. Solorigate/SUNBURST impacted more than 420 of the Fortune 500 companies and thousands of government and commercial organizations. The attack on the ‘digital supply chain’ was uncovered in December 2020, although the foundation was made at the end of 2019 with the first organizations being infected in the second quarter of 2020.

Despite the widespread use of threat intelligence and EPP / EDR solutions, how did this happen? Why did the attack go undetected for so long? 

During this webcast on Tuesday 13 April at 10am BST, the course of the attack campaign will be traced and discussed. It will also explain how SentinelOne protected their customers from SUNBURST and how ReliaQuest responded immediately to protect their customer base with targeted threat intelligence, detection logic and automated enterprise wide retroactive threat hunting to surface and respond to any evidence of attack.

Together SentinelOne and ReliaQuest are protecting customers against these unforeseeable supply chain attacks and acting as a force multiplier for your security operations. 

Click Here To Register

Cyber Threat Intelligence – Solutions Guide & Best Practices

960 640 Guest Post

By Digital Shadows

Cyber threat intelligence (CTI) improves the resilience of your business against emerging cyber threats. The best CTI program informs preventative and proactive security actions and is intimately tied to business concerns and effective reduction of risk.

This guide serves to:

  • Navigate you through the jargon surrounding cyber threat intelligence
  • Outline some of the best practices for cyber threat intelligence
  • Provide some excellent resources to leverage when developing or improving your organization’s cyber threat intelligence capabilities

Download The Guide

WHITE PAPER: Active Directory security – AD monitoring and proactive security detection combined

960 640 Guest Post

“Active Directory security” generates a few different reactions, depending on who you ask.

Get the new guide from Microsoft 17x MVP Derek Melber to discover:

  • The attacker-shaped holes in common monitoring solutions
  • The 8 key features to proactively secure AD
  • How Alsid can strengthen your security posture

Start reading the free guide

WHITE PAPER: Future-proofing endpoint management

960 640 Guest Post

By Quest

New devices, platforms, applications, and technologies connecting to the network are overwhelming IT’s ability to manage endpoints across the enterprise. Adding to the complexity, many organizations have disparate systems or processes for managing desktop and mobile devices.

This white paper examines endpoint management issues and reviews best practices for administering, managing and securing all devices with a unified endpoint management (UEM) approach and solution.

You’ll learn how to:

  • Unify the control of all endpoints
  • Reduce the cost and complexity of managing endpoints
  • Enhance end-user experiences
  • Simplify utilization of cloud resources

Click here to download the White Paper.

What’s the average time to identify a security breach? 280 days, according to IBM’s 2020 Cost of a Data Breach report

960 640 Guest Post

By Accedian

Today, it’s not a matter of “if”, but “when”, organizations operating in today’s digital world will be breached. But, once cyber criminals manage to get past the network perimeter, do you have the visibility to detect them and see what the bad actors are doing?

In this guide, find out how next-generation Intrusion Detection Systems (IDS) can help you solidify your security posture, responding faster to intruders and minimizing the impact to your organization’s business continuity.

Download Next-Generation Intrusion Detection: A new security approach to unlock value and drive down risk, and you’ll learn:

·        Why next-generation, behavior-based IDS solutions are critical to complement your existing perimeter and endpoint security solutions

·        How IDS uses intelligent data and machine learning to implement Network Traffic Analysis for end-to-end protection

·        How IDS solutions protect all elements of your infrastructure: the cloud, the edge, on-premises data centers

·        How easily data can be exfiltrated if your perimeter protection is breached

Fortify your security posture. Click here to get a copy of the guide.

The cloud security challenge every CISO must overcome

960 640 Guest Post

By Keith Glancey, Systems Engineering Manager at Infoblox 

Cloud adoption has never been higher. Whether it’s public, private, multi- or even hybrid-cloud environments, organisations of all sizes, across all sectors are benefiting from the enhanced flexibility, reduced cost and greater stability that cloud can bring. 

However, whilst cloud can be an enabler in many areas, it can also cause complications for both security and compliance. In fact, recent research revealed that over half of UK businesses cite security concerns as the biggest barrier to public cloud adoption. To add to this, over a third of business leaders (35%) who have adopted cloud aren’t completely confident that it is secure. 

Cloud environments present some unique security challenges. One such challenge is achieving visibility across an entire organisation. When a business uses multiple providers – and stores data in different locations across on-premise and cloud environments – total visibility can become almost impossible to achieve. But, without it, businesses leave themselves vulnerable to attack. For the modern CISO, visibility has become a huge headache in recent years. 

Ensuring everyone is on the same page 

The average CISO will probably have a snapshot view of the ‘bigger picture’ in terms of the security of their cloud providers. However, when it comes to the day-to-day details – such as relatively minor changes to the identities of and contracts with external partners, for example – it can be very difficult to keep track. Add to this that many organisations will have multiple cloud systems running side by side, as well as on-premise infrastructure that is typically full of legacy applications, and it’s easy to see how certain information can get lost in the ether. 

Although most cloud providers have security measures in place that are more than adequate, there is a tendency for them to focus on their own platform. This method totally ignores the user’s unique ecosystem. This one-size-fits-all security method does not always work to the advantage of an individual organisation, which is why it’s important for CISOs to remain in the driver’s seat. 

CISOs looking to increase visibility could start with an analysis of their key partners. This can help them to determine the best course of action on a case-by-case basis. For example, when a business relies on external server services, it can be difficult for the network team to obtain a 360-degree view across the entire critical infrastructure. This can lead to certain oversights and a lack of understanding in terms of the overall network security posture, especially when you throw IoT devices into the mix. In this case, instead of monitoring all used platforms separately, it is more effective to add a layer to the network that provides centralised insight into the entire ecosystem.  

This is where modern technologies – such as cloud DDI (DNS, DHCP, and IPAM) – come in. By giving CISOs and network teams the ability to automate and consolidate critical aspects of cloud network management, respond quickly to business needs and integrate cloud service platforms across a business, DDI augments visibility into network activities and increases control. It grants visibility into networking activities, no matter where devices might be connected from – including remote locations. 90% of malware touches DNS – the first D in DDI – when entering or leaving the network, making DNS a critical detection tool that, when connected to the security stack, can enable stronger threat remediation. Ultimately, DDI enables the network team to quickly detect and fix any vulnerabilities, no matter where they originate. 

Solving compliance complexity 

Navigating a myriad of different cloud providers also makes compliance more difficult than it should be. Suppose a business is legally obliged to store data on European servers – what happens if a supplier has this order, but its partners don’t follow the same policy? The same applies to subpoenas; a third party abroad could simply reveal sensitive data, even if this is in violation of European law. 

When it comes to compliance, it’s not enough to simply rely upon a supplier’s word. In order to avoid potentially the devastating fines and reputational damage associated with failure to comply, CISOs need to enforce a certain level of visibility across all third parties and ensure that everyone is following the same rules. 

CISOs can take some simple steps to monitor the situation and ensure compliance in the cloud. For example, when it comes to meeting guidelines such as the EU’s Security of Networks & Information Systems (NIS) – which is intended to establish a common level of security for network and information systems – adding a layer to an organisation’s infrastructure can help to boost visibility and reduce complexity. This can also help to automate processes that enable a network team to make their entire security stack work together and thus better anticipate vulnerabilities. 

As cloud becomes an increasingly important part of IT infrastructure, CISOs will continue to face many different security and compliance challenges. In order to get ahead and keep both employees and customers safe, they will need to focus on establishing total visibility across the network of providers and partners. Only then will CISOs be able to take back control and the wider business reap the rewards associated with cloud adoption. 

White Paper: Maximize Your SIEM with Precise Active Directory Security Details

960 640 Guest Post

Filling the Active Directory Security Gaps in Your SIEM

Lateral movement and privilege escalations through Active Directory are the root cause of all breaches. SIEM solutions are not new, and most organizations rely on them to measure the overall security of the network and devices that the SIEM is monitoring. SIEMs can gather log information from computers, firewalls, network devices, printers, and more.

With each device having a different logging format, as well as different levels of events, the SIEM must be configured for each and every device to ensure proper analysis and event gathering. Just looking at Active Directory and domain controllers alone, you’ll find thousands of generated events.

There’s a hacker-shaped hole in your SIEM. Stopping AD compromise begins with weeding out the root causes: lateral movement + privilege escalation. 

Get the Alsid Academy guide by Microsoft MVP Derek Melber at Alsid to help fill the gaps in your SIEM.

Agenda:

  • Where SIEMs succeed (and fail)
  • SIEM customization, correlation, and false positives
  • The risks of agent- and privilege-based solutions

Download the white paper here