USER AND ENDPOINT USE CASES FOR VISIBILITY INTO UNAUTHORIZED BEHAVIOR
The shift to remote operations will have longer term impacts on many organizations. Businesses will continue to focus on where additional visibility and controls are needed for both in office and remote work operations. Visibility into user activity is necessary to prevent both external and internal threats taking advantage of new working conditions. The final release in our Rapid Response Resources Series focuses on use cases that detect unauthorized user behavior in your SIEM and EDR.
Access example use case queries to get visibility into malicious user activity events and protect your users and business from attackers.
AUTOMATION: DETECTION TECHNIQUES & USE CASES FOR FASTER RESPONSE
With the rapid shift to remote operations, many organizations are looking for new ways to gain visibility into their security posture and protect against new risks targeting their users and businesses. This week’s release focuses on actionable ways to implement automation at your organization. Automation detection and response techniques save time and research for your security team, so they can focus their efforts where they can help the business the most.
Get access to sample PowerShell queries and detection techniques for two threat types, Windows active directory and DNS beaconing, allowing your team to respond faster and decrease this risk across your environment.
CLOUD THREAT INTEL AND USE CASES
As enterprises adjust to fully remote operations, cloud applications and services are being used more often from new locations, triggering insider threat use cases against existing baselines. In this content release, we’ll cover common attack types against the top three cloud service providers: Microsoft Azure, Amazon AWS, and Google Cloud Platform. While all three of these technologies are unique in their design or implementation, they generally suffer from the same type of threats and exploits from threat actors.
In Cloud Threat Intel and Use Cases, receive guidance on how to secure cloud application and services and protect against three common attack types:
- Misconfigured storage buckets
- Metadata service exploitation through SSRF
- Credential leakage and overly permissive access
This release will also provide use cases to detect unauthorized usage or access to cloud applications – enable these directly in your SIEM or Cloud Application Security to get the visibility you need into cloud-specific events.
EMAIL THREAT INTEL AND USE CASES
With recent shifts to remote work forces, organizations have been targeted with more phishing campaigns incorporating email spam, business email compromise, and the spread of malware by leading users to fake COVID-19 information sites or reports. Threat actors are trying to capitalize on the situation by targeting remote workers with phishing emails.
In email threat intel and use cases, receive best practices to protect your remote work force against email risks, use cases to enable in your SIEM and COVID-19 specific indicators of compromise providing the needed visibility into email-specific events.