Flagging Homoglyph Attacks
Red teams and state-sponsored actors are increasingly leveraging homoglyphs to phish unsuspecting users. By using Unicode characters, adversaries create fake domains which are indistinguishable...
View ArticleThreat Intelligence is Dead
Long live security analytics!At AlphaSOC we process network traffic to uncover compromised systems without relying on threat intelligence or indicators of compromise (IOCs). The rationale being that...
View ArticleEvaluating Threat-Blocking DNS Providers
Ask any CISO and they will tell you that one of the biggest challenges they face is measuring the ROI of a given security product or service. It is very difficult, if not impossible, for a customer to...
View ArticleSupercharge Your SOC
Uncovering emerging threats with Network Behavior AnalyticsTelemetry used by SOC analysts to identify compromised hosts stems from IDS sensors, EDR and antivirus running on endpoints, and SIEM...
View ArticleA Deeper Look at Dangerous TLDs
Each day at AlphaSOC we process billions of network events to identify infected hosts and anomalies within customer environments. Our analytics engine scores DNS, IP, and HTTP telemetry to uncover...
View ArticlePUPs: The Ultimate Pervasive Threat
How potentially unwanted programs (PUPs) are blowing networks wide openAlphaSOC processes billions of network events each day to identify infected hosts and anomalies within customer environments. Our...
View ArticleThe Computer Safety Industry
The Computer Safety Industry?Thinking of a system as either secure or insecure is nonsensical — these are misnomers that we should abandon. Many organizations believe they operate secure computer...
View ArticleUnderstanding the Mechanics Behind the Cyber Skills Shortage
CyberSeek publishes and maintains a Cybersecurity Supply / Demand Heat Map online, as summarized below. The site tracks open job postings across the United States, and today reports that there are over...
View ArticleThe Problem with Indicator Lists
AlphaSOC processes 3B daily network events from customer environments across technology, healthcare, defense, retail, finance, and higher education verticals. Security teams send us their DNS,...
View ArticleAutomating the Hunt
Through Network Behavior Analytics for Splunk and our native integrations for Demisto and Graylog, we instantly enrich network indicators (FQDNs, URLs, and IP addresses) to provide security teams with...
View ArticleDNS over HTTPS — the tip of a network visibility iceberg
DNS over HTTPS — the tip of a network visibility icebergWithin the industry there’s been a lot of talk lately around DNS over HTTPS (DoH) and how adversaries use the channel to perform C2 DNS lookups...
View ArticleMoving Beyond Indicator Lists
AlphaSOC processes network telemetry to highlight both known and unknown emerging threats. Using our layered analytics approach, security teams uncover three times more malware than with indicator...
View ArticleUncover Detection Blindspots with Network Flight Simulator
Today at AlphaSOC we released Network Flight Simulator (flightsim) 2.2.1, which is our free, open source adversary simulation tool. This latest release includes a number of new modules that security...
View Article
More Pages to Explore .....