Lets Automate It

from Josh Rickard

Responding to Insider Threats With Soar

2020-04-24 swimlane Josh Rickard
Insider threats occur when an individual with ties to an organization misuses their access for malicious intent, such as stealing intellectual property or other data. Detecting insider threats can be difficult. But by using a security information and event management (SIEM) system or data loss prevention (DLP) products, you can create alerts to detect the exfiltration of data leaving your organization that is unauthorized or unexpected. Once you have detected these events, your security operations center (SOC) needs to investigate rapidly. Continue reading

Identify Malicious Domains Using Soar

2020-03-25 swimlane Josh Rickard
Domain Squatting, typosquatting and IDN homograph attacks are commonplace when it comes to phishing and other forms of social engineering. Attackers use domain squatting and typosquatting of domains to trick users into providing their credentials, distribute malware, harm an organization’s reputation, or otherwise maliciously impersonate a legitimate domain. We’ve discussed this topic before and have developed a unique use case with Swimlane to detect this malicious activity automatically. Recently, we began to monitor domains related to coronavirus (COVID-19), knowing there would be an increase in traffic to research the outbreak, which could be exploited by bad actors. Continue reading