Starting in January I was offered the following challenge: Help customers use their NetEye system differently, that is, help customers exploit the potential of our system to move from a use that’s strictly related to monitoring to one more oriented towards the security arena, that is, creating a system in-house that can help them implement…
Read MoreA Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…
Read MoreA Security Operation Center (SOC) is a service where the customer is an active participant. Establishing a good relationship with the customer is an important requirement for handling security incidents more efficiently. Our SOC analysts produce and deliver several reports, most of them on a monthly basis. They are usually presented to clients during a…
Read MoreIntroduction In today’s increasingly complex cybersecurity landscape, it is crucial for organizations to adopt effective solutions to protect their data and digital assets from ever-evolving threats. Two commonly used services in this regard are SOC (Security Operations Center) and MDR (Managed Detection and Response). While both aim to ensure cybersecurity, there are important differences that…
Read MoreOne of the most comprehensive services offered by Wuerth-Phoenix’s Cyber Security team is the Security Operation Center (SOC). An SOC is capable of monitoring an IT environment, scanning all messages sent within the internal network, and all operations performed on corporate devices. Through the use of detection rules, the SOC is able to identify anomalies…
Read MoreZero-day vulnerabilities pose a serious threat in the field of cybersecurity. These flaws are usually discovered and exploited by criminals before security researchers even know of their existence. Because of this, we call them 0-day. It indicates the amount of time the “good people” have had to study and solve the problem. So if this…
Read MoreWe decided to carry out an evaluation of Elastic’s EDR using the APT Simulator (https://github.com/NextronSystems/APTSimulator) tool. This tool is widely used within the cyber security community and is highly reputed, as it was developed by Florian Roth, who also created the Sigma Rule project. APT Simulator is a Windows Batch script that uses a set…
Read MoreWithin our Attacker Centric Security Operation Center, we look for the best detection rules every day to help you detect attack scenarios. One of the most important projects that we use as a source in this area is without doubt that of Sigma Rule (https://github.com/SigmaHQ/sigma). The project, founded by Florian Roth (https://www.linkedin.com/in/floroth/), has almost 300…
Read MoreOne of the important elements of Cyber Threat Intelligence activity is the verification of IoCs (Indicators of Compromise) that can identify threats that can create an impact on your organization. In parallel to our OSINT and Cyber Threat Intelligence SATAYO platform we have implemented the SATAYO IoC database which currently has about 900,000 elements. Among…
Read MoreIT security is one of the highest priorities for every CIO. Cyber-attacks are now a reality that we must deal with on a daily basis. More and more organizations have been the victims of so-called cybercrimes that are the cause of financial losses, operational problems and consequences to the company’s reputation. That is why trying…
Read More