Bring Your APIs Out of the Shadows to Protect Your Business

Pankaj Gupta, Senior Director, Citrix APIs are immensely more complex to secure. What was previously one request to one server has become dozens or hundreds of requests to dozens or hundreds of entities. In the past, you defended one large application with a single front door. Now you must defend...

Strategies, tools, and frameworks for building an effective threat intelligence team

How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...

Strategies, tools, and frameworks for building an effective threat intelligence team

How to think about building a threat intelligence program The security community is continuously changing, growing, and learning from each other to better position the world against cyber threats. In the latest Voice of the Community blog series post, Microsoft Product Marketing Manager Natalia...

Solorigate/Sunburst : Theft of Cybersecurity Tools | FireEye Breach

Update Jan 5, 2021: New patching section with two new dashboard widgets showing the number of missing FireEye-related patches in your environment and the number of assets in your environment missing one of those patches. Update Dec 23, 2020: Added a new section on compensating controls. Update De...

Microsoft Windows TCP/IP Remote Code Execution Vulnerability (CVE-2020-16898) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR®

On October 13, 2020, Microsoft fixed a critical remote code execution vulnerability in the Windows TCP/IP stack for handling ICMPv6 Router Advertisement packets. While Microsoft ranks this vulnerability as “Exploitation More Likely,” we may see a proof-of-concept released soon. The security issue...

Qualys Cloud Platform 3.0 New Features

This release of the Qualys Cloud Platform version 3.0 includes updates and new features for Vulnerability Management, highlights as follows. Vulnerability Management The following features apply to all subscriptions that are currently using the Vulnerability Management Dashboard beta. With this...

Mimir - Smart OSINT Collection Of Common IOC Types

Smart OSINT collection of common IOC types. Overview This application is designed to assist security analysts and researchers with the collection and assessment of common IOC types. Accepted IOCs currently include IP addresses, domain names, URLs, and file hashes. The title of this project is nam...

Introducing Integrated Threat Intelligence from ThreatConnect on the PSC

To effectively defend against attacks, analysts must leverage details from multiple tools to gain an understanding of the actions they need to take to protect their environment. By integrating context from different tools and intelligence feeds into the alerts security teams receive, they have...

Microsoft Launches a New Recognition Program for MAPP Partners

There are many dedicated people and organizations who contribute to the protection and security of our common customers. For years, Microsoft has recognized security researchers for helping protect the ecosystem. Now, we’re announcing the launch of a new program to better recognize and thank...

Sharing Threat Intelligence: Time for an Overhaul

Most organizations don’t really have a good way of sharing threat-related data outside of their own industry verticals. Sure, there are Information Sharing and Analysis Centers ISACs; i.e. FS-ISACs for the financial-services industry. But the information still tends to stay in industry-specific...

Partner Perspectives: ThreatConnect and Carbon Black: Incorporating Threat Intel for Quicker Incident Response

Megan Horner is the Director of Product Marketing for ThreatConnect. When it comes to incident response, there’s typically a focus on three main stages: investigation, containment, and remediation. Moving from one stage to the next as efficiently as possible is critical to expediting response...

Generic Signature Format for SIEM Systems: Sigma

Sigma is a generic and open signature format that allows you to describe relevant log events in a straight forward manner. The rule format is very flexible, easy to write and applicable to any type of log file. The main purpose of this project is to provide a structured form in which researchers ...

Cyber Probe - Capturing, Analysing and Responding to Cyber Attacks

Cyberprobe is a distributed software architecture for monitoring of networks against attack. It consists of two components: cyberprobe, which collects data packets and forwards them over a network in standard streaming protocols; and cybermon which decodes protocols, and invokes user-defined logi...

CISA Passes Senate Without Addressing Privacy Concerns

To the consternation of many — tech companies, privacy advocates, and civil liberties groups included — members of the Senate voted overwhelmingly Tuesday to pass a version of the Cybersecurity Information Sharing Act, a bill that many opposed argue will lead to continued pervasive government...

U.S. and Japan to Cooperate on Cybersecurity, Information Sharing

The United States and Japan have agreed to cooperate more closely on cybersecurity and information sharing initiatives as a way to help both countries defend against future threats and attacks. The new initiative will include a variety of components, most notably cooperation during serious...

Draft Bill to Protect Threat Information Sharing

The fear of lawsuits has – for a very long time – been among the primary reasons that public-private cyber-threat information sharing practices have never really materialized. This failure is reality in spite of repeated calls for such partnerships year after year from government and industry...

UPDATE: Ongoing Malicious Cyber Activity Against U.S. Government and Private Sector Entities

UPDATE: The United States Department of Homeland Security, in collaboration with the Federal Bureau of Investigation and other partners, has released a second Joint Indicator Bulletin JIB through secure channels. Confirmed members of the cybersecurity community of practice, which may include...