Analytics //

Security Monitoring

News & Commentary
Unstructured Data: The Threat You Cannot See
Charles Fullwood, Software Practice Director at Force 3Commentary
Why security teams needs to take a cognitive approach to the increasing volumes of data flowing from sources they don't control.
By Charles Fullwood Software Practice Director at Force 3, 10/10/2017
Comment0 comments  |  Read  |  Post a Comment
How to Live by the Code of Good Bots
Ido Safruti,  Founder and CTO at PerimeterXCommentary
Following these four tenets will show the world that your bot means no harm.
By Ido Safruti Founder and CTO at PerimeterX, 9/27/2017
Comment0 comments  |  Read  |  Post a Comment
7 SIEM Situations That Can Sack Security Teams
Dawn Kawamoto, Associate Editor, Dark Reading
SIEMs are considered an important tool for incident response, yet a large swath of users find seven major problems when working with SIEMs.
By Dawn Kawamoto Associate Editor, Dark Reading, 9/27/2017
Comment2 comments  |  Read  |  Post a Comment
Security Orchestration & Automation: Parsing the Options
Dario Forte, CEO, DFLabsCommentary
Once you head down the path of orchestration, security teams will need to decide how much automation they are ready for. Here's how.
By Dario Forte CEO, DFLabs, 9/15/2017
Comment1 Comment  |  Read  |  Post a Comment
What CISOs Need to Know about the Psychology behind Security Analysis
Kumar Saurabh, CEO and co-founder of LogicHubCommentary
Bandwidth, boredom and cognitive bias are three weak spots that prevent analysts from identifying threats. Here's how to compensate.
By Kumar Saurabh CEO and co-founder of LogicHub, 8/14/2017
Comment1 Comment  |  Read  |  Post a Comment
Using AI to Break Detection Models
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Pitting machine learning bots against one another is the new spy vs. spy battle in cybersecurity today.
By Ericka Chickowski Contributing Writer, Dark Reading, 7/25/2017
Comment0 comments  |  Read  |  Post a Comment
FireEye CEO Shares State of IT Threat Landscape
InformationWeek Staff, CommentaryVideo
FireEye CEO Kevin Mandia talks about the state of the IT threat landscape and where enterprises should focus their attention when it comes to cybersecurity.
By InformationWeek Staff , 6/23/2017
Comment0 comments  |  Read  |  Post a Comment
How to Succeed at Incident Response Metrics
Tom Webb, Incident Handler, SANS Internet Storm CenterCommentary
Establishing a baseline of what information you need is an essential first step.
By Tom Webb Incident Handler, SANS Internet Storm Center, 6/2/2017
Comment1 Comment  |  Read  |  Post a Comment
How to Integrate Threat Intel & DevOps
Andrew Storms, VP Security Services, New ContextCommentary
Automating intelligence can help your organization in myriad ways.
By Andrew Storms VP Security Services, New Context, 5/4/2017
Comment1 Comment  |  Read  |  Post a Comment
Forget the Tax Man: Time for a DNS Security Audit
Ericka Chickowski, Contributing Writer, Dark Reading
Here's a 5-step DNS security review process that's not too scary and will help ensure your site availability and improve user experience.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/11/2017
Comment0 comments  |  Read  |  Post a Comment
As Cloud Use Expands, So Do Security Blind Spots, Studies Show
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Three-quarters of IaaS and SaaS apps arent monitored.
By Ericka Chickowski Contributing Writer, Dark Reading, 4/4/2017
Comment2 comments  |  Read  |  Post a Comment
Data Visualization: Keeping an Eye on Security
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRACommentary
Visualization can be one of the most powerful approaches a security team can use to make sense of vast quantities of data. So why does it end up as an afterthought?
By Joshua Goldfarb Co-founder & Chief Product Officer, IDDRA, 3/27/2017
Comment3 comments  |  Read  |  Post a Comment
Prioritizing Threats: Why Most Companies Get It Wrong
Michael A. Davis, CTO of CounterTackCommentary
To stay safer, focus on multiple-threat attack chains rather than on individual threats.
By Michael A. Davis CTO of CounterTack, 3/24/2017
Comment6 comments  |  Read  |  Post a Comment
Getting Beyond the Buzz & Hype of Threat Hunting
Kyle Wilhoit, Senior Security Researcher, DomainToolsCommentary
When harnessed properly, threat hunting can be one of the most useful techniques for finding attackers in your network. But it wont happen overnight.
By Kyle Wilhoit Senior Security Researcher, DomainTools, 3/20/2017
Comment0 comments  |  Read  |  Post a Comment
Trust, Cloud & the Quest for a Glass Wall around Security
Stan Black, CSO, CitrixCommentary
In the next year, were going to see a leap towards strategic, business-level objectives that can be resolved by simplifying infrastructure and granting greater visibility in real time.
By Stan Black CSO, Citrix, 3/8/2017
Comment0 comments  |  Read  |  Post a Comment
20 Cybersecurity Startups To Watch In 2017
Ericka Chickowski, Contributing Writer, Dark Reading
VC money flowed plentifully into the security market last year, fueling a new crop of innovative companies.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/24/2017
Comment4 comments  |  Read  |  Post a Comment
IBM Brings Watson Cognitive Computing To The SOC
Ericka Chickowski, Contributing Writer, Dark ReadingNews
Technology known for a Jeopardy stunt six years ago is now powering question answering within IBM Security's QRadar system.
By Ericka Chickowski Contributing Writer, Dark Reading, 2/13/2017
Comment2 comments  |  Read  |  Post a Comment
Why Youre Doing Cybersecurity Risk Measurement Wrong
Daniel Gordon, Cyber Intel Analyst, Lockheed Martin Computer Incident Response TeamCommentary
Measuring risk isnt as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
By Daniel Gordon Cyber Intel Analyst, Lockheed Martin Computer Incident Response Team, 1/30/2017
Comment0 comments  |  Read  |  Post a Comment
Cloud Security & IoT: A Look At What Lies Ahead
Bill Kleyman, Chief Technology Officer, MTM TechnologiesCommentary
In the brave new world of cloud, security teams must be as agile as possible. This means leveraging proactive monitoring tools, locking down access points, and forecasting requirements
By Bill Kleyman Chief Technology Officer, MTM Technologies, 1/18/2017
Comment0 comments  |  Read  |  Post a Comment
7 Ways To Fine-Tune Your Threat Intelligence Model
Terry Sweeney, Contributing Editor
The nature of security threats is too dynamic for set-and-forget. Here are some ways to shake off that complacency.
By Terry Sweeney Contributing Editor, 1/5/2017
Comment3 comments  |  Read  |  Post a Comment
More Stories
Current Conversations
Posted by LouiseMiller
Current Conversations wow, what can I say 
In reply to: Great post
Post Your Own Reply
More Conversations
20 Questions to Ask Yourself before Giving a Security Conference Talk
Joshua Goldfarb, Co-founder & Chief Product Officer, IDDRA,  10/16/2017
Printers: The Weak Link in Enterprise Security
Kelly Sheridan, Associate Editor, Dark Reading,  10/16/2017
Hyatt Hit With Another Credit Card Breach
Dark Reading Staff 10/13/2017
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Security Vulnerabilities: The Next Wave
Just when you thought it was safe, researchers have unveiled a new round of IT security flaws. Is your enterprise ready?
Flash Poll
[Strategic Security Report] Assessing Cybersecurity Risk
[Strategic Security Report] Assessing Cybersecurity Risk
As cyber attackers become more sophisticated and enterprise defenses become more complex, many enterprises are faced with a complicated question: what is the risk of an IT security breach? This report delivers insight on how today's enterprises evaluate the risks they face. This report also offers a look at security professionals' concerns about a wide variety of threats, including cloud security, mobile security, and the Internet of Things.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.