#1 Trusted Cybersecurity News Platform
Followed by 5.20+ million
The Hacker News Logo
Subscribe – Get Latest News

Security Automation | Breaking Cybersecurity News | The Hacker News

Category — Security Automation
A Comprehensive Guide to Finding Service Accounts in Active Directory

A Comprehensive Guide to Finding Service Accounts in Active Directory

Oct 22, 2024 Identity Management / Security Automation
Service accounts are vital in any enterprise, running automated processes like managing applications or scripts. However, without proper monitoring, they can pose a significant security risk due to their elevated privileges. This guide will walk you through how to locate and secure these accounts within Active Directory (AD), and explore how Silverfort's solutions can help enhance your organization's security posture. Understanding Security Accounts Service accounts are specialized Active Directory accounts that provide the necessary security context for services running on servers. Unlike user accounts , they aren't linked to individuals but enable services and applications to interact with the network autonomously. With their high-level permissions, service accounts are attractive targets for attackers if left unmanaged. Hence, proper management and monitoring are critical to prevent security breaches. Finding Service Accounts in Active Directory Due to the sheer number of acco...
6 Simple Steps to Eliminate SOC Analyst Burnout

6 Simple Steps to Eliminate SOC Analyst Burnout

Oct 10, 2024 AI Automation / Threat Response
The current SOC model relies on a scarce resource: human analysts. These professionals are expensive, in high demand, and increasingly difficult to retain. Their work is not only highly technical and high-risk, but also soul-crushingly repetitive, dealing with a constant flood of alerts and incidents. As a result, SOC analysts often leave in search of better pay, the opportunity to move beyond the SOC into more rewarding roles, or simply to take much-needed breaks. This high churn rate puts the SOC in a vulnerable position, jeopardizing the overall effectiveness of cybersecurity operations. To keep your team resilient and maintain operational efficiency, it's essential to take proactive steps to reduce burnout and improve retention. Here are five strategies that can make a difference. Why Analyst Burnout Matters More Than Ever SOC analyst burnout is becoming a critical issue as the cybersecurity landscape evolves. Security Operations Centers (SOCs) face a growing number of daily al...
The Future of Serverless Security in 2025: From Logs to Runtime Protection

The Future of Serverless Security in 2025: From Logs to Runtime Protection

Nov 28, 2024Cloud Security / Threat Detection
Serverless environments, leveraging services such as AWS Lambda, offer incredible benefits in terms of scalability, efficiency, and reduced operational overhead. However, securing these environments is extremely challenging. The core of current serverless security practices often revolves around two key components: log monitoring and static analysis of code or system configuration. But here is the issue with that: 1. Logs Only Tell Part of the Story Logs can track external-facing activities, but they don't provide visibility into the internal execution of functions. For example, if an attacker injects malicious code into a serverless function that doesn't interact with external resources (e.g., external APIs or databases), traditional log-based tools will not detect this intrusion. The attacker may execute unauthorized processes, manipulate files, or escalate privileges—all without triggering log events. 2. Static Misconfiguration Detection is Incomplete Static tools that check ...
EPSS vs. CVSS: What’s the Best Approach to Vulnerability Prioritization?

EPSS vs. CVSS: What's the Best Approach to Vulnerability Prioritization?

Sep 26, 2024 Vulnerability Management / Security Automation
Many businesses rely on the Common Vulnerability Scoring System (CVSS) to assess the severity of vulnerabilities for prioritization. While these scores provide some insight into the potential impact of a vulnerability, they don't factor in real-world threat data, such as the likelihood of exploitation. With new vulnerabilities discovered daily, teams don't have the time - or the budget - to waste on fixing vulnerabilities that won't actually reduce risk. Read on to learn more about how CVSS and EPSS compare and why using EPSS is a game changer for your vulnerability prioritization process.  What is vulnerability prioritization? Vulnerability prioritization is the process of evaluating and ranking vulnerabilities based on the potential impact they could have on an organization. The goal is to help security teams determine which vulnerabilities should be addressed, in what timeframe, or if they need to be fixed at all. This process ensures that the most critical risks are mitigat...
cyber security

Creating, Managing and Securing Non-Human Identities

websitePermisoCybersecurity / Identity Security
A new class of identities has emerged alongside traditional human users: non-human identities (NHIs). Permiso Security's new eBook details everything you need to know about managing and securing non-human identities, and strategies to unify identity security without compromising agility.
Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Agentic AI in SOCs: A Solution to SOAR's Unfulfilled Promises

Sep 25, 2024 Artificial Intelligence / SOC Automation
Security Orchestration, Automation, and Response (SOAR) was introduced with the promise of revolutionizing Security Operations Centers (SOCs) through automation, reducing manual workloads and enhancing efficiency. However, despite three generations of technology and 10 years of advancements, SOAR hasn't fully delivered on its potential, leaving SOCs still grappling with many of the same challenges. Enter Agentic AI—a new approach that could finally fulfill the SOC's long-awaited vision, providing a more dynamic and adaptive solution to automate SOC operations effectively. Three Generations of SOAR – Still Falling Short SOAR emerged in the mid-2010s with companies like PhantomCyber, Demisto, and Swimlane, promising to automate SOC tasks, improve productivity, and shorten response times. Despite these ambitions, SOAR found its greatest success in automating generalized tasks like threat intel propagation, rather than core threat detection, investigation, and response (TDIR) workloads....
Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform

Webinar: Experience the Power of a Must-Have All-in-One Cybersecurity Platform

Aug 23, 2024 Threat Detection / Security Automation
Let's be honest. The world of cybersecurity feels like a constant war zone. You're bombarded by threats, scrambling to keep up with patches, and drowning in an endless flood of alerts. It's exhausting, isn't it? But what if there was a better way? Imagine having every essential cybersecurity tool at your fingertips, all within a single, intuitive platform, backed by expert support 24/7. This is the game-changing power of an All-in-One solution. Get ready for a live, no-nonsense demonstration. Join us for the webinar " Step by Step: How to Achieve Total Protection with an All-in-One Platform ," where Cynet's experts—celebrated for their stellar performance in the MITRE ATT&CK Evaluations—will take you inside a live simulation of real-world cyberattacks. Experience firsthand the unparalleled strength of a unified cybersecurity approach and learn how to secure total protection for your organization. Here's what you'll witness: Simulating real-world t...
Enhancing Incident Response Readiness with Wazuh

Enhancing Incident Response Readiness with Wazuh

Aug 05, 2024 Threat Detection / Network Security
Incident response is a structured approach to managing and addressing security breaches or cyber-attacks. Security teams must overcome challenges such as timely detection, comprehensive data collection, and coordinated actions to enhance readiness. Improving these areas ensures a swift and effective response, minimizing damage and restoring normal operations quickly. Challenges in incident response Incident response presents several challenges that must be addressed to ensure a swift and effective recovery from cyber attacks. The following section lists some of these challenges. Timeliness : One of the primary challenges in incident response is addressing incidents quickly enough to minimize damage. Delays in response can lead to more compromises and increased recovery costs. Information correlation : Security teams often struggle to effectively collect and correlate relevant data. Without a comprehensive view, understanding the full scope and impact of the incident becomes difficu...
How To Get the Most From Your Security Team’s Email Alert Budget

How To Get the Most From Your Security Team's Email Alert Budget

Jul 31, 2024 Email Security / Data Protection
We'll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that AI is enabling more sophisticated attacks that evade traditional defenses, and the never-ending cybersecurity talent gap means we're all struggling to keep security teams fully staffed.  Given that reality, security teams need to be able to monitor and respond to threats effectively and efficiently. You obviously can't let real threats slip past unnoticed, but you also can't afford to waste time chasing false positives.  In this post, we're going to look at some of the ways Material Security 's unique approach to email security and data protection can dramatically–and quantifiably–save your security teams hours each week while improving the effectiveness of your security program.  What's Your Alert Budget? Before we dive into the "how," let's take a moment to look at why efficiency is critical in security operations. To do that, let's think about how m...
How to Use Tines's SOC Automation Capability Matrix

How to Use Tines's SOC Automation Capability Matrix

Jun 21, 2024 SOC Automation / Security Operation
Created by John Tuckner and the team at automation and AI-powered workflow platform  Tines , the  SOC Automation Capability Matrix (SOC ACM)  is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents.  A customizable, vendor-agnostic tool featuring lists of automation opportunities, it's been shared and recommended by members of the security community since its launch in January 2023, notably by Airbnb engineer Allyn Stott in his BSides and Black Hat talk,  How I Learned to Stop Worrying and Build a Modern Detection & Response Program .   The SOC ACM has been compared to the MITRE ATT&CK and RE&CT frameworks, with one user saying, "it could be a standard for classification of SOAR automations, a bit like the RE&CT framework, but with more automation focus." It's been used by organizations in Fintech, Cloud Security, and beyond, as a basis for asses...
Expert Insights / Articles Videos
Cybersecurity Resources