Security operations

Creating alert thresholds is critical to *not* driving your SOC analysts batty, but what’s the “right” number? Here are some tips, tricks and favorite tools we use to determine alert thresholds for customer environments.

We love EDR tools too, but are our best tips and tricks for combining EDR data with other (equally) important security signals.

What’s this new framework and how should you use it? Our CISO’s got all the details plus a FREE downloadable self-scoring tool to help you assess where your org’s at when it comes to privacy.

Is your data really safer in the server room next door? Probably not. Here are five reasons why the cloud offers better security than your on-prem environment.

If you’re running workloads on AWS, then you’ll want to know all about the latest and greatest AWS-native security tools. We’ve got you covered in our latest post.

Jupyter Notebook gave us the freedom to rethink the way we analyzed hunting data. Here are some tips and tricks you can use in your own analysis.

If you’re running workloads on AWS, then you’d better be running GuardDuty. But what is it and how can you make sense of all the signals? Here are our pro tips.

Is Signal Sciences WAF part of your tech stack? Then you’ve got an amazing webshell detection method right at your fingertips.

Think MFA will be your web mail’s knight in shining armor when a crafty attacker strikes? Think again, and do these four things to make sure your org’s protected.

NIST isn’t only useful for corporations -- it’s helpful for guiding security activities around processes like our national elections. Our CISO’s got some thoughts on exactly how to apply NIST to election security.

Looking to get more or better security signals out of AWS? Then you’ll wanna read our pro tips on making the most of Amazon CloudTrail.

Relativity CSO Amanda Fennell shares the top five, easy-to-get-started things she sees forward-thinking law firms doing to improve their security.

If you use or are considering trying JupyterHub, it’s your lucky day -- we’re sharing configuration tips and tricks, how we’re using it to make technical research easier, and much more.

So you decided you want to build a threat hunting program ... but where do you start? Here are our three must-dos when you’re planning your hunt.

How often does a business email compromise actually happen? And what should you do about it? Our infographic answers those questions and more.

Got Macs in your org? Here are a few recent Mac OS attack trends and how you can become more resilient to ‘em.

SOAR isn’t really about “orchestration and response.” It’s an engineering problem at its core. Here’s why.

Finding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.

Your IT team isn’t racking and stacking servers like they used to, but cracking the cloud security code is easier than you think. Get our pro tips for doing just that.

How do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.

If you’ve got a blank canvas with the opportunity to build a security program from scratch, here’s how to get started and make the most of your new program

The NIST Privacy Framework will revolutionize how we think about privacy. Here’s how your org might use it.

Practice these habits consistently and you’ll have an engaged, talented and all-around awesome security team.

Need to expand your security tool chest? Our CISO’s got some tips to consider when thinking about what tech to keep or buy.

How well is your MSSP or MDR going to manage your fleet of security signals over time? Here’s how to figure out whether they’re up for the challenge.

Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.

How can you figure out if the quality of the service you’re about to sign up for will improve over time? Our COO Yanek Korff’s got some tips for making sure you choose a service that’ll last.

If you're left holding the hot potato of a legacy lackluster security program, or are suddenly forced to protect your org and its data with less, here are a few quick steps to take to get cybersecurity efforts back on track.

If you're feeling like your SaaS security knowledge is a bit cloudy, these three pro tips will get you started on the right path.

Figuring out how to protect your SaaS infrastructure like Office 365 -- especially if you’re newer to cloud -- can feel overwhelming. So here are five Office 365 security best practices to check out right now.

Close common compliance gaps, without building a SOC, for NIST 800-171 security requirements. And a bit about how we can help.

Understanding how to think about cloud security differently is half the battle. We've thought a lot about it, and we’ve identified three key points that should inform your cloud strategy.

Let us walk you through our third-party assessment process. We think it's lightweight but still achieves the objective - determining if a vendor can be trusted.

In this guest post, Amanda Fennell, CSO at Relativity reflects on what she’s learned.

See if these four telltale warning signs get your head nodding. If so, learn how to get started on regaining control.

In case doing a “stare-and-compare” of the original and updated frameworks isn’t your idea of fun, I’ve highlighted three important changes here.

We want to demystify what hunting is and what it’s not. So here goes nothin’ ...

We give you a quick tour of the NIST Cybersecurity framework and describe how you can baseline your efforts in a couple of hours. So check it out.

A little nerdy (and a lot math-y) post to help you better understand your SOC's systems, so you know how changes will impact its operation. If you’re wondering what “I Love Lucy” has to do with this then read on.

Not all 24x7 SOCs are created equal. To figure out how much it costs to go 24x7, you have to first figure out what kind of SOC you’re trying to build. We outline four possible security operations centers and an estimate of your costs.

An uncommonly clear review of what managed detection and response (MDR) is, where it came from and what it can/can't do for you.

NIST has polished up their Cybersecurity Framework based on thousands of organizations implementing it over the past three years. Our CISO, Bruce Potter, highlights three of the most significant (and practical) changes.

We cut through the hype to explain what EDR products can do for you.

Look out for these five indicators that it's probably time to start considering alternatives to your managed security services provider. Plus, questions to ask to avoid these traps.

Guidance and a short list of things you can do to help you answer the common question "how much should I spend on cybersecurity?"

Set yourself up for success by asking these four questions before you purchase new security products.

Discover the three most common mistakes companies make when developing their first set of operational metrics.