AnnouncementCase StudyCheckmarkcustomer-story-iconData Sheethow-to-logoposts
skip to Main Content

SOC

  • 5 min read

Making sense of Amazon GuardDuty alerts

If you’re running workloads on AWS, then you’d better be running GuardDuty. But what is it and how can you make sense of all the signals? Here are our pro tips.

  • 5 min read

Better web shell detections with Signal Sciences WAF

Is Signal Sciences WAF part of your tech stack? Then you’ve got an amazing webshell detection method right at your fingertips.

  • 5 min read

MFA is not a silver bullet to secure your cloud email

Think MFA will be your web mail’s knight in shining armor when a crafty attacker strikes? Think again, and do these four things to make sure your org’s protected.

  • 7 min read

Following the CloudTrail: Generating strong AWS security signals with Sumo Logic

Looking to get more or better security signals out of AWS? Then you’ll wanna read our pro tips on making the most of Amazon CloudTrail.

  • 8 min read

Our journey to JupyterHub and beyond

If you use or are considering trying JupyterHub, it’s your lucky day -- we’re sharing configuration tips and tricks, how we’re using it to make technical research easier, and much more.

  • 4 min read

3 must-dos when you’re starting a threat hunting program

So you decided you want to build a threat hunting program ... but where do you start? Here are our three must-dos when you’re planning your hunt.

  • 3 min read

Here’s what you need to know about business email compromise (BEC)

How often does a business email compromise actually happen? And what should you do about it? Our infographic answers those questions and more.

  • 6 min read

How to find anomalous process relationships in threat hunting

Finding anomalous process relationships -- commands that don’t belong together -- might indicate a problem within your environment. Here’s how to spot ‘em.

  • 7 min read

How to choose the right security tech for threat hunting

How do you decide which tech to use to carry out your hunt? This post’s got some pro tips for when and how to use different technology for your threat hunting mission.

  • 3 min read

Four habits of highly effective security teams

Practice these habits consistently and you’ll have an engaged, talented and all-around awesome security team.

  • 7 min read

How to build a useful (and entertaining) threat emulation exercise for AWS

Want to test your analysts’ detection skills in the cloud? Here are our tips and tricks for building your own threat emulation exercise in AWS.

  • 8 min read

How to find Amazon S3 bucket misconfigurations and fix them ASAP

Why do Amazon S3 bucket breaches happen and how can you protect your own org from making this mistake? We’ve got all the AWS pro tips for you in our latest post.

  • 6 min read

Evaluating GreyNoise: what you need to know and how it can help you

We use technologies behind the scenes to make Expel Workbench and our analysts more efficient. GreyNoise is one of those -- here's how we use it and why you might find it useful too.

  • 9 min read

Seven ways to spot a business email compromise in Office 365

As attackers behind BEC attacks find ever more clever tactics to use, it’s getting trickier for businesses to protect themselves. But here are some telltale signs you can look for that are tip-offs that something’s amiss.

  • 8 min read

Why we love threat emulation exercises (and how to get started with one of your own)

If your team doesn’t have lots of incident response practice under their belt (yet!), a threat emulation exercise is the perfect way to help them flex those response muscles and improve your collective skills.

  • 5 min read

Reaching (all the way to) your NIST 800-171 compliance goals

Close common compliance gaps, without building a SOC, for NIST 800-171 security requirements. And a bit about how we can help.

  • 6 min read

How to get the most out of your upcoming SOC tour: making your provider uncomfortable

Seven smart ways to prepare for a tour of a security operations center (SOC) and five clues to watch out for during your visit.

  • 6 min read

How to identify when you’ve lost control of your SIEM (and how to rein it back in)

See if these four telltale warning signs get your head nodding. If so, learn how to get started on regaining control.

  • 9 min read

What “I Love Lucy” teaches us about SOC performance

A little nerdy (and a lot math-y) post to help you better understand your SOC's systems, so you know how changes will impact its operation. If you’re wondering what “I Love Lucy” has to do with this then read on.

  • 7 min read

How much does it cost to build a 24x7 SOC?

Not all 24x7 SOCs are created equal. To figure out how much it costs to go 24x7, you have to first figure out what kind of SOC you’re trying to build. We outline four possible security operations centers and an estimate of your costs.

  • 4 min read

Mistakes to avoid when measuring SOC performance

Discover the three most common mistakes companies make when developing their first set of operational metrics.

Back To Top