Security Operations Insights
206 results found
How the "Stryker" Intune Wipe Incident Highlights a Critical Gap in Endpoint Control
The "Stryker" incident highlights vulnerabilities in control plane design, leading to large-scale device wipes via Microsoft Intune. This case study emphasizes the need for layered safeguards, such as Workspace ONE's verification, segmentation and bulk action constraints, to prevent catastrophic outcomes. Architectural resilience, not just policy, is crucial for security.
Securing AI in Motion: Gigamon Deep Observability for WWT ARMOR
Gain insights into Gigamon's role in strengthening AI security through improved network visibility, alongside WWT's AI Readiness Model for Operational Resilience (ARMOR) framework. Kent Noyes (WWT), Bassam Khan (Gigamon), and Istvan Berko (WWT) discuss how rapid AI adoption is expanding the attack surface and why organizations need governance, data controls, and visibility into data flows to innovate securely. The session outlines ARMOR's focus areas (including governance/compliance, model protection, data security operations, and secure development lifecycle) and explains how Gigamon's east-west traffic visibility and metadata extraction can support detection, investigations, and AI-driven analytics for SOC and operational use cases.
Partner POV | Why Trellix SecondSight Is Like Gaining a Team of Elite Threat Hunters
Trellix SecondSight enhances cybersecurity by integrating human expertise and AI to detect stealthy threats within existing security frameworks. It offers proactive threat hunting, leveraging Trellix's vast intelligence database, to transform raw data into actionable insights, reducing risk and improving response times without additional resources.
Partner POV | SentinelOne & Cloudflare Expand Partnership to Deliver Real-Time Threat Detection and Automated Response for Enterprises
SentinelOne and Cloudflare unite to enhance enterprise security through AI-driven insights and real-time threat detection. Their integration automates threat response across edge, endpoint, and cloud environments, simplifying security operations and empowering analysts to focus on critical threats. This partnership promises a scalable, unified security approach for modern organizations.
Introduction to Torq Hyperautomation and HyperSoC
Introduces the concept related to the Torq HyperAutomation platform include use cases for step runners, and Artificial Intelligent agents (HyperAgents).
Check Point Technologies, Architecture, & Deployment Models
This learning path delivers a structured exploration of Check Point's security design principles and platform deployment models across enterprise network environments. Through guided articles, videos, & a hands-on-lab, participants will develop meaningful insightst around platform selection, deployment placement, and policy design for the data center, Internet edge, campus, and branch.
ATC+
Armis: To Catch a Hacker
The Armis to catch a hacker lab will walk users through a realistic exercise based upon real-life incidents with with sophisticated Advanced Persistent Threat (APTs) Actors. These threat actors will move laterally across the network and exploit common visibility gaps to reach their target objectives. This lab will show users how Armis can be leveraged to see this movement.
Advanced Configuration Lab
•Intermediate
•331 launches
When a Metric Becomes the Mission - Goodhart's Law in Security Operations
Security Operations metrics are essential, but dangerous when they become the goal. This post explores how SOC metrics like MTTD and MITRE ATT&CK coverage drift from their original intent, examines real-world parallels, and offers a practical framework for keeping your metrics honest and mission-aligned.
Partner POV | Think You Have Visibility? Think Again.
Traditional SIEMs struggle with visibility, leaving gaps for attackers. Cortex XSIAM leverages rich telemetry and data stitching to provide comprehensive threat detection and response. By unifying endpoint, network, and cloud data, it reduces alert fatigue and enhances security operations, enabling proactive defense against sophisticated threats. Discover transformative security with Cortex.
SentinelOne FY27 Sales Kick Off Recap
Fresh off its sales kickoff, SentinelOne is going all in on AI security, unified attack surface protection, and the Autonomous SOC. The mid-market enterprise detection and response (EDR) narrative is outdated. This is about securing AI at scale and reshaping modern security operations.
AI for Security vs Security for AI with Palo Alto Networks
Join WWT and Palo Alto Networks for an insightful discussion about how AI is transforming organizations and reshaping today's cybersecurity landscape. Learn how Palo Alto Networks comprehensive platform approach combined with WWT's ARMOR framework and ATC validation capabilities, helps customers secure every aspect of AI usage from development to deployment and beyond.
Microsoft Sentinel Fundamentals
The Microsoft Sentinel Fundamentals course provides a comprehensive overview of the Microsoft cloud-native SIEM and SOAR platform. It begins with an introduction to Sentinel's architecture, highlighting how it aggregates data across users, devices, and applications to provide a bird's-eye view of an organization's security posture.
The curriculum then dives into Threat Intelligence, teaching students how to ingest and manage indicators of compromise (IOCs) from various feeds to proactively identify malicious activity. Central to the course is Analytics, where learners master the Kusto Query Language (KQL). Through KQL, you'll learn to write high-performance queries to filter massive datasets, build custom detection rules, and hunt for sophisticated threats.