Tag: threat detection
171 articles

SANS Warns of AI Governance Gap as Security Teams' Confidence Eroding
Despite a significant surge in AI adoption, with 78% of organizations now using AI in their cybersecurity strategy, a growing number are facing a harsh reality: 63% report major gaps in threat detection and response. This alarming trend highlights a pressing need for better AI governance to bridge the confidence gap.

Microsoft Ramps Up Vulnerability Detection with AI-Driven Scanning Tools
Microsoft is supercharging its vulnerability detection capabilities with AI-driven scanning tools, which will soon lead to a surge in Windows updates as more zero-day vulnerabilities are uncovered. Get ready for a higher volume of security updates, as AI helps defenders identify and address issues faster than ever before.

AI SOC Platforms Face Test of Predictive Power
Meet Mike Shannon, Guardant Health's Director of Security Engineering, who's ditched manual queries for Exabot - a game-changing AI solution that's revolutionizing the way security teams operate. By harnessing the power of AI SOC platforms, organizations can now automate core security tasks, freeing up teams to focus on high-stakes threats.

Kaspersky Compromise Assessments Reveal Persistent Detection Gaps
Kaspersky's 2025 Compromise Assessment analysis reveals a shocking truth: 60% of incidents go undetected due to a lack of reliable alerts from existing tools, while manual detection accounts for only 20% of discovered threats. This blind spot allows threats to hide for alarmingly long periods, with 30.8% of incidents having a dwell time of over three months.

Cybersecurity Gaps Exposed in Non-Email Threat Detection
As cybercriminals shift their focus from email to other trusted channels, a glaring gap in non-email threat detection has emerged, leaving organizations vulnerable to attacks on messaging and social platforms. A recent survey of cybersecurity pros reveals that while 60% of attacks now target non-email channels, half of respondents admit their organizations lack confidence in detecting these threats.

Managed Detection and Response Hits Limits in AI-Powered Attack Era
The traditional Managed Detection and Response model is struggling to keep up with the evolving threat landscape, leaving nearly 1% of real threats hidden in low-severity alerts that often go unreviewed. This means that in a typical enterprise generating 450,000 alerts annually, hundreds of potential security incidents may be slipping through the cracks.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software
Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

EDR Adoption Falls Short on Cyber Resilience
Many organizations have invested in advanced endpoint detection and response (EDR) platforms, but struggle to turn that visibility into real-world protection, leaving them vulnerable to cyber threats. The harsh reality is that EDR is only as effective as the team's ability to act on its alerts.

SIEM Helps MSPs Filter Out Noise, Accelerate Threat Detection
MSPs are drowning in a sea of security alerts, but the real challenge is cutting through the noise to identify genuine threats. When endpoint, identity, cloud, and network sensors operate in isolation, duplicate alerts and blind spots create an incomplete picture, making it tough to prioritize and respond to potential threats.

SOCs Shut Down Incident Risks with Proactive Threat Detection
Stay ahead of incident risks with proactive threat detection from ANY.RUN's Threat Intelligence Feeds, which deliver a continuous stream of high-confidence threat data from a vast network of organizations and SOC professionals. By shrinking the time between detection and understanding, modern Security Operations Centers (SOCs) can effectively shut down threats before they cause harm.

Phishing Attacks Expose Gaps in Early Detection
In just 40 seconds, ANY.RUN's interactive sandbox exposed the full attack chain of a phishing attack, revealing redirects, fake pages, and signs of possible remote access. This game-changing tool helps teams detect phishing threats early, providing concrete evidence of business exposure before it's too late.

OpenAI Launches Daybreak to Bolster Cybersecurity with AI-Powered Vulnerability Detection
OpenAI's new Daybreak platform is revolutionizing cybersecurity with AI-powered vulnerability detection, empowering organizations to spot risks earlier and build resilient software from the ground up. By harnessing the power of large language models, Daybreak helps teams identify, patch, and validate software vulnerabilities faster than ever before.
Android 17 Bolsters Defenses Against Banking Scams, Device Theft
Stay one step ahead of scammers with Android 17's cutting-edge security features, including robust protection against banking scam calls and device theft. Android 17 will work hand-in-hand with banking apps to detect and block spoofed calls, giving you an added layer of defense against financial threats.

AI Researchers Tackle SIEM Migration Bottleneck with Automation Tool
Researchers have made a breakthrough in streamlining SIEM migration with an innovative automation tool called ARuleCon, which can slash months of manual rule rewrites into mere batch operations. This game-changing system uses a three-stage conversion pipeline and large language models to rapidly translate complex rules, cutting conversion time to just 140 seconds.

AI Overload: SOCs Struggle to Keep Pace with Alert Backlog
The harsh reality is that security operations centers (SOCs) are drowning in a sea of alerts, with a typical workload of 120-150 alerts per day, which translates to 40-50 analyst-hours of work - far exceeding the capacity of most teams. This means many alerts are left uninvestigated or pushed to the next shift, leaving SOCs vulnerable to threats.

Low-Severity Alerts Expose Hidden Threats in Enterprise Security
Don't let low-severity alerts fly under the radar - nearly 1% of confirmed incidents come from these seemingly minor warnings, translating to around one missed breach per week for a typical enterprise. This small but significant gap in enterprise security can have big consequences.

Incident Response Readiness Exposes Operational Gaps
Being incident response ready means more than just having a plan - it requires immediate visibility into identity and authentication access, including investigator-level read access to crucial systems. Without this visibility, teams are left making blind containment decisions and piecing together timelines with guesswork.

Kaspersky Exposes Web Filtering Category for Sites with Undefined Trust Levels
Kaspersky has introduced a new web-filtering category for sites that just don't feel right - they're not quite phishing sites, but you still shouldn't trust them. The new "Sites with an undefined trust level" category helps keep you safe from manipulative or shady online resources.

Singapore Researchers Develop Universal SIEM Rule Translation Tech
Tired of manual rule conversions slowing down your security team? Researchers from Singapore have developed a game-changing tech that translates SIEM rules universally, automating the process and freeing up experts from tedious workloads.

NCSC Warns of Flawed SOC Metrics
The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize speed over substance.

Google Deploys AI Security Agents to Counter Emerging Threats
Google is ramping up its cybersecurity game by deploying AI-powered security agents that can detect and fix threats at lightning-fast speeds, with human oversight to ensure these digital defenders stay on track. By leveraging its full AI stack, Google aims to stay ahead of emerging threats and revolutionize its defense strategy.

Managed Detection and Response Targets Gaps in Cyber Defenses
State, local, tribal, and territorial organizations, along with their schools, are facing a perfect storm of rising cyber threats, limited staff, and tight budgets - making it tough to stay ahead of attacks. Managed Detection and Response can help bridge the gaps in their cyber defenses, providing the support and visibility needed to respond quickly and effectively.

AI Monitor Flags Axios Supply-Chain Attack in Real Time
In a remarkable experiment, Elastic Security Labs' James Spiteri swiftly built a lightweight pipeline that leveraged a live AI agent to monitor package repositories, rapidly evolving into a practical detection capability. This innovative test enabled the AI agent to effectively flag potential threats, such as the Axios supply-chain attack, in real-time.

Formbook Malware Exploits Obfuscation to Evade Detection
Staying one step ahead of threats just got tougher: Formbook malware's latest campaign combines DLL side-loading and obfuscated JavaScript to expertly evade detection. This sneaky tactic allows it to remain hidden, making it a formidable foe in the cybersecurity landscape.