Skip to main content

Tag: threat detection

171 articles

Cybersecurity pro stands by whiteboard, surrounded by laptop and notes, looking concerned.

SANS Warns of AI Governance Gap as Security Teams' Confidence Eroding

Despite a significant surge in AI adoption, with 78% of organizations now using AI in their cybersecurity strategy, a growing number are facing a harsh reality: 63% report major gaps in threat detection and response. This alarming trend highlights a pressing need for better AI governance to bridge the confidence gap.

Analyst 207
Modern office workspace with laptop, papers, and blurred computer screen.

Microsoft Ramps Up Vulnerability Detection with AI-Driven Scanning Tools

Microsoft is supercharging its vulnerability detection capabilities with AI-driven scanning tools, which will soon lead to a surge in Windows updates as more zero-day vulnerabilities are uncovered. Get ready for a higher volume of security updates, as AI helps defenders identify and address issues faster than ever before.

Analyst 207
Security analysts work in a SOC with a large screen displaying a network graph and various security metrics on a console…

AI SOC Platforms Face Test of Predictive Power

Meet Mike Shannon, Guardant Health's Director of Security Engineering, who's ditched manual queries for Exabot - a game-changing AI solution that's revolutionizing the way security teams operate. By harnessing the power of AI SOC platforms, organizations can now automate core security tasks, freeing up teams to focus on high-stakes threats.

Analyst 207
Empty corporate IT room with server racks and workstations, one out-of-focus laptop screen visible.

Kaspersky Compromise Assessments Reveal Persistent Detection Gaps

Kaspersky's 2025 Compromise Assessment analysis reveals a shocking truth: 60% of incidents go undetected due to a lack of reliable alerts from existing tools, while manual detection accounts for only 20% of discovered threats. This blind spot allows threats to hide for alarmingly long periods, with 30.8% of incidents having a dwell time of over three months.

Analyst 207
Person at desk with laptop and smartphone looks concerned amidst papers and notes.

Cybersecurity Gaps Exposed in Non-Email Threat Detection

As cybercriminals shift their focus from email to other trusted channels, a glaring gap in non-email threat detection has emerged, leaving organizations vulnerable to attacks on messaging and social platforms. A recent survey of cybersecurity pros reveals that while 60% of attacks now target non-email channels, half of respondents admit their organizations lack confidence in detecting these threats.

Analyst 207
Security analysts work at computer stations in a bright, daytime operations center surrounded by multiple screens…

Managed Detection and Response Hits Limits in AI-Powered Attack Era

The traditional Managed Detection and Response model is struggling to keep up with the evolving threat landscape, leaving nearly 1% of real threats hidden in low-severity alerts that often go unreviewed. This means that in a typical enterprise generating 450,000 alerts annually, hundreds of potential security incidents may be slipping through the cracks.

Analyst 207
Office worker sits at desk with laptop, surrounded by papers, with a concerned expression.

Browser-Based Phishing Attacks Evade Detection by Cybersecurity Software

Most cybersecurity tools are doing their job - but that's exactly the problem, as they're not designed to catch attacks that occur at the browser session layer, where attackers are now hiding. One in five phishing attacks on enterprise browsers slip through undetected, according to Menlo Security's latest report.

Analyst 207
Security team working in office with computer screens and natural daylight pouring in through a large window.

EDR Adoption Falls Short on Cyber Resilience

Many organizations have invested in advanced endpoint detection and response (EDR) platforms, but struggle to turn that visibility into real-world protection, leaving them vulnerable to cyber threats. The harsh reality is that EDR is only as effective as the team's ability to act on its alerts.

Analyst 207
Security analysts work together in a brightly-lit operations center surrounded by multiple data screens and monitors.

SIEM Helps MSPs Filter Out Noise, Accelerate Threat Detection

MSPs are drowning in a sea of security alerts, but the real challenge is cutting through the noise to identify genuine threats. When endpoint, identity, cloud, and network sensors operate in isolation, duplicate alerts and blind spots create an incomplete picture, making it tough to prioritize and respond to potential threats.

Analyst 207
Security professionals monitor threat detection interface in a brightly-lit operations center.

SOCs Shut Down Incident Risks with Proactive Threat Detection

Stay ahead of incident risks with proactive threat detection from ANY.RUN's Threat Intelligence Feeds, which deliver a continuous stream of high-confidence threat data from a vast network of organizations and SOC professionals. By shrinking the time between detection and understanding, modern Security Operations Centers (SOCs) can effectively shut down threats before they cause harm.

Analyst 207
Security analyst working at a workstation surrounded by screens in a bright operations center.

Phishing Attacks Expose Gaps in Early Detection

In just 40 seconds, ANY.RUN's interactive sandbox exposed the full attack chain of a phishing attack, revealing redirects, fake pages, and signs of possible remote access. This game-changing tool helps teams detect phishing threats early, providing concrete evidence of business exposure before it's too late.

Analyst 207
Cybersecurity equipment and laptop in a clean room setting with natural light.

OpenAI Launches Daybreak to Bolster Cybersecurity with AI-Powered Vulnerability Detection

OpenAI's new Daybreak platform is revolutionizing cybersecurity with AI-powered vulnerability detection, empowering organizations to spot risks earlier and build resilient software from the ground up. By harnessing the power of large language models, Daybreak helps teams identify, patch, and validate software vulnerabilities faster than ever before.

Analyst 207

Android 17 Bolsters Defenses Against Banking Scams, Device Theft

Stay one step ahead of scammers with Android 17's cutting-edge security features, including robust protection against banking scam calls and device theft. Android 17 will work hand-in-hand with banking apps to detect and block spoofed calls, giving you an added layer of defense against financial threats.

Analyst 207
Researchers work on code and data visualizations at a computer terminal in a university research setting.

AI Researchers Tackle SIEM Migration Bottleneck with Automation Tool

Researchers have made a breakthrough in streamlining SIEM migration with an innovative automation tool called ARuleCon, which can slash months of manual rule rewrites into mere batch operations. This game-changing system uses a three-stage conversion pipeline and large language models to rapidly translate complex rules, cutting conversion time to just 140 seconds.

Analyst 207
Security analysts overwhelmed in a brightly lit operations center with multiple screens.

AI Overload: SOCs Struggle to Keep Pace with Alert Backlog

The harsh reality is that security operations centers (SOCs) are drowning in a sea of alerts, with a typical workload of 120-150 alerts per day, which translates to 40-50 analyst-hours of work - far exceeding the capacity of most teams. This means many alerts are left uninvestigated or pushed to the next shift, leaving SOCs vulnerable to threats.

Analyst 207
Security analysts work at desks in a brightly-lit operations center surrounded by multiple screens and computer equipment.

Low-Severity Alerts Expose Hidden Threats in Enterprise Security

Don't let low-severity alerts fly under the radar - nearly 1% of confirmed incidents come from these seemingly minor warnings, translating to around one missed breach per week for a typical enterprise. This small but significant gap in enterprise security can have big consequences.

Analyst 207
Security team members work together in a operations center surrounded by laptop screens displaying authentication logs and…

Incident Response Readiness Exposes Operational Gaps

Being incident response ready means more than just having a plan - it requires immediate visibility into identity and authentication access, including investigator-level read access to crucial systems. Without this visibility, teams are left making blind containment decisions and piecing together timelines with guesswork.

Analyst 207
Person working on laptop with blurred webpage on screen in a home office setting.

Kaspersky Exposes Web Filtering Category for Sites with Undefined Trust Levels

Kaspersky has introduced a new web-filtering category for sites that just don't feel right - they're not quite phishing sites, but you still shouldn't trust them. The new "Sites with an undefined trust level" category helps keep you safe from manipulative or shady online resources.

Analyst 207
Researchers collaborate in a lab setting with computers and equipment, discussing papers and notes around a large table.

Singapore Researchers Develop Universal SIEM Rule Translation Tech

Tired of manual rule conversions slowing down your security team? Researchers from Singapore have developed a game-changing tech that translates SIEM rules universally, automating the process and freeing up experts from tedious workloads.

Analyst 207
Security analysts work at desks in a bright, modern operations center with a central workstation and empty chair.

NCSC Warns of Flawed SOC Metrics

The National Cyber Security Centre is warning that common security operations center metrics are fundamentally flawed, and that the only metric that truly matters is whether attacks are detected and responded to in a timely manner. By focusing on easily quantifiable but misleading metrics, organizations may inadvertently be encouraging their teams to prioritize speed over substance.

Analyst 207
Futuristic security operations center with screens displaying network diagrams, code, and threat analysis.

Google Deploys AI Security Agents to Counter Emerging Threats

Google is ramping up its cybersecurity game by deploying AI-powered security agents that can detect and fix threats at lightning-fast speeds, with human oversight to ensure these digital defenders stay on track. By leveraging its full AI stack, Google aims to stay ahead of emerging threats and revolutionize its defense strategy.

Analyst 207
Cityscape at dusk with office building, lone figure, cracked shield, and glowing network lines.

Managed Detection and Response Targets Gaps in Cyber Defenses

State, local, tribal, and territorial organizations, along with their schools, are facing a perfect storm of rising cyber threats, limited staff, and tight budgets - making it tough to stay ahead of attacks. Managed Detection and Response can help bridge the gaps in their cyber defenses, providing the support and visibility needed to respond quickly and effectively.

Analyst 207
Dark digital landscape with grid pattern, red warning light, and broken blue-glowing link.

AI Monitor Flags Axios Supply-Chain Attack in Real Time

In a remarkable experiment, Elastic Security Labs' James Spiteri swiftly built a lightweight pipeline that leveraged a live AI agent to monitor package repositories, rapidly evolving into a practical detection capability. This innovative test enabled the AI agent to effectively flag potential threats, such as the Axios supply-chain attack, in real-time.

Analyst 207
Shadowy figure looms behind a laptop displaying maze-like code, with a torn template and tangled wire in the foreground.

Formbook Malware Exploits Obfuscation to Evade Detection

Staying one step ahead of threats just got tougher: Formbook malware's latest campaign combines DLL side-loading and obfuscated JavaScript to expertly evade detection. This sneaky tactic allows it to remain hidden, making it a formidable foe in the cybersecurity landscape.

Analyst 207