02 Jan Open Source Security Tools and Threat Hunting: The 10 Most Read Bricata Posts on Cybersecurity in 2018
Every week we publish a blog post where we dive into a topic or study around network security. In 2018, we even produced original research – Amid AI and Machine Learning, the Human Touch Remains Crucial to Cybersecurity in 2019, New Network Security Survey Finds.
As we turned the corner on the New Year, we went back through reader analytics to see which topics drew the most interest. Interestingly, open source security tools and threat hunting were among the most read.
A complete list of the most read posts on the Bricata blog in 2018 follows below.
Open source technology for network security and intrusion detection is evolving to meet new threats. This post reviews the history, alongside the advantages and drawbacks, of three popular open source technologies for IDS in Snort, Suricata, and Bro (Zeek).
What is Bro? Bro, recently renamed to Zeek, is an open source software framework for analyzing network traffic that is most commonly used to detect network behavioral anomalies for cybersecurity purposes. Bro provides capabilities that are like network intrusion detection systems (IDS), however, thinking about Bro as an IDS alone doesn’t effectively describe the breadth of its capabilities.
Signature-based detection is effective at identifying known threats but comes with inherent limitations: the threat must be known in order to create a signature. Behavioral analysis is useful for identifying unknown threats because it’s looking for the characteristics of an attacker.
Leadership, culture and business savvy are just as important to the CISO as are technical aspects of the job. This roundup highlights some of the big cybersecurity ideas for the CISO by CISOs.
Security professionals in healthcare face a difficult challenge: protecting an aging infrastructure with unique requirements of PII even as threats multiply and budgets remain flat. A renewed focus on some of the basics could reverse the trend.
Threat hunting is one of the hottest trends in cybersecurity. Given the concept is still relatively new, security leaders may find benchmarks helpful as they think through how to allocate people, time and budget to this important new priority.
The growth of fileless attacks demonstrates why cybersecurity needs to move beyond solely relying on signature analysis for enterprise protection.
Threat hunting is a way to identify threats that evade current security defenses. This post defines network threat hunting, explains why it matters and offers expert tips for getting started.
The threat landscape has evolved and is shaping the need for innovation in intrusion detection. This includes the need for multiple methods of detection rather than just relying on one, like signature analysis.
A review by the experts at CSO magazine serves as more than a demonstration of product capabilities – it also provides an outline for how a security operations center (SOC) can begin hunting threats with a tool the staff already know and use. After publishing this review, CSO also named Bricata to its list of best security software.
Note: Bricata has released several significant product updates in the last 12 months. A simple explanation in plain English can be found here: How Enhanced Network Metadata Resolution Facilitates Network Threat Hunting.
* * *
What would you like to see covered in 2019? Tweet us up: @BricataInc.
If you enjoyed this post, you might also like:
15 Cybersecurity Statistics Summarizing the Intense Year the Community had in 2018