Cribl, Exabeam Partner on Threat Detection, Investigation, and Response
In this Dark Reading News Desk segment, Cribl's Abby Strong and Exabeam's Chris Cesio discuss how their companies work together to detect and respond to threats.
Threat detection identifies suspicious activity early, limiting attacker dwell time and damage when logs, alerts, and response procedures are maintained.
Search across headline titles and summaries.
Background for this topic.
Threat detection is the defensive process of finding signs that an attacker may be present or attempting to gain access. In a threat model, it is a monitoring control that uses endpoint, identity, network, application, and cloud telemetry—often enriched with threat intelligence—to identify suspicious behavior, such as credential misuse, unexpected privilege changes, or lateral movement. Its purpose is to reduce the time an attacker can operate and limit the scope of an incident; missing logs, evasive activity, and unmonitored assets can leave important attacks unseen.
The most relevant practice is to design detections around credible attack paths and the organization’s highest-value systems, then protect and retain the logs needed to investigate them. Detections should be tested against realistic activity, tuned to reduce false positives, and linked to clear triage and containment actions. Alert volume, poor data quality, or unvalidated rules can overwhelm analysts and delay response, so coverage and detection effectiveness should be reviewed as systems and attacker behavior change.
In this Dark Reading News Desk segment, Cribl's Abby Strong and Exabeam's Chris Cesio discuss how their companies work together to detect and respond to threats.
The addition of Criminal IP as a new contributor to PolySwarm's malicious URL detection represents a significant leap in specialized threat identification. Learn more from Criminal IP about this new collaboration. [...]
Why SaaS Security Is a Challenge In today's digital landscape, organizations are increasingly relying on Software-as-a-Service (SaaS) applications to drive their operations. However, this widespread adoption has also opened the doors to new security risks and vulnerabilities