Autonomous SOC PlatformServiceNow Security Operations: Streamlining Incident Response Workflows with Intezer
For SOC teams using ServiceNow Security Operations, integrating your key security tools like Intezer ensures you can optimize your incident response process...
Phishing Investigations: The Fast, Automated Method
Learn more about Intezer’s capabilities for automating user-reported phishing investigations and sign up to try for free here. At Intezer, we’re committed...
Elevating Phishing Investigations With Generative AI
We’re excited to announce a significant enhancement to our Automated Phishing Investigation solution, using Generative AI. Intezer can now inspect the actual...
What's New in Intezer's FREE Community Edition
With a free account, you get a trial of Intezer’s Autonomous SOC capabilities and ongoing access for advanced malware analysis. In the...
Leveraging Intezer's Smart Decision Making in Your SOAR
In the dynamic world of cybersecurity, the importance of efficient and effective security operations cannot be overstated. Security Orchestration, Automation, and Response...
Streamlining Security Operations with Intezer and Cortex XSOAR
Organizations are always on the lookout for ways to enhance and automate their security operations. The collaboration between Intezer and Cortex XSOAR...
Streamlining Security Operations with Intezer and Splunk SOAR Integration
Organizations are constantly seeking ways to streamline and automate their security operations. The integration of Intezer and Splunk SOAR brings forth a...
Advanced Triage for Fileless Threats Using Automated Endpoint Scanning
We are thrilled to announce an exciting enhancement to Intezer’s Autonomous SOC solution: the automated execution of our Endpoint Scanner for fileless...
Maximizing Incident Response Automation for Investigations
How does Intezer investigate alerts? Let’s zoom in on what happens during the investigation stage of Intezer’s Autonomous SOC solution, and how...
How Intezer's AI-Powered Autonomous SOC Platform Works
A complete walkthrough of how the Autonomous SOC Platform works, automating your incident response process with artificial intelligence to make your team...
Intezer and SOAR: Enhancing Security Operations with More Automation
Organizations require efficient and effective security operations to protect their digital assets. Security Orchestration, Automation, and Response (SOAR) tools have become popular...
Intezer vs. MDR Service: Revolutionizing Alert Triage with Technology-Driven Efficiency
In the realm of cybersecurity, organizations face the challenge of efficiently managing and responding to a growing number of security alerts. Traditional...
Intezer vs Sandbox: The Evolution from Sandbox to Comprehensive Automated Alert Triage
In the ever-changing landscape of cybersecurity, organizations have realized that traditional file scanning and sandbox solutions are not enough to handle the...
Introducing Automated, Context-Rich Alert Triage
TL;DR Intezer users can now view comprehensive triage assessments for alerts that Intezer ingests directly in the console, combining insights from multiple...
Are Challenges Faced by SecOps Teams in 2023 an Opportunity?
If there weren’t enough challenges for security operations (SecOps) teams already, economic uncertainty and hits to revenue are forcing organizations to rethink...
Scaling your SOC with Microsoft Defender + Intezer
TLDR: Highlights of Intezer’s Autonomous SOC solution for Microsoft Defender for Endpoint Automating SOC Triage and Investigations with Defender Intezer’s Autonomous SOC...
Automating Alert Triage and Threat Hunting with SentinelOne + Intezer
One of the biggest pain points of cyber security teams is alert fatigue – trying to keep up with a tedious, never-ending...
CrowdStrike + Intezer: Automation for Alert Triage and Threat Hunting
Intezer’s solution for CrowdStrike is powerful enough to function as a virtual Tier 1, allowing you to remove false positives and get...
Needle in a Haystack: Analyzing Every Alert to Find Serious Threats
Analyze every alert automatically with Intezer — learn more or sign up to try for free here. One of the greatest challenges...
Summary of Symbiote Research (A New, Nearly-Impossible-to-Detect Linux Threat)
In pop culture, a symbiote often gives a host superhuman ability (and occasionally also hilarious inner monologue). But in real life, parasitic...
Top Cyber Threats to the Telecom Industry
In our interconnected society, the telecom industry is responsible for keeping the world connected 24/7. The telecommunication infrastructure uses satellites, internet providers,...
Top Cyber Threats to the Manufacturing Sector
Manufacturers are building automated workflows for alert triage, incident response, and threat hunting to meet a rising volume of...
Security ROI: Time & Resource Savings for IR/SOC Teams
Automation can augment your security team to help you manage never-ending alerts, reduce skill gaps, and respond...
TeamTNT Cryptomining Explosion 🧨
This post was originally published as a white paper in September 2021. Get the full report as a PDF here. Zusammenfassung (Executive...
4 Top Cyber Threats to the Finance and Insurance Industries
Financial services are a high target for cyberattackers. The reason is easy to understand: attackers follow the money. Most work in this...
The Role of Malware Analysis in Cybersecurity
Threat actors use malicious software to cause damage to individuals and organizations. Malware is the most common form of a cyberattack because...
Log4Shell (Log4j RCE): Detecting Post-Exploitation Evidence is Best Chance for Mitigation
Vulnerabilities like Log4Shell (CVE-2021-44228) are difficult to contain using traditional mitigation options and they can be hard to patch. It can be hard to...
The State of Malware Analysis
Malware is the thorn in the side of security analysts everywhere. The main question when getting a suspicious file alert is, “Is...
Implement these MITRE D3FEND™ Techniques with Intezer Protect
The MITRE Corporation released D3FEND™ (aka MITRE DEFEND™), a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. MITRE D3FEND provides defense techniques...
7 Factors to Consider When Choosing a Cloud Workload Protection Platform (CWPP)
Cloud Workload Protection Platforms (CWPPs) are a new generation of modern, scalable security solutions designed to protect applications in today’s landscape of...
Securing Microservices
Do you remember how it felt to get your first email account? Not only were you able to communicate with multiple people...
What is a Cloud Workload Protection Platform (CWPP)? And Why Do You Need It?
The cloud has completely transformed the IT landscape over the last few years. And it’s now entering a new era of hybrid-cloud...
Intezer Analyze Transforms for Maltego
We are happy to introduce the Intezer Analyze plugin for Maltego. Combine insights from our malware analysis platform with Maltego’s graphical tool (And you...
What MITRE D3FEND™ Techniques Does Intezer Analyze Implement?
The MITRE Corporation recently released MITRE D3FEND™, a complementary framework to its industry acclaimed MITRE ATT&CK® matrix. D3FEND provides defense techniques that...
Top 10 Linux Server Hardening and Security Best Practices
If you have servers connected to the internet, you likely have valuable data stored on them that needs to be protected from...
9 Tools to Use Right Now to Improve Azure Platform Security
Security is changing as companies move their mission-critical workloads to the cloud, with Azure as one of the preferred destinations. Security in Azure follows...
7 Most Important AWS Security Tools
Like all leading cloud service providers, AWS follows a shared responsibility model for security and compliance. While platform-level security is owned and managed...
How to Secure Cloud Non-Native Workloads
Not All Applications are Cloud-Native Companies are adopting cloud at a faster pace but not all applications are born cloud-native. Many traditional...
Cloud-Native Security 101
The arrival of the cloud has changed the application development process. Agile cloud-native applications have replaced traditional monolithic application architectures, and components...
Cloud Security Fundamentals: Servers to Containers & Everything In-Between
With Linux being the operating system for 96% of the cloud, the landscape has changed beyond endpoint detection. Intezer Protect is built...
Accelerate Incident Response with Intezer Analyze Volatility Plugin
Significantly reduce memory forensics time from hours to minutes Memory analysis is a core component of a typical incident response process. In many cases...
Announcing Configuration Checks and Vulnerability Management
We’re excited to announce the release of two new Intezer Protect features. Intezer Protect now offers under the same roof not only...
Top 10 Cloud Malware Threats
They all target Linux systems For a long time Linux has not been seen as a serious target of threat actors. This...
Kaiji Goes Through Update but Code Reuse Detects It
Kaiji is a Linux malware that targets cloud servers Last week we detected a new Kaiji variant. It was undetected by all...
Year of the Gopher: 2020 Go Malware Round-Up
Developers are not the only ones that have adopted Go. Malware written in Go has been steadily increasing. In the last few...
2020 Set a Record for New Linux Malware Families
Intezer’s 2021 X-Force Threat Intel Index Highlights It was a lot of fun collaborating with IBM on their 2021 X-Force Threat Intelligence...
Do You Really Need Kubernetes?
Kubernetes is one of the top open-source container orchestration projects, as it dramatically simplifies the creation and management of applications by providing...
Fix your Misconfigured Docker API Ports
It can be the difference between maintaining a safe environment for your applications or a compromised machine running malicious code. Misconfiguration of...
Transitioning Traditional Apps into the Cloud
For organizations, cloud adoption is the primary driver of digital transformation and modernizing traditional applications to cloud constructs is a major milestone....
Proactive Threat Hunting with Intezer
What is Proactive Hunting? Advanced attacks like the SolarWinds backdoor and Pay2KEY are on the rise, while preventive solutions have failed to detect them....
Top Linux Cloud Threats of 2020
We tagged 2019 as The Year of the Linux Threat. That trend continued in 2020 with high profile APTs launching ELF malware,...
Not Another Linux Security Blog
Blogs about Linux cloud security are nothing new. However, most are filled with technical jargon that can make them difficult to understand....
TrickBot or Treat 2.0
In the spirit of Halloween we’re giving away YARA signatures for TrickBot and Emotet. Last year we handed out signatures for malware...
Migrating to the Cloud: Compliance Issues When Transitioning from a Traditional Data Center
For traditional data center operations, security and compliance requirements have always been operational overhead. Traditional data centers are under unique stresses in...
Are Containers More Secure Than VMs?
Stop and think for a moment. How many virtual machines (VMs) do you have running in your production cloud environment? How many...
New Threat Intel Features in Intezer Analyze
We’ve made some updates in Intezer Analyze to improve your incident response and threat intelligence workflows. From classifying samples faster to staying...
Cloud Workload Security: What You Need to Know - Part 1
Cloud proliferation is on the rise, and more than ever before, security teams are on the lookout for solutions that align with...
Emotet Evolves but Code Remains Mostly the Same
Just after the publication of this post the US-CERT released an alert about Emotet. Evolution is the result of adaptations that take...
Looking Back on the Last Decade of Linux APT Attacks
APTs are targeting Linux systems more than they ever have. Linux Attacks are on the Rise The research community continues to witness...
Complementing Your CSPM with Runtime Cloud Workload Protection
There are many solutions available for securing your cloud applications and workloads. Even after doing your due diligence and making an investment,...
What is Zero Trust Execution? Definition, Adoption & More
Zero Trust Execution is the industry recommended practice for securing workloads in the cloud. It provides a tight grip on your workloads...
Best Practices for Securing a Kubernetes Environment
Kubernetes (K8s) is the universal solution for container orchestration nowadays. This open-source tool allows a cluster to automatically scale, distribute, and handle...
Community Ghidra Plugin is Here
Ghidra is a free and open source reverse engineering tool developed by the NSA. The plugin reduces the burden on the analyst...
A Comparison of Cloud Workload Protection Strategies
Cloud Workload Protection (CWP) refers to the security of workloads running in the cloud in any type of computing environment, e.g. physical...
Detect Malware Associated with the Most Exploited CVEs
Unpatched or undetected software vulnerabilities are a common method for malware delivery once exploited by attackers. Last month, the US-CERT urged IT...
IDA Pro Plugin Now Available to the Community
The Intezer Analyze IDA Pro plugin is now available to community users! IDA Pro is the most common reverse engineering platform for...
Best Practices for Securing a Docker Runtime Environment
The move to containerized workloads has proven to be a revolutionary step in the evolution of software engineering and distributed systems. One...
Intezer Contribution to IBM X-Force Cloud Threat Landscape Report
We dubbed 2019 the year of Linux threats, evidenced by over 20 of our researcher’s publications related to attacks on this operating...
Building a Robust App Control Strategy for your Cloud Workloads
The use of Application Control—commonly referred to as whitelisting or Zero Trust Execution—is considered to be a robust and essential Cloud Workload...
Intezer Analyze May Community Roundup
See below some of the threats our community detected this month 1. Fileless Dridex sample, originally with five detections in VirusTotal, contains a payload...
Mapping Binaries Inside a Microsoft Azure Cloud Server
Linux has become the “go-to” OS in cloud computing, running 90% of the public cloud workload. Linux usage has even surpassed Windows...
Exploitation of SaltStack Vulnerabilities Signals Increase in Cloud Server Attacks
Recently attackers exploited vulnerabilities in the popular SaltStack infrastructure automation software to infect cloud servers. Several organizations and open-source projects had to...
What is Cloud Workload Protection?
Cloud Workload Protection is the protection and overall security of workloads running in the cloud in any type of computing environment. As...
Intezer Analyze community roundup
Maze ransomware, APT41 and Lazarus highlight this month’s community samples 1. More_eggs variant with low Antivirus detections has modified string encoding mechanisms...
Malicious APKs share code during Covid-19 pandemic
Threat actors are exploiting fear and uncertainty to spread Covid-19 themed malicious Android package kits (APKs) onto users’ mobile devices. APKs pose...
Pre-runtime vulnerability scans or runtime protection: Which is better for your IaaS security?
Under Armour’s famous slogan sums up the mission perfectly: We Must Protect this House. As adoption of cloud services continues, security teams...
TTPs matrix for Linux cloud servers
Checklist for protecting your Linux cloud servers against cyber attacks Taking inspiration from the MITRE ATT&CK® framework, we have developed a matrix categorizing...
Maintain compliance while transitioning to the cloud
Conducting business in a cloud environment presents unique security challenges, including achieving and maintaining compliance with regulations that were designed with traditional...
Accelerate Reverse Engineering with Intezer Analyze IDA Pro Plugin
IDA Pro is the most common reverse engineering platform for disassembling computer software. The Intezer Analyze IDA Pro plugin accelerates reverse engineering...
Intezer Featured in IBM X-Force Threat Index
Banking trojans and ransomware were the top innovators in 2019 malware code evolution Drawing on previous IBM X-Force collaboration in detecting new...
Now Supporting Genetic Malware Analysis for Android Applications
We are excited to share that we now support Genetic Malware Analysis for Android applications! Intezer Analyze community and enterprise users can...
Genetic Malware Analysis for Golang
Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and...
Intezer Analyze Use Case: Visibility Among Global SOCs
For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for...
Russian Cybercrime Group FullofDeep Behind QNAPCrypt Ransomware Campaigns
Introduction We previously reported on how we managed to temporarily shut down 15 operative QNAPCrypt ransomware campaigns targeting Linux-based file storage systems...
Why we Should be Paying More Attention to Linux Threats
In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of...
HiddenWasp and the Emergence of Linux-based Threats
This blog post was featured as contributing content for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC). The Linux threat...
War on the Cloud: Cybercriminals Competing for Cryptocurrency Mining Foothold
The Pacha Group is a threat actor discovered by Intezer and profiled in a blog post published on February 28, 2019. Dating back...
Meet the Team: Shaul Holtzman
Get to know Intezer’s community manager, Shaul Holtzman. Shaul is a former cybersecurity analyst helping organizations detect and classify advanced cyber threats....
Pacha Group, A New Threat Actor Deploying Undetected Cryptojacking Campaigns on Linux Servers
Key Takeaways: • Intezer has evidence of a new threat actor, calling it Pacha Group, which has been deploying undetected cryptojacking campaigns...
New! API for the Intezer Analyze Community
On behalf of Intezer, I am pleased to announce the release of an API for the Intezer Analyze community edition. Members of...
Verifying Code Reuse Between Ursnif and 'Brexit' Malware Campaign Targeting the United Kingdom
Today My Online Security published research describing a fairly large Ursnif campaign targeting the United Kingdom. The threat actors behind the attack are using...
Digital Certificates- When the Chain of Trust is Broken
As stated in a previous blog entry, it is common for malware authors to sign malicious files with “legitimate” digital certificates in...
Cyber Threat Diversion: Managing the False Positive Madness
Security teams have a lot of noise to deal with in their day-to-day jobs. Every organization is managing thousands of alerts each...
Meet the Founders: Alon Cohen
Serial entrepreneur Alon Cohen co-founded and grew one of the world’s first cyber security startups, CyberArk, which eventually became a ‘unicorn’. Now,...