Incident Response
🚀 Launching Automated Threat Escalations: Focus Only On What Matters
TL;DR we now send automatic notifications via email or any webhook-supported system about endpoint alerts that Intezer has investigated and confirmed as...
Boost Morale in Your Security Operations Center with AI Analysts
The Security Operations Center (SOC) is a high-pressure environment where analysts work (sometimes in around-the-clock shifts) to protect organizations from cybersecurity threats....
Embracing AI Analysts to Strengthen In-House SecOps Teams
With artificial intelligence technology rapidly advancing, it’s now possible to automate even more of the repetitive, manual, and even skilled tasks that...
5 Ways to Use ChatGPT in Your SOC: Real-World AI Applications to Streamline Alert Triage
Security Operations Center (SOC) teams face the daunting challenge of staying one step ahead as cyber threats continue to evolve. With an...
Infected: Understanding a Malicious Result from an Endpoint Scan
Endpoints are a key target in cyberattacks, so it’s critical to ensure that you’re able to effectively triage and investigate alerts from...
Are Challenges Faced by SecOps Teams in 2023 an Opportunity?
If there weren’t enough challenges for security operations (SecOps) teams already, economic uncertainty and hits to revenue are forcing organizations to rethink...
Adopting Tierless, Automated SecOps: Dependence to Independence
“Automation” has been a buzzword in the world of cybersecurity for a while now, however, enterprises are still struggling to fully realize...
Malware Reverse Engineering for Beginners - Part 2
In part 1 of this series, we warmed up and aligned with basic computing terminologies. We learned the basics of assembly and...
Scaling your SOC with Microsoft Defender + Intezer
TLDR: Highlights of Intezer’s Autonomous SOC solution for Microsoft Defender for Endpoint Automating SOC Triage and Investigations with Defender Intezer’s Autonomous SOC...
Endpoint Forensics and Memory Analysis, Simplified
Detecting advanced in-memory threats is critical for security teams — read on about how Intezer’s Endpoint Scanner ensures your team can quickly...
5 Key Factors for Selecting a Managed Detection and Response (MDR) Provider
With an increasing number of threats and vulnerabilities to contend with, businesses need all the help they can get to keep their...
5 Reasons to Replace your Managed Detection and Response (MDR) Service
Managed Detection and Response (MDR) services are a fantastic way to keep your business’ cybersecurity up to date and effective. However, there...
Threat Hunting Rule Extraction and Use Cases
TL;DR: You can now extract IOCs and behavioral indicators to a hunting rule format for your endpoint security system. This enables you...
🚀 Launching Autonomous SecOps (Your Virtual, Algorithm-Driven Tier 1 SOC)
We are helping security teams go beyond individual file analysis to automate their entire Endpoint and Email alert triage processes with our...
OrBit: New Undetected Linux Threat Uses Unique Hijack of Execution Flow
Linux is a popular operating system for servers and cloud infrastructures, and as such it’s not a surprise that it attracts threat...
Detecting Phishing Emails with Email Headers, Attachments, and URLs
Emails were created as a method to pass messages between users, and now they are used by individuals and organizations all around...
How to Write YARA Rules That Minimize False Positives
Generate Advanced YARA Rules Based on Code Reuse Incorporating YARA into daily security operations can accelerate incident response time, classify malware, empower...
Top Cyber Threats to the Telecom Industry
In our interconnected society, the telecom industry is responsible for keeping the world connected 24/7. The telecommunication infrastructure uses satellites, internet providers,...
Top Cyber Threats to the Manufacturing Sector
Manufacturers are building automated workflows for alert triage, incident response, and threat hunting to meet a rising volume of...
How to Analyze Malicious PDF Files
Portable Document Format (PDF) files are cross-platform file format, supporting links, images, and fonts. The flexibility of the PDF format makes these...
Automate Alert Triage and Response Tasks with Intezer EDR Connect
Integrate with SentinelOne, CrowdStrike, and Microsoft Defender One of the biggest pain points of cyber security teams is alert fatigue – trying...
Security ROI: Time & Resource Savings for IR/SOC Teams
Automation can augment your security team to help you manage never-ending alerts, reduce skill gaps, and respond...
SOC Level Up: Introduction to Sigma Rules
Sigma rules are catching on more and more for SOC teams, as a way to write one rule that can be used...
Scale Incident Response with Detection Engineering: Intezer Detect & Hunt
Adversaries are highly motivated, constantly expanding and improving their tools and techniques. On the other side of the fight, security teams are...
URL Analysis 101: Automating Phishing Investigations with Machine Learning
Analyzing suspicious URLs on an individual basis can be tricky, but when you’re facing a large volume of potentially malicious URLs then...
Boost Your SOC Skills: How to Detect Good Apps Gone Bad
Threat actors have a wide range of tools and techniques they can use in cyber attacks including: malware-as-a-service, open-source tools and malware...
URL Analysis 101: A Beginner’s Guide to Phishing URLs
At Intezer, we recently launched a URL analysis feature that will allow detecting phishing or malicious URLs. To do so, we have...
Radare Plugin is Here for Intezer Community
When you reverse engineer code as part of an incident response team, you want to quickly get information about what kind of...
4 Top Cyber Threats to the Finance and Insurance Industries
Financial services are a high target for cyberattackers. The reason is easy to understand: attackers follow the money. Most work in this...
3 Ways to Save Incident Response Time
Save time during incident response with these tips and tools to help your team accelerate HD, memory, and live...
Detection Rules for Sysjoker (and How to Make Them With Osquery)
On January 11, 2022, we released a blog post on a new malware called SysJoker. SysJoker is a malware targeting Windows, macOS,...
How to Analyze Malicious Microsoft Office Files
All the most common file types that can be used to deliver malicious code, including Microsoft Office files, are supported in Intezer...
New SysJoker Backdoor Targets Windows, Linux, and macOS
Malware targeting multiple operating systems has become no exception in the malware threat landscape. Vermilion Strike, which was documented just last September,...
Malware Reverse Engineering for Beginners - Part 1: From 0x0
Already familiar with assembly language and disassemblers? Check out Reverse Engineering for Beginners Part 2 to dig into how malware is packed,...
The Role of Malware Analysis in Cybersecurity
Threat actors use malicious software to cause damage to individuals and organizations. Malware is the most common form of a cyberattack because...
The State of Malware Analysis
Malware is the thorn in the side of security analysts everywhere. The main question when getting a suspicious file alert is, “Is...
New Type of Supply Chain Attack Could Put Popular Admin Tools at Risk
Research between Intezer and Checkmarx describes ChainJacking, a type of software supply chain attack that could be potentially exploited by threat actors...
Teaching Capa New Tricks: Analyzing Capabilities in PE and ELF Files
When analyzing malware, one of the goals in addition to identifying what malware it is, is to understand what it does when...
Search for revealing strings in Intezer Analyze
Accelerate your file investigations with new and improved string reuse capabilities in Intezer Analyze Users of Intezer Analyze may have noticed new...
Ransomware and Spyware Top Intezer Analyze Community Detections
This month’s community highlights span a variety of file formats — APK, ELF and PE. 1) Anubis [Link to Analysis] Anubis is...
Intezer Analyze Community: 2019 Recap and Trends
Emotet, Trickbot, and Lazarus were the most common threats detected by the community in 2019. Linux threats, with code connections to Mirai,...
2019: A Year-in-Review
What an amazing year it has been for us at Intezer! The company nearly doubled in size, we added several new important...
Now Supporting Genetic Malware Analysis for Android Applications
We are excited to share that we now support Genetic Malware Analysis for Android applications! Intezer Analyze community and enterprise users can...
Revealing the Origins of Software
Summary Nearly all cyber attacks require running code. Regardless of the attack vector, in order for an adversary to create any damage,...
Genetic Malware Analysis for Golang
Intezer Analyze now proudly supports genetic analysis for files created with the Golang programming language. Community and enterprise users can detect and...
Intezer Analyze Use Case: Visibility Among Global SOCs
For mid to large size enterprises, protecting the organization against targeted cyber threats is often a global operation. It’s not uncommon for...
Why we Should be Paying More Attention to Linux Threats
In a previous post we wrote for the Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), we discussed the emergence of...
Siemplify and Intezer: Incorporate Genetic Malware Analysis into your SOAR Platform (Video)
One of the most common and time-consuming cases security operations centers (SOCs) must complete daily are malware investigations. Part of the problem...
Intezer and IBM Resilient Integrate to Enrich Threat Investigations with Genetic Malware Analysis
I am pleased to highlight the new integration between Intezer Analyze™ and IBM Resilient. The integration enables users of both platforms to...
Scan the Memory of Entire Endpoints using Genetic Malware Analysis
Update January 2023: For the most recent information about our solutions for endpoint forensics and memory analysis, check out this blog. I...
Making Malware Human: A SANS Product Review of Intezer Analyze™
Alerts can enter an organization at inconceivable rates. Security teams are tasked with sifting through countless alerts, making it difficult to prioritize...
Building Your Bullet Proof Incident Response Plan
Cyber security is constantly evolving, and therefore rife with challenges. Whether hobbyist hackers or state-sponsored threat actors are targeting organizations, internal security...
Cyber Threat Diversion: Managing the False Positive Madness
Security teams have a lot of noise to deal with in their day-to-day jobs. Every organization is managing thousands of alerts each...
Why Identifying ‘Good or Bad’ is Not Enough
Throughout my career, I have witnessed many cyber security professionals adopting a “shoot and don’t ask questions” approach when dealing with malware....
GDPR: How to Bring Your Incident Response Plan Up to Speed
Every organization that is impacted by the sharing and storage of data are discussing the General Data Protection Regulation (GDPR), a recently...