BLOG

Securing the Digital World

From Webshell to C2: The Evolution of Post-Exploitation and Covert Operations

02/25/2025

From webshells to sophisticated post-exploitation frameworks, gain insights into the latest threat actor strategies and how defenders can stay ahead.

Brave the Storm: Surfing the Wake of Salt Typhoon and What We Can and Should Learn From It

01/31/2025

2024 saw significant global events – from the Paris Olympics to medical breakthroughs – but it also brought concerning cyber incidents, particularly the Salt Typhoon attacks targeting U.S. telecommunications. This sophisticated, nation-state-backed group (linked to China’s MSS) exploited vulnerabilities across industries, wreaking havoc on sensitive infrastructure. Dive deep into this breach, gaining insights and recommendations to help organizations navigate and mitigate future risks.

Using NetWitness to Detect Phishing reCAPTCHA Campaign

10/16/2024

By leveraging NetWitness Packets (NDR) and NetWitness Endpoint (EDR), the NetWitness Incident Response team demonstrates how organizations can detect stealthy reCAPTCHA phishing attacks before they cause irreparable harm.

Adaptive Defense: Modernization of Cybersecurity Defense and Management Due to the Inevitable Convergence of IOT, OT and the Enterprise Environment

07/17/2024

Introduction Much discussion has occurred in recent years concerning cybersecurity in and related to IOT and OT environments. Traditionally, these areas of concern have been largely kept separate from “corporate” or “enterprise” networks and environments due in large part — though not exclusively, to the sensitive operating nature of the environments where these technologies are […]

Black Hat Asia 2024: Day One

04/18/2024

NetWitness is happy to be part of the NOC again for another global event by Black Hat in Singapore. The Black Hat Network Operations Center (NOC) delivers a secure, reliable network in one of the most challenging environments in the world. This is done with the support of top-notch solutions providers and experienced security and […]

Unveiling the Future of Network Security: SASE vs SSE

02/05/2024

Since cybersecurity is an ever-evolving field, staying abreast of cutting-edge technologies and frameworks is necessary for organizations aiming to strengthen their defenses against an array of threats. Two prominent paradigms that have emerged as game-changers in the realm of network security are Secure Access Service Edge (SASE) and Secure Service Edge (SSE). In this comprehensive […]

Unveiling the Power of Cloud Analytics with NetWitness

01/17/2024

Within the realm of data management and cybersecurity, the integration of cloud analytics has become a transformative force for organizations looking to maximize the potential of their digital infrastructure. This era is marked by the rise of cloud analytics as a catalyst, empowering organizations to gain actionable insights from vast datasets. NetWitness, a standout player […]

NetWitness, a NOC Partner at Black Hat USA 2023

12/14/2023

Behind the scenes at Black Hat USA 2023, Network Operations Center (NOC) partners watch and wait, scanning the event’s network for suspicious activity. But with over 20,000 cyber enthusiasts and professionals in attendance, protecting the network is no easy task. Every year, the NOC partners are selected by Black Hat to provide a high security, […]

The Importance of Log Management in Cybersecurity: A Comprehensive Guide

11/16/2023

In today’s digital age, where data breaches and cyberattacks are on the rise, reliable cybersecurity is more important than ever. Among the many tools and techniques available to safeguard your organization’s digital assets, log management stands out as a cornerstone of effective cybersecurity. In this comprehensive guide, we will explore the significance of log management […]

GigaOm’s Radar Report Features NetWitness NDR and SIEM Solutions

10/25/2023

A closer look at the features and strengths of our market-leading cybersecurity products. Keeping pace with leading cybersecurity solutions and industry evaluations is essential—but it isn’t always easy. Fortunately, resources like the GigaOm Radar Report, which analyzes top-performing tools, can serve as an authoritative guide for IT professionals and decision-makers. This year’s Radar Report includes […]

Understanding Secure Access Service Edge (SASE)

09/19/2023 Secure access service edge (SASE – pronounced “sassy”) is a modern architectural framework that combines network security and wide area networking (WAN) capabilities into a unified cloud-based service. It is designed to provide secure and optimized access to network resources for users, regardless of their location or the devices they use. Secure access service edge […]
Read more

Network Detection and Response: Strengthen Your Cybersecurity With NetWitness

08/24/2023 Millions of cybersecurity events occur every day, and as time and technology continue to progress, the means of these cyber attacks become more sophisticated and immensely more difficult to detect. Statistically speaking, if you are a business owner who stores and manages sensitive data, it is not a matter of if but when someone will […]
Read more

Securing Secrets: Insights into Code Obfuscation Techniques

06/29/2023 Once a threat actor gains access to a network or tricks a user into downloading a malicious attachment. The next step is to download their payload, this could be a toolset or malware. Code obfuscation has become an important step for threat actors to accomplish this task. Whether it is a webshell, or a utility […]
Read more

How NetWitness Orchestrator Can Make Your SecOps More Efficient

06/07/2023 Security operations (SecOps) teams are battling a complex and ever-evolving challenge: Keeping an organization secure against cyberattacks from faceless, remote users in a technologically advanced world. With the rise of threats, new technologies, and increasingly sophisticated scams, staying ahead of the bad guys is more important than ever. That’s where security orchestration, automation, and response […]
Read more

NetWitness is proud to join Black Hat Asia 2023 in the NOC

05/08/2023 This week, NetWitness proudly joins BlackHat in the Network Operations Center (NOC) at the BlackHat ASIA event, continuing our long-standing collaboration. As always, we’re here to provide top-notch SIEM, NDR, and SOAR services, standing shoulder to shoulder with our seasoned global threat-hunting team, which comprises Sales Engineering and Incident Response.
Read more

Cloud SIEM: A Thorough Breakdown

03/08/2023 If your business uses cloud technology for day-to-day operations — or is looking to start — our NetWitness Cloud SIEM will ensure that you can operate safely and securely!
Read more

people typing on laptops with cybersecurity locks and tech accents

USMS and Broader Implications for Law Enforcement as Ransomware Targets

03/02/2023 The mission of the U.S. Marshals Service (USMS) is “to enforce federal laws and provide support to virtually all elements of the federal justice system” through multiple disciplines. Its law enforcement (LE) focus, reach and scope make this week’s report of a recent cyberattack involving both ransomware and data exfiltration especially concerning. While this […]
Read more

Five Thoughts on Take Down of Hive

02/03/2023 The takedown of the Hive ransomware-as-a-service group has been in the news over the past week, and it’s good news indeed. Beyond the obvious benefits of disrupting this criminal enterprise, there are some other discrete takeaways which are particularly important to note. Cross-jurisdictional cooperation and coordination can be done, and done effectively. Any of […]
Read more

Make it Costly: How to Deter Threat Actors by Escalating Their Costs

09/30/2022 Introduction Many years ago, I spoke at a @suitsandspooks panel in Washington, D.C. with some of the cybersecurity industry’s best and brightest minds. One of the topics addressed was the concept of active defense strategy in the commercial (private sector) world versus the public world. In those days the idea of ‘hacking back’ against a […]
Read more

UPDATE: What We Know About the Russia/Ukraine Conflict and How You Should Prepare Your Cybersecurity Capabilities

03/25/2022 UPDATED March 25, 2022: The Biden Administration released a statement on March 21 urging companies to strengthen their cybersecurity capabilities and protections in the face of potentially damaging cyber activity perpetrated by threat actors as part of the ongoing conflict. The Administration also urged organizations to execute a number of best practices for bolstering cyber […]
Read more

The Apache Log4j Zero-Day Vulnerability: What You Need to Know

12/14/2021 When the Log4j vulnerability was revealed, the NetWitness team launched an immediate investigation into Log4j use within the NetWitness Platform, as well as actions to support its customers in identifying and remediating attempts to exploit the vulnerability in their own environments.
Read more

Could Your Collaboration Tools be Hacker-Friendly?

11/19/2021 It’s back to the future. Companies and their employees are slowly returning to in-person work, with many organizations maintaining their hybrid workforce model. And this shift to remote work has resulted in an increasing reliance on web-based collaborative tools. In fact, a Gartner study found that usage of collaboration tools has nearly doubled over the […]
Read more

NetWitness: XDR, Visibility, and the Future of SOCs

09/16/2021 This overview introduces a downloadable XDR whitepaper by Frost & Sullivan, covering XDR and enhanced visibility, the value of XDR to the future of security ops, and why organizations should adopt XDR by focusing on 3 essential keys.
Read more

Ransomware: A Beginner’s Guide to Threat Detection

08/11/2021 At NetWitness we know how devastating it can be to find your organization impacted by a ransomware attack, so we created this Ransomware FAQ. This intro to ransomware explains essential ransomware concepts to equip IT and non-IT professionals with deeper knowledge of this growing threat.
Read more

XDR and Zero Trust: Partners in Threat Detection

08/10/2021 Zero Trust isn’t always part of the XDR conversation—but it should be. Here’s why the relationship of these threat detection partners is so critically important to an enterprise’s digital transformation security.
Read more

A Peek Inside the Black Hat NOC with Grifter

07/20/2021 In this interview, Neil Wyler, a.k.a. Grifter, talks about how he got involved with Black Hat more than 20 years ago, and how the event’s network operations center (NOC) has evolved in that time to take on today’s modern cybersecurity challenges.
Read more

Verifiable Credentials: The Key to Trust on the Next Web

07/14/2021 RSA once again secures the open web In 1994 the World Wide Web was at a crossroads. The technology that today we simply call “the web,” invented five years earlier by Tim Berners-Lee, was poised to become the de facto interface to the internet. Its document-based, human-centric, point-and-click model was wildly popular among the technologists […]
Read more

Your Threat Intelligence Platform is Ready to SOAR

06/16/2021 When security is weaved in from the outset, the fabric you produce at the end of the project is stronger and safer. In the security orchestration, automation and response (SOAR) space, that essential ingredient is a threat intelligence platform (TIP) capability.
Read more

Securing the IoT Edge Ecosystem

03/22/2021 IoT Edge architecture is emerging to tackle the explosion of Internet of Things (IoT) devices and systems. This open ecosystem approach enables contributions from many sources. RSA is doing its part to add security across the range of IoT Edge solutions.
Read more

Future-Proofing Security Operations Centers

02/15/2021 Recommendations for building SOCs for the future.
Read more

Strategies for Insider Threat Mitigation

09/09/2020 In Part II of this blog series, we examine strategies for insider threat risk mitigation including key tenants of data visibility and advanced analytics to provide organizations a road map for addressing this evolving threat.
Read more

Person holds a light source and from it threads of light and icons emerge from it.

From the Ashes of Disruption Emerges Innovation and New Ways to Work

07/28/2020 RSA CTO Dr. Zulfikar Ramzan talks with ITPSmagazine about the security and risk challenges of transitioning employee and business operations back to physical locations and why this period of disruption may be a catalyst for a new era of innovation.
Read more

Man ponders what is on his computer screen

Reimagining the SOC for the Future of Work

07/27/2020 Amy Blackshaw and Michael Adler talk with ITPSmagazine about ways to enable a successful virtual SOC and what organizations need to do to manage the growing threat of dynamic workforce risks.
Read more

Managing Digital Risk in a New Age of Internet of Things

07/15/2020 IoT risk is digital risk. Manage it correctly to gain the full power of IoT.
Read more

Security Considerations for the Dynamic Workforce

06/01/2020 The way we work has changed forever. From offices to homes and remote locations, what do security operations need to consider? And how do they need to adapt to this dynamic workforce? There are five security considerations that should be top of mind in this new reality.
Read more

Operationalizing Incident Response

11/04/2019 Risk management, threat intelligence, and incident response come together in a sensible, practical, and operational detect and respond model to positively impact your cyber risk strategy. Staffing models (small and large), tools, and managed service providers can also be leveraged successfully.
Read more