Academia CloudSec

Greg Zemlin

março 18, 2025

Privilege escalation is when an attacker exploits weaknesses in your environment or infrastructure to gain higher access and control within a system or network.

Lateral movement is a cyberattack technique used by threat actors to navigate a network or environment in search of more valuable information after gaining initial access.

A brute force attack is a cybersecurity threat where a hacker attempts to access a system by systematically testing different passwords until a correct set of credentials is identified.

Greg Zemlin

março 15, 2025

Cryptojacking is when an attacker hijacks your processing power to mine cryptocurrency for their own benefit.

Remote code execution refers to a security vulnerability through which malicious actors can remotely run code on your systems or servers.

Lauren Place

março 7, 2025

Identity threat detection and response (ITDR) is a cybersecurity approach that uses a combination of tools, intelligence, and automation to proactively detect, investigate, and respond to threats targeting digital identities and authentication systems in the cloud.

Chris Champa

fevereiro 26, 2025

SecOps metrics are trackable bits of data that quantify various aspects of your security operations center (SOC), such as performance or efficiency.

Chris Champa

fevereiro 25, 2025

Explore the top best practices for an effective security operations center (SOC).

Social engineering is an attack technique that focuses on exploiting an enterprise’s employees. In a typical social engineering scenario, cybercriminals may trick or deceive employees into ignoring security protocols, making them unwitting collaborators in cyberattacks.

Chris Champa

fevereiro 15, 2025

In this post, we’ll look at where anomaly detection fits into your cybersecurity big picture, some common techniques and use cases, as well as some tips on rolling out anomaly detection without adding to your teams’ workload.

Chris Champa

fevereiro 15, 2025

In this post, we’ll look at some of the differences between MDR and traditional managed services, how MDR functions within organizations, some of the tools it works with for even more effective threat detection and response, and the most important tip for getting the most out of your MDR solution.

Threat intelligence, also called cyber threat intelligence (CTI), is the practice of gathering and analyzing trends about potential or ongoing cyber threats.

Chris Champa

fevereiro 8, 2025

Incident response automation is a practice that uses artificial intelligence (AI) and machine learning (ML) capabilities in order to speed up the incident response process.

Chris Champa

fevereiro 8, 2025

Detection engineering is a structured approach to developing, implementing, and refining threat detection mechanisms that’s tailored to an organization’s specific environment.

In this post, we’ll explore similarities and differences between the NOC and SOC. Then we’ll take a look at some tools that help NOCs and SOCs accomplish their core functions—as well as some tips for overcoming the main challenges to their smooth operation within your organization.

Cloud security operations center (SOC) tools are the security solutions used by SOC teams to track and triage threats and vulnerabilities in cloud environments.

Greg Zemlin

janeiro 24, 2025

In this article, we’ll dig into why you should consider automating SOC, which SOC workflows to automate, and some best practices to adopt.

Shaked Rotlevi

dezembro 12, 2024

Data detection and response (DDR) is a cybersecurity solution that uses real-time data monitoring, analysis, and automated response to protect sensitive data from sophisticated attacks that traditional security measures might miss, such as insider threats, advanced persistent threats (APTs), and supply chain attacks.

Greg Zemlin

novembro 26, 2024

Build a strong incident response policy to manage cybersecurity crises with clear roles, compliance steps, and hands-on training.

Chris Champa

outubro 25, 2024

Open-source software (OSS) incident response (IR) tools are publicly available tools enterprises use to effectively manage and respond to numerous security threats.

Open-source intelligence (OSINT) is a framework that involves gathering, analyzing, and interpreting publicly available data to gain insights into cyber threats, adversarial activities, and attack techniques. OSINT identifies innocuous-seeming information that, if analyzed with an attacker’s mindset, could reveal critical loopholes in an enterprise’s security posture.

Greg Zemlin

outubro 14, 2024

A análise forense digital e a resposta a incidentes (DFIR) são um campo da segurança cibernética que lida com a identificação, investigação e resposta a ataques cibernéticos.

Greg Zemlin

setembro 27, 2024

A threat intel feed, or threat intelligence feed, provides a continuous incoming flow of data related to cyber threats and risks.

Greg Zemlin

setembro 24, 2024

In this blog post, we’ll shine a light on the top OSS threat intelligence platforms and tools that enterprises can integrate into their security stack.

Chris Champa

setembro 13, 2024

An incident response plan (IRP) is a detailed framework that provides clear, step-by-step guidelines to detect, contain, eradicate, and recover from security incidents.