Detecting the sudden appearance of events with ee-outliers and Elasticsearch

Recently, for our open-sourced ee-outliers framework, we released a new outlier model capable of detecting the sudden appearance of one or multiple field values of an Elasticsearch event. For example, this model could spot new TLDs that are suddenly being contacted (DNS/SSL) and communicating with C2 domains. It could also detect an executable that suddenly … Continue reading Detecting the sudden appearance of events with ee-outliers and Elasticsearch

EDR: an overview of visibility improvements and economic benefits

Endpoint Detection and Response (EDR) is one of the most talked about cybersecurity topics in the last few years; it is on the agenda of most security officers as one of the first improvements to embrace in their organization, if not yet done. Why, though? What has made EDR the number one must-have security solution? … Continue reading EDR: an overview of visibility improvements and economic benefits