{"id":5089,"date":"2023-04-05T10:46:25","date_gmt":"2023-04-05T15:46:25","guid":{"rendered":"https:\/\/www.cybersecurityinstitute.com\/blog\/?p=5089"},"modified":"2023-04-05T10:46:25","modified_gmt":"2023-04-05T15:46:25","slug":"incident-responder-news-2023-04-02","status":"publish","type":"post","link":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/2023\/04\/05\/incident-responder-news-2023-04-02\/","title":{"rendered":"Incident Responder News \u2013 2023-04-02"},"content":{"rendered":"\n<h2 class=\"wp-block-heading\"><a>Table of Contents<\/a><\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li>While unified platforms have historically been within the means of only large organizations\u2014ones able to build their own cybersecurity ecosystems\u2014that\u2019s no longer the case. Enterprises of all sizes can obtain a readymade platform from a vendor and customize it relatively easily to meet their specifi<\/li>\n\n\n\n<li>Microsoft Patch Tuesday for March 2023 \u2014 Snort rules and prominent vulnerabilities<\/li>\n\n\n\n<li>Sygnia Named in the 2023 Gartner \u00ae Market Guide for Digital Forensics and Incident Response Retainer Services for the Second Consecutive Time<\/li>\n\n\n\n<li>Build Security Muscle Memory With Tabletop Exercises<\/li>\n\n\n\n<li>Use Searching Engines to Hunt For Threat Actors<\/li>\n\n\n\n<li>50 Threat Hunting Hypothesis Examples<\/li>\n\n\n\n<li>How to Choose the Right SOC Model for Your Organization?<\/li>\n\n\n\n<li>Part 1: Bro, do you even detection engineer?<\/li>\n\n\n\n<li>Chinese Hackers Targeting Security and Network Appliances<\/li>\n\n\n\n<li>What\u2019s in store for MSPs: Trends for 2023<\/li>\n\n\n\n<li>Understanding metrics to measure SOC effectiveness<\/li>\n\n\n\n<li>CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks<\/li>\n<\/ul>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.trendmicro.com\/content\/dam\/trendmicro\/global\/en\/ciso\/thumbnails\/23\/cybersecurity-operations.png\">&nbsp;<strong>While unified platforms have historically been within the means of only large organizations\u2014ones able to build their own cybersecurity ecosystems\u2014that\u2019s no longer the case. Enterprises of all sizes can obtain a readymade platform from a vendor and customize it relatively easily to meet their specifi<\/strong><br><em>Trend Micro<\/em><br>What\u2019s driving cybersecurity operations to evolve<br><br>Moving IT into the cloud, adopting as-a-service business models, and supporting hybrid work have all changed\u2014and grown\u2014the enterprise attack surface.<br>Instead of the classic network perimeter, identity is the new boundary that has to be protected.<br>What SOC teams need most are better ways to correlate and prioritize alerts so they can isolate the ones that truly matter while getting in front of threats instead of reacting to them.<br>Step 1: Optimize XDR for stronger cybersecurity operations<br><br>Combining XDR with SIEM optimizes the capabilities of both: SIEM data enriches XDR detection and investigation while XDR\u2019s correlations give context to SIEM logs for better threat identification over time.<br><br>Step 2: Adopt proactive cyber risk management<br><br>\u201cA sustainable security program that provides data-driven risk decision making and measurable treatments as an outcome is essential to manage the new normal,\u201d according to Gartner\u2019s 2022 Planning Guide for Security and Risk Management.<br>Given the sheer number of entry points and potential connections\u2014from bring-your-own-device equipment to remote work environments, cloud elements, and as-a-service solutions\u2014operationalizing zero trust can be complicated.<br>Integrating risk management with the threat detection and response capabilities of optimized XDR helps, along with deployment of secure access service edge (SASE) tools.<br><br>Step 3: Converge solutions within a unified platform<br><br>While unified platforms have historically been within the means of only large organizations\u2014ones able to build their own cybersecurity ecosystems\u2014that\u2019s no longer the case.<br>Enterprises of all sizes can obtain a readymade platform from a vendor and customize it relatively easily to meet their specific needs.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.trendmicro.com\/en_us\/ciso\/23\/c\/cybersecurity-operations.html\">https:\/\/www.trendmicro.com\/en_us\/ciso\/23\/c\/cybersecurity-operations.html<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/blog.talosintelligence.com\/content\/images\/2023\/03\/patch-tuesday.png\">&nbsp;<strong>Microsoft Patch Tuesday for March 2023 \u2014 Snort rules and prominent vulnerabilities<\/strong><br><em>Jonathan Munshaw<\/em><br><em>Talos Blog<\/em><br>Microsoft released its monthly security update Tuesday, disclosing 83 vulnerabilities across the company\u2019s hardware and software line, including two issues that are actively being exploited in the wild, continuing a trend of zero-days appearing in Patch Tuesdays over the past few months.<br><br>Two of the vulnerabilities included in March\u2019s security update have been exploited in the wild, according to Microsoft, including one critical issue.<br><br>A moderate-severity vulnerability that\u2019s already being exploited in the wild is CVE-2023-24880, a security feature bypass vulnerability in Windows SmartScreen, a cloud-based anti-phishing and anti-malware feature included in several Microsoft products.<br>The other zero-day included this month is CVE-2023-23397, a privilege escalation vulnerability in Microsoft Outlook that could force a targeted device to connect to a remote URL and transmit the Windows account&#8217;s Net-NTLMv2 hash to an adversary.<br><br>Three of the other critical vulnerabilities Microsoft is patching have a CVSS severity score of 9.8 out of 10: CVE-2023-21708, CVE-2023-23392 and CVE-2023-23415.<br><br>In response to these vulnerability disclosures, Talos is releasing a new Snort rule set that detects attempts to exploit some of them.<br>Please note that additional rules may be released at a future date and current rules are subject to change pending additional information.<br>Cisco Secure Firewall customers should use the latest update to their ruleset by updating their SRU.<br>Open-source Snort Subscriber Rule Set customers can stay up to date by downloading the latest rule pack available for purchase on Snort.org.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/blog.talosintelligence.com\/microsoft-patch-tuesday-for-march-2023-snort-rules-and-prominent-vulnerabilities\/\">https:\/\/blog.talosintelligence.com\/microsoft-patch-tuesday-for-march-2023-snort-rules-and-prominent-vulnerabilities\/<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/dcnnmagazine.com\/wp-content\/uploads\/2022\/10\/cropped-dcnn-fav-270x270.jpg\">&nbsp;<strong>Sygnia Named in the 2023 Gartner \u00ae Market Guide for Digital Forensics and Incident Response Retainer Services for the Second Consecutive Time<\/strong><br><em>Sygnia, Inc<\/em><br><em>Blox Digital<\/em><br>TEL-AVIV, Israel and NEW YORK, March 16, 2023 \/PRNewswire\/ &#8212; Sygnia, a leading cyber technology and services company which provides high-end consulting and incident response support for organizations worldwide, today announced that it was named in the 2023 Gartner \u00ae Market Guide for Digital Forensics and Incident Response Retainer Services (DFIR) for the second consecutive time.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/curated.tncontentexchange.com\/partners\/pr_newswire\/subject\/surveys_polls_and_research\/sygnia-named-in-the-2023-gartner-market-guide-for-digital-forensics-and-incident-response-retainer\/article\">https:\/\/curated.tncontentexchange.com\/partners\/pr_newswire\/subject\/surveys_polls_and_research\/sygnia-named-in-the-2023-gartner-market-guide-for-digital-forensics-and-incident-response-retainer\/article<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.rapid7.com\/blog\/post\/2023\/03\/15\/build-security-muscle-memory-with-tabletop-exercises\/favicon.ico\">&nbsp;<strong>Build Security Muscle Memory With Tabletop Exercises<\/strong><br><em>Joshua Harr<\/em><br><em>Rapid 7 Blog<\/em><br>There are three methodologies that I discuss with our customers.<br>Each of these methods have benefits for all organizational levels, but are ideally suited to specific levels as outlined below.<br><br>Break-The-Glass<br>Escalatory Method<br>Choose Your Own Adventure<br>The &#8220;One Right Answer\u201d Issue<br>When I discuss a TTX with customers, there are times where they want to practice one specific thing to prove that there is an issue in the program or point out problems in other teams.<br>This is never a good idea.<br>The Goal<br>One of those goals should be bringing the organization together and practicing the plans and processes to ensure that the muscle memory is there when you need it most\u2014gametime.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.rapid7.com\/blog\/post\/2023\/03\/15\/build-security-muscle-memory-with-tabletop-exercises\/\">https:\/\/www.rapid7.com\/blog\/post\/2023\/03\/15\/build-security-muscle-memory-with-tabletop-exercises\/<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/miro.medium.com\/v2\/resize:fill:152:152\/1*sHhtYhaCe2Uc3IU0IgKwIQ.png\">&nbsp;<strong>Use Searching Engines to Hunt For Threat Actors<\/strong><br><em>Gustav Shen<\/em><br><em>Medium<\/em><br>As a red team operator, I fully understand the importance of OPSEC.<br>Although I am not a threat-hunting expert, utilizing threat intelligence to track and locate other hackers and observing their mistakes can help enhance my own OPSEC awareness, allowing me to avoid low-level mistakes.<br>The threat intelligence community boasts numerous outstanding threat hunters, such as Michael Koczwara, whose articles have provided me with significant insights.<br>These threat hunters expose threat actors\u2019 infrastructure IPs and domain names, assisting in enriching blacklists for both individuals and cybersecurity products.<br>This article (https:\/\/bank-security.medium.com\/hunting-cobalt-strike-servers-385c5bedda7b) explains how to use different methods, such as default Cobalt Strike certificates and default 404 responses, to search for Cobalt Strike servers on the internet using the Shodan search engine.<br>Other articles, like https:\/\/michaelkoczwara.medium.com\/hunting-c2-with-shodan-223ca250d06f, analyze the characteristics of C2 servers beyond Cobalt Strike and how to locate them using search engines.<br>There is a wide variety of internet asset search engines available, such as Shodan, Censys, Zoomeye, and Fofa.<br>However, when it comes to locating threat actor servers with open directory configurations, my personal choice is the Quake search engine.<br>Threat actors tend to prefer setting up temporary HTTP file servers using Python due to its simplicity and convenience.<br>However, sometimes they forget to shut down the Python HTTP server promptly, leaving traces we can track.<br>Filtering by HTTP response is relatively straightforward; we can enter the name of any security tool or malware, such as Mimikatz, Cobalt Strike, or Rubeus.<br>Some query examples:<br>title: \u201cDirectory listing for \/\u201d and response:\u201dcobaltstrike\u201d<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/gustavshen.medium.com\/use-searching-engines-to-hunt-for-threat-actors-74be52976e9f\">https:\/\/gustavshen.medium.com\/use-searching-engines-to-hunt-for-threat-actors-74be52976e9f<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.cyborgsecurity.com\/wp-content\/uploads\/2021\/12\/cropped-Cyborg-Favicon-3-270x270.png\">&nbsp;<strong>50 Threat Hunting Hypothesis Examples<\/strong><br><em>Cyborg Security<\/em><br>A hypothesis is an educated guess or a proposed explanation for a phenomenon that can be tested and verified.<br>In threat hunting, a hypothesis is a proposed explanation for an observed behavior that may be indicative of malicious activity.<br>To help organizations and hunters overcome this challenge, we\u2019ve compiled a list of 50 threat hunting hypotheses examples.<br>These examples cover a wide range of scenarios and can serve as a starting point for organizations and hunters looking to improve their threat hunting efforts.<br>Whether you\u2019re a seasoned threat hunter or just getting started, this list of threat hunting hypotheses is sure to provide you with valuable insights and ideas for your next threat hunting project.<br><br>Creating effective threat hunting hypothesis examples is a crucial aspect of successful threat hunting.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.cyborgsecurity.com\/blog\/50-threat-hunting-hypothesis-examples\/\">https:\/\/www.cyborgsecurity.com\/blog\/50-threat-hunting-hypothesis-examples\/<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/opptrends.com\/wp-content\/uploads\/2016\/08\/fav.png\">&nbsp;<strong>How to Choose the Right SOC Model for Your Organization?<\/strong><br><em>Richard Orland<\/em><br><em>Opp Trends<\/em><br>Outsourcing\/Managed Service Provider \u2013 MSP<br>In-house\/Organisation Model \u2013 IOM<br>Co-sourcing Model \u2013 CSM<br>\u2022 Virtual Security Operations Center (VSOC):<br>Considerations for Choosing the Right Model<br>Business size and scope<br>Resource availability<br>Regulatory compliance requirements<br>Budgetary parameters<br>Choosing the right Security Operations Center model for your organization requires careful consideration of multiple components.<br>While there are many factors to consider, two primary aspects \u2013 deployment type and coverage level \u2013 should be addressed when deciding on an SOC model to implement.<br><br>Deayment type refers to how resources are being used within the SOC.<br>Organizations can either opt for an in-house SOC, a Managed Security Service Provider (MSSP), or a hybrid approach that combines aspects of both in-house and outsourced solutions.<br><br>Coverage level refers to the range of capabilities offered by an SOC model, including system support operations such as security event log monitoring, malware analysis and incident investigation as well as proactive services such as patch management and vulnerability assessments<br>There are several levels to consider \u2013 basic coverage which is ideal for small organizations; standard coverage which often includes 24\/7 monitoring; advanced coverage which encompasses more complex technologies; and extended coverage which typically meets sophisticated organizational needs requiring specialized skillsets .<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.opptrends.com\/right-soc-model-for-your-organization\/\">https:\/\/www.opptrends.com\/right-soc-model-for-your-organization\/<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/miro.medium.com\/v2\/resize:fill:152:152\/1*sHhtYhaCe2Uc3IU0IgKwIQ.png\">&nbsp;<strong>Part 1: Bro, do you even detection engineer?<\/strong><br><em>Atanas Viyachki<\/em><br><em>Medium<\/em><br>Detection engineering is the capability that focuses on identifying threats and building those in-house detections.<br>But, it should not stop there.<br>Focused on enabling security engineers from various departments to be able to create detections, I developed the Open Detection Engineering Framework (ODEF).<br><br>ODEF is to my knowledge the first framework that defines the detection lifecycle.<br>With three phases \u2014 sunrise, midday and sunset ODEF covers the life of a detection from inception to decommissioning.<br>Each phase has corresponding functions, goals and guidelines.<br>This helps the detection engineer to maintain north star focus and deliver a detection with exceptional quality.<br><br>ODEF provides two templates for documenting detections \u2014 in yaml and markdown.<br>Each for different purpose:<br><br>ODEF phases<br>\u201cSunrise\u201d is the first phase of the detection lifecycle.<br>It marks the inception, development and commission to production of the detection<br>While sunrising a detection there are 6 core functions that should be addressed:<br><br>Research<br>Prepare<br>Build &amp; Enrich<br>Validate<br>Automate<br>Share<br>The \u201cMidday\u201d phase is normally the longest phase from detection lifecycle perspective.<br>During this phase the detection is commissioned to production.<br>It should be automated and enabled to run continuously.<br>The phase monitors the detection during its operation and aims to improve it if needed.<br><br>High level goals for the Midday phase:<br>Operate and monitor the detection for FP or TP<br>Improve the detection logic in case of influx of FP<br>Perform systematic reviews to ensure relevancy<br>During the \u201cSunset\u201d phase the detection is taken out of commission.<br>The phase ensures that resources are not spent for outdated and irrelevant detections.<br>At the same time it ensures that documentation of the detection remains.<br><br>High level goals for the Sunset phase:<br>Decommission the detection and leave it in a state that it can be re-enabled anytime<br>Preserve the knowledge<br>ODEF Mindmap<br>The goal of the mindmap is to show the effort required for each lifecycle phase.<br>The more branches you count, the bigger the effort.<br>When building high-quality detections, the sunrise phase takes the biggest amount of effort.<br><br>Stay tuned for Part 2 \u2014 ODEF Implementation.<br>Where we will see how to grow quality detection as code capability.<br>And enforce detection quality with automated unittests.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/medium.com\/@aviyachki\/part-1-bro-do-you-even-detection-engineer-1584dca5ddc9\">https:\/\/medium.com\/@aviyachki\/part-1-bro-do-you-even-detection-engineer-1584dca5ddc9<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/www.inforisktoday.asia\/images\/favicons\/favicon_IR.ico\">&nbsp;<strong>Chinese Hackers Targeting Security and Network Appliances<\/strong><br><em>Prajeet Nair<\/em><br><em>Info Risk Today<\/em><br>Chinese threat actors are turning security appliances into penetration pathways, forcing firewall maker Fortinet to again attempt to fend off hackers with a patch.<br><br>A threat cluster related to UNC3886 also targeted a Fortinet zero-day in a campaign that involved delivery of a custom backdoor &#8220;specifically designed to run on FortiGate firewalls&#8221; (see: Fortinet VPN Flaw Shows Pitfalls of Security Appliances).<br><br>Thursday&#8217;s disclosure comes just days after Mandiant identified a suspected Chinese campaign targeting the SonicWall Secure Mobile Access appliance.<br>The same group is also likely responsible for a campaign unmasked in September against VMware ESXi servers.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.inforisktoday.asia\/chinese-hackers-targeting-security-network-appliances-a-21467\">https:\/\/www.inforisktoday.asia\/chinese-hackers-targeting-security-network-appliances-a-21467<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/secure.gravatar.com\/blavatar\/7cb6c4cbff0d9d01691eb1ca919308e8?s=32\">&nbsp;<strong>What\u2019s in store for MSPs: Trends for 2023<\/strong><br><em>ESET Ireland<\/em><br><em>ESET Blog<\/em><br>Moore provided a few tips MSPs can implement to improve their security:<br>Automatic patch processes<br>Shrink the attack surface<br>Enhance data protection<br>Do not fall to alert fatigue<br>Employee awareness<br>Overall, the number one thing any business can do to improve its protection is to opt for a trustworthy cybersecurity solution.<br>ESET is here to provide that protection to all businesses, big or small.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/blog.eset.ie\/2023\/03\/24\/whats-in-store-for-msps-trends-for-2023\/\">https:\/\/blog.eset.ie\/2023\/03\/24\/whats-in-store-for-msps-trends-for-2023\/<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"https:\/\/securelist.com\/wp-content\/themes\/securelist2020\/assets\/images\/content\/site-icon.png\">&nbsp;<strong>Understanding metrics to measure SOC effectiveness<\/strong><br><em>Sarim Rafiq Uddin<\/em><br><em>Secure List<\/em><br>Apart from revenue and profits, there are two key principles that drive business success:<br>Maintaining business operations to achieve the desired outcomes<br>Continually improving by bringing in new ideas or initiatives that support the overall goals of the business<br>Measuring routine operations<br>Example 1: Measuring analysts\u2019 wrong verdicts<br><br>Measuring this metric can aid in identifying critical areas that may affect the outcome of the security monitoring process.<br>It should be noted that this metric is an internal KPI, and the SOC manager has set a target of 10% (target value is often set based on the existing levels of maturity).<br>If the percentage of this metric exceeds the established target, it suggests that the SOC analyst\u2019s triage skills may require improvement, hence providing valuable insight to the SOC manager.<br><br>Example 2: Measuring alert triage queue<br><br>Evaluating this metric can provide insights into the workload of SOC analysts.<br>Example 3: Measuring time to detect incidents<br><br>Measuring this metric can provide insights into the efficiency of the security monitoring service for both internal and external stakeholders.<br>It\u2019s important to note that this metric is categorized as a service-level indicator (SLI), and the target value is set at 30 minutes.<br>Measuring improvement<br>OC leadership should devise a program where management and SOC employees get an opportunity to create and pitch ideas for improvement.<br>Metric identification and prioritization<br>SOCs generally do measure their routine operations and improvements using \u2018metrics\u2019.<br>However, they often struggle to recognize if these metrics are supporting the decision-making process or showing any value to the stakeholders.<br>Hunting for meaningful metrics is a daunting task.<br>The common approach we have followed in SOC consulting services to derive meaningful metrics is to understand the specific goals and operational objectives of security operations.<br>Another proven approach is the GQM (Goal-Question-Metric) system that involves a systematic, top-down methodology for creating metrics that are aligned with an organization\u2019s goals.<br>By starting with specific, measurable goals and working backwards to identify the questions and metrics needed to measure progress towards those goals, the GQM approach ensures that the resulting metrics are directly relevant to the SOC\u2019s objectives.<br><br>To determine the appropriate metrics, several factors should be taken into account:<br>Metrics must be aligned with the primary goals and operational objectives<br>Metrics should assist in the decision-making process<br>Metrics must demonstrate their purpose and value to both internal operations and external stakeholders.<br>Metrics should be realistically achievable in terms of data collection, data accuracy, and reporting.<br>Metrics must also meet the criteria of the SMART (Specific, Measurable, Actionable, Realistic, Time-based) model.<br>Ideally, metrics should be automated to receive and analyze current values in order to visualize them as quickly as possible.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/securelist.com\/understanding-metrics-to-measure-soc-effectiveness\/109061\/\">https:\/\/securelist.com\/understanding-metrics-to-measure-soc-effectiveness\/109061\/<\/a><\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" height=\"16\" width=\"16\" src=\"http:\/\/blank.ico\/\">&nbsp;<strong>CISA Red Team Shares Key Findings to Improve Monitoring and Hardening of Networks<\/strong><br><em>Networking Forums<\/em><br>Actions to take today to harden your local environment:<br><br>Establish a security baseline of normal network activity; tune network and host-based appliances to detect anomalous behavior.<br>Conduct regular assessments to ensure appropriate procedures are created and can be followed by security staff and end users.<br>Enforce phishing-resistant MFA to the greatest extent possible.<br><strong>Link:<\/strong>&nbsp;<a href=\"https:\/\/www.networking-forums.com\/vendor-advisories\/us-cert-cisa-red-team-shares-key-findings-to-improve-monitoring-and-hardening-of\/msg27258\/?PHPSESSID=3d678145a0f57b5f6046dad06795a510#msg27258\">https:\/\/www.networking-forums.com\/vendor-advisories\/us-cert-cisa-red-team-shares-key-findings-to-improve-monitoring-and-hardening-of\/msg27258\/?PHPSESSID=3d678145a0f57b5f6046dad06795a510#msg27258<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Table of Contents &nbsp;While unified platforms have historically been within the means of only large organizations\u2014ones able to build their own cybersecurity ecosystems\u2014that\u2019s no longer the case. Enterprises of all sizes can obtain a readymade platform from a vendor and customize it relatively easily to meet their specifiTrend MicroWhat\u2019s driving&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5089","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5089","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/comments?post=5089"}],"version-history":[{"count":1,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5089\/revisions"}],"predecessor-version":[{"id":5090,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/posts\/5089\/revisions\/5090"}],"wp:attachment":[{"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/media?parent=5089"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/categories?post=5089"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cybersecurityinstitute.com\/blog\/index.php\/wp-json\/wp\/v2\/tags?post=5089"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}