How this Talos team member’s love of true crime led to a life in cybersecurity  
By Jon Munshaw. 
Liz Waddell is usually there on someone’s worst day of their professional lives.  Chief technology officers and chief information security officers can hope all they want that the...


[[ This is only the beginning! Please visit the blog for the complete entry ]]

**How this Talos team member’s love of true crime led to a life in cybersecurity **

_By Jon Munshaw._ 

Liz Waddell is usually there on someone’s worst day of their professional lives.  

Chief technology officers and chief information security officers can hope all they want that the day they get hit with a ransomware attack will never come. Unfortunately, for many organizations, they’re nearly impossible to avoid nowadays.  

Waddell, the IR practice leader for Cisco Talos Incident Response, is then called in by the time the attacks already happened. While CTIR offers many proactive services to protect against cyber attacks, they also serve as boots-on-the-ground helpers to assist companies remediate attacks as soon as they happen and limit the potential damage. 

“When you watch an active ransomware encryption happen, and there is nothing you can do to stop it, it’s the worst feeling in the world,” Waddell said in a recent sit-down interview. “When I lose that ability to control the situation, that's when it gets really hard for me."

Although at that moment, the targets may think there’s no hope ahead, Waddell and her teammates are there to outline the next steps and improve that CISO’s following days. 

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCZ2XiBUwPy5RMfst9yjZsbDaslTpbGUtKxGNl7rT6nxW_zzxCCF7QbvxcIAZN4PAgaisFQy0zCXIrq41efkUa7LZFo7LuAV9eBRc4ZEU8I5J9U4vD8GThgVnlhFz40CiQHnPqw4BNISskbDLvFx4d5tC_ex-kv5PrPD_RQLY6QAgTgud2ZTeo6FFn/s320/BW_Waddell.jpg)

Liz Waddell, CTIR Practice Leader

CTIR offers emergency services for anyone who may be the victim of a cyber attack. And while the team brings with it a trove of Talos intelligence, the backing of Cisco Secure technology and Talos’ world-class research team, it’s about more than just the 1’s and 0’s at that moment. 

Waddell said as the practice leader, she must be flexible and, sometimes, just a good listener.  

“You’ve got to have empathy... No one who’s had a breach is going to be calm,” she said. “You have to put yourself in that person’s shoes and see what they might know on their side. They need someone to show them the way, show them the light, give them some answers.” 

These days, there are very few calm days for Liz and the rest of CTIR. The team, along with most of Talos, has been heads-down over the past few months assisting Ukraine with ongoing cyber attack prevention and network resiliency. But several years ago, Waddell never could have imagined she’d be assisting an invaded country during an international conflict.  

She actually started her career working in audio and video digital preservation. She spent her days moving physical media into digital formats for a Pennsylvania company, managing projects and even combing through thousands of lines of XML code. Her background in audio preservation is fitting given that she’s the newest permanent host of the Beers with Talos podcast. 

Waddell eventually moved on to managing databases and code for a private contractor. But she noticed that as she would process these files and store them, there was little thought given to how to properly protect them. 

“One of the things that was always bothering me was we would do all this work, and then what happens to the file afterward, we just ignore,” she said. 

On top of that, Waddell was, and still is, interested in true crime — she spends a lot of her time away from her desk listening to true crime podcasts like “Crime Junkies” and “My Favorite Murder.” This led her to be interested in the individuals behind cyber attacks and large threat actors and enjoys creating profiles of adversaries to potentially understand their motivations and next actions. 

She decided to merge these curiosities and enter the world of cybersecurity. That’s when she returned to school at the University of Texas at San Antonio to obtain her second masters’ degree in information technology and cybersecurity. Eventually, she partnered up with a mentor in the field and got her first job in incident response. She joined Cisco Incident Response (before it moved under the Talos umbrella) in 2018.  

![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjklYVn2hJvXZuf1W-wjA42mSN0cjfS1P8KxJ70kT0LXdt0WPZ_Ru-nJQMjUZv5l6z3Fc4yXfsdd5Kjh6JMEXRAFTKhezjpeyBOXEFoZ5g5pPcrCT_QsWjN1UPsi8hbcKRCOBbaONCmKH5fy5RsDYCA4Z-GtJwphe13Gj5XZ4Nn33NTiJXWZRt3WVQ6/s320/IMG_5578.jpeg)

Outside of work, Liz has a number of hobbies,  
including taking aerial aerobics classes.

Becoming part of the Talos family changed everything for Waddell, she said. Her favorite Talos memories include multiple meetups with co-workers at conferences (which recently have started to return in-person). Working with CTIR can often mean long hours and late nights, but the bonds she forms with her team members make those moments easier to work through. Sometimes it even means working in unique places, like a treehouse at the San Diego Zoo. 

"That was definitely my favorite Talos moment,” she said. “I think my younger self would be very impressed and happy that I found a place where I fit in.” 

Since joining the team, she’s moved into more of a leadership role and now regularly speaks at conferences around the country, appears in videos for Talos and Cisco Secure, and shares her security opinions and adventures in corset knitting on Beers with Talos every other week. 

But she’s also one of the first people to be on site when a customer calls in an emergency. While she enjoys the challenge of addressing an active cyber attack what’s more important is the satisfaction that comes from seeing the customer through to the other side. Waddell is also placing a bigger emphasis now on creating plans of action for customers so that, if the worst day of their professional lives does come, they’re ready to respond and react quickly. 

“Your customer is inevitably going to come to you and say, 'What do I do?’” Waddell said. “When media gets a hold of it, it only gets more stressful. But if you have things planned out and you have a path to go, it becomes a lot less scary.” 

If your organization would like to work with Liz or one of her fellow CTIR team members, you can reach out to them here. Talos Incident Response offers a range of proactive services for security teams, including hands-on tabletop exercises, a state-of-the-art cyber range for training and much more.

Researcher Spotlight: Liz Waddell, CTIR practice lead

A potential vulnerability in the SMI callback function used in the NVME driver in some Lenovo Desktop, ThinkStation, and ThinkEdge models may allow an attacker with local access and elevated privileges to execute arbitrary code.

**About Lenovo**

*   Our Company
*   News
*   Investor Relations
*   Sustainability
*   Product Compliance
*   Product Security
*   Lenovo Open Source
*   Legal Information
*   Jobs at Lenovo

**Shop**

*   Laptops & Ultrabooks
*   Tablets
*   Desktops & All-in-Ones
*   Workstations
*   Accessories & Software
*   Servers
*   Storage
*   Networking
*   Laptop Deals
*   Outlet

**Support**

*   Drivers & Software
*   How To's
*   Warranty Lookup
*   Parts Lookup
*   Contact Us
*   Repair Status Check
*   Imaging & Security Resources

**Resources**

*   Where to Buy
*   Shopping Help
*   Sales Order Status
*   Product Specifications (PSREF)
*   Forums
*   Registration
*   Product Accessibility
*   Environmental Information
*   Gaming Community
*   LenovoEDU Community
*   LenovoPRO Community

© Lenovo.  
| | |

CVE-2021-4210: Multi-vendor BIOS Security Vulnerabilities (February 2022) - Lenovo Support DE

A potential vulnerability in the SMI callback function used in the Legacy BIOS mode driver in some Lenovo Notebook models may allow an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2021-4212: Multi-vendor BIOS Security Vulnerabilities (February 2022) - Lenovo Support DE

A potential vulnerability by a driver used during manufacturing process on some consumer Lenovo Notebook devices' BIOS that was mistakenly not deactivated may allow an attacker with elevated privileges to modify secure boot setting by modifying an NVRAM variable.

CVE-2021-3972: Lenovo Notebook BIOS Vulnerabilities - Lenovo Support DE

A potential vulnerability due to improper buffer validation in the SMI handler LenovoFlashDeviceInterface in Thinkpad X1 Fold Gen 1 could be exploited by an attacker with local access and elevated privileges to execute arbitrary code.

CVE-2022-1108: ThinkPad BIOS Vulnerabilities - Lenovo Support DE

New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.

BUCHAREST, Romania and SANTA CLARA, Calif., April 21, 2022 -- Bitdefender, a global cybersecurity leader, today announced new enhancements to its Bitdefender Premium Virtual Private Network (VPN) Service designed to bolster privacy, identity protection and security for consumers. New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private web browsing from anywhere in the world using a computer or mobile device. It is simple to set up and comes with an intuitive interface for any level user.

Cybersecurity and data privacy are converging as consumers grow increasingly concerned about who has access to their personally identifiable information, as well as data collected about their online activities and how that data is sold, traded and used. Even when consumers use so-called "Private Browsing" or "Incognito" modes on major web browsers, internet service providers (ISPs), wireless hotspots and websites often still collect information about their browsing history and online behavior.

Data tracking, spyware and other malicious threats are still a reality on open public Wi-Fi networks. According to Firefox telemetry, about 80 percent of web traffic globally is encrypted. Additionally, a study found that about six percent of the top 10,000 websites secured by HTTPS had TLS protocol security flaws.

Recent Bitdefender research revealed that most consumers are highly exposed to risk, with the majority (61 percent) not using VPN services and anti-trackers, ad blockers (44 percent) or privacy software of any type (64 percent) on the personal devices they use most for online activities.

"It has become increasingly difficult for consumers to maintain privacy and keep their data secure as they conduct their digital lives online," said Ciprian Istrate, vice president, Bitdefender Consumer Solutions. "We incorporated ad blocking and anti-tracking capabilities to Bitdefender Premium VPN to deliver both solid protection and anonymity as users enjoy favorite online activities without concern their online behaviors are being tracked or personal data collected and sold either legally or illegally."

**Bitdefender Premium VPN Key Features**

*   **Powerful Encryption for All Web Traffic** \-- Securely encrypt all incoming and outgoing web traffic for Windows, Mac, Android and iOS devices leveraging over 4,000 Bitdefender VPN servers across 49 countries. Keep online identities and activities safe from hackers, ISPs and others for safe online streaming and downloads, with no traffic logs.
*   **Built-In Ad Blocker for Better Browsing Experience** \-- Native ad blocker module removes ads, banners, pop-ups and video ads from websites for a better browsing experience. Blocking intrusive ads reduces the risk of adware and malware, and helps users save bandwidth while reclaiming the entire screen for relevant content only.
*   **Prevent Online Profiling With Anti-Tracker --** Block advertisers, websites and other third-parties from collecting data such as device type, location, web queries, shopping preferences and more. Preventing the collection of such data not only protects consumer privacy, it can speed performance of users' devices.
*   **Achieve System-Wide Protection --** As opposed to web browser extensions that only offer privacy within that browser, Bitdefender VPN Premium blocks disrupting ads and tracking modules across the user's entire device without slowing down systems or leaving gaps in defense.
*   **Whitelist Trusted Websites --** Easily make exceptions to ad blocking and anti-tracking features as desired, by adding the URLs of specific, trusted domains to a whitelist. This enables VPN users to ensure secure, encrypted browsing while accessing websites that might otherwise not load properly when tracking codes are blocked.

**Availability**

Bitdefender Premium VPN is available for Windows, macOS, Android and iOS devices. New ad blocker, anti-tracker and whitelist capabilities are now available to all users, including free and trial customers. For more information or to purchase Bitdefender Premium VPN visit https://www.bitdefender.com/solutions/vpn.html.

**About Bitdefender**

Bitdefender provides cybersecurity solutions with leading security efficacy, performance and ease of use to small and medium businesses, mid-market enterprises and consumers. Guided by a vision to be the world's most trusted cybersecurity solutions provider, Bitdefender is committed to defending organizations and individuals around the globe against cyberattacks to transform and improve their digital experience. For more information, visit https://www.bitdefender.com.

Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies

Orlando, FL, April 19, 2022 — Fortress Information Security (Fortress), the leading supply chain cybersecurity provider for critical industries, today announced that it received a $125 million strategic investment from funds managed by the Private Equity business within Goldman Sachs Asset Management (Goldman Sachs). This new investment will support Fortress’s mission of securing U.S. critical industries from cybersecurity and operational threats emanating from their supply chains. Existing investors, including co-founders Peter Kassabov and Alex Santos, ClearSky, First Analysis, American Electric Power, Caron Capital, KMMT, and Moquin Capital, will continue to support Fortress as investors.

Fortress is transforming how critical industry operators and government agencies secure their supply chains in the face of increasing supply chain cybersecurity threats. Founded in 2015, the Fortress platform is a deep, fit-for-purpose solution that enables customers in critical industries to assess, manage, and address risks associated with vendors, assets, and software in their supply chains. Fortress enhances cybersecurity postures and compliance with relevant regulations. The Fortress solution was co-developed with leading electric utilities and has since grown into a consortium tool that includes five of North America’s ten largest investor-owned utilities. Fortress’s platform secures 40% of the U.S. power grid, substantial national defense-related assets, and critical manufacturing industries.

As critical industries increasingly face cybersecurity threats emanating from the supply chains that underlie them, federal government and private sector stakeholders have recognized that securing critical supply chains is a national security issue. In response, authorities such as the Cybersecurity and Infrastructure Security Agency (CISA) and the North American Electric Reliability Corporation (NERC) have released supply chain cybersecurity guidelines in the past year.

“Supply chain cybersecurity is one of the most important challenges facing business and government leaders today. Supply chains represent a source of significant threats to the national economy and our ability to maintain our way of life,” said Peter Kassabov, executive chairman and co-founder of Fortress. “We started Fortress because we recognized major supply chain vulnerabilities in our country’s most critical industries. Many recent high-profile breaches have spawned a new wave of regulatory action in the U.S. that will likely expand for the foreseeable future.”

“The Goldman Sachs investment validates the hard work of our employees and clients who have brought collaborative cybersecurity to life,” said Alex Santos, Fortress CEO and co-founder. “This growth capital infusion will empower us to accelerate the execution of our vision of resilient supply chains.”

“Fortress has established itself as a market leader in end-to-end supply chain cybersecurity solutions for U.S. critical industries and we look forward to scaling the company’s Asset-to-Vendor network, which provides significant value to critical infrastructure suppliers and customers,” said Will Chen, managing director within Goldman Sachs Asset Management. “The depth and breadth of the Fortress platform are unmatched and we believe there is a meaningful opportunity to accelerate the expansion of the platform into compelling product adjacencies, including software and hardware bill of materials, workflow orchestration, and additional analytics and reporting capabilities.”

Foley & Lardner LLP acted as legal advisor, and DBO Partners acted as financial advisor to Fortress. Goodwin Procter LLP acted as legal advisor, and Goldman Sachs & Co. LLC served as financial advisor to Goldman Sachs Asset Management.

Further terms of the transaction were not disclosed.

**About Fortress Information Security**

Fortress Information Security secures critical industries from cybersecurity and operational threats stemming from vendors, assets, and software in their supply chains. Fortress is the only end-to-end platform that connects intelligence surrounding vendors, information technology and operational technology assets, and software through a holistic, fit-for-purpose approach. Fortress has also partnered with its customers and suppliers to form the Asset-to-Vendor (A2V) network, which facilitates the secure and seamless exchange of asset information and security intelligence, enabling collaborative workflows to better understand and remediate potential issues. Fortress serves critical industries such as energy, government, aerospace & defense, critical manufacturing, industrial automation, automotive, and healthcare.

About Goldman Sachs Asset Management Private Equity

Bringing together traditional and alternative investments, Goldman Sachs Asset Management provides clients around the world with a dedicated partnership and focus on long-term performance. As the primary investing area within Goldman Sachs (NYSE: GS), we deliver investment and advisory services for the world’s leading institutions, financial advisors and individuals, drawing from our deeply connected global network and tailored expert insights, across every region and market—overseeing more than $2 trillion in assets under supervision worldwide as of December 31, 2021. Driven by a passion for our clients’ performance, we seek to build long-term relationships based on conviction, sustainable outcomes, and shared success over time. Goldman Sachs Asset Management invests in the full spectrum of alternatives, including private equity, growth equity, private credit, real estate and infrastructure. Established in 1986, the Private Equity business within Goldman Sachs Asset Management has invested over $75 billion since inception. We combine our global network of relationships, our unique insight across markets, industries and regions, and the worldwide resources of Goldman Sachs to build businesses and accelerate value creation across our portfolios. Follow us on LinkedIn.

_For more information, contact Adam Benson at \[email protected\] or 202.999.9104._

Fortress Information Security Receives  $125M Strategic Investment from Goldman Sachs Asset Management

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-22558

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service..  
 

5.7

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-22558

Dell PowerEdge Server BIOS and Dell Precision Workstation 7910 and 7920 Rack BIOS contain an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service..  
 

5.7

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Kiitokset**

Dell would like to thank yngweijw for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-03-31

Initial release

1.1

2022-05-31

Updated "Affected Products and Remediation" section

1.2

2022-06-20

Updated Target Release Dates

1.3

2022-07-27

Updated "Affected Products and Remediation" section

1.4

2022-08-04

Updated CVE Description. 

1.5

2022-08-22

Added PowerEdge XE8545 to "Affected Products and Remediation" section.

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

PowerEdge, PowerEdge C4130, PowerEdge C6320, PowerEdge FC430, PowerEdge FC630, PowerEdge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge R430, PowerEdge R530, PowerEdge R630Näytä lisää

22 elok. 2022

CVE-2022-22558: DSA-2022-015: Dell PowerEdge Improper SMM Communication Buffer Verification Vulnerability

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker could potentially exploit this vulnerability leading to arbitrary writes or denial of service.

Artikkelin numero: 000197971

**Yhteenveto: Dell PowerEdge remediation is available for an Improper SMM communication buffer verification vulnerability that may be exploited by malicious users to compromise the affected system.**

*   Artikkelin sisältö
*   Juridiset tiedot
*   Artikkelin ominaisuudet
*   Arvostele tämä artikkeli

**Artikkelin sisältö**

**Vaikutus**

Medium

**Tiedot**

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-22558

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service.  
 

5.7

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

**Proprietary Code CVE**

**Description**

**CVSS Base Score**

**CVSS Vector String**

CVE-2022-22558

Dell PowerEdge Server BIOS contains an Improper SMM communication buffer verification vulnerability. A Local High Privileged attacker may potentially exploit this vulnerability leading to arbitrary writes or denial of service.  
 

5.7

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:H

Dell Technologies suosittelee, että kaikki asiakkaat ottavat huomioon sekä CVSS-peruspistemäärän että kaikki asiaankuuluvat väliaikaiset ja ympäristöön liittyvät pisteet, jotka voivat vaikuttaa tietyn tietoturvahaavoittuvuuden mahdolliseen vakavuuteen.

**Tuotteet, joihin asia vaikuttaa ja tilanteen korjaaminen****Kiitokset**

Dell would like to thank yngweijw for reporting this issue.

**Versiohistoria**

**Revision**

**Date**

**Description**

1.0

2022-03-31

Initial release

**Asiaan liittyvät tiedot**

Dell Security Advisories and Notices  
Dell Vulnerability Response Policy  
CVSS Scoring Guide

**Juridiset tiedot**

Tämän Dell Technologiesin tietoturvatiedotteen tiedot on luettava, ja niiden avulla voidaan välttää tilanteita, jotka voivat johtua tässä kuvatuista ongelmista. Dell Technologiesin tietoturvatiedotteet tuovat tärkeitä tietoturvatietoja haavoittuvuudelle alttiiden tuotteiden käyttäjien tietoon. Dell Technologies arvioi riskin perustuen asennettujen järjestelmien hajautetun joukon keskimääräisiin riskeihin, eikä se välttämättä vastaa paikallisen asennuksen ja yksittäisen ympäristön todellista riskiä. Suositus on, että kaikki käyttäjät ratkaisevat näiden tietojen sovellettavuuden yksittäisten ympäristöjen mukaan ja ryhtyvät tarvittaviin toimenpiteisiin. Tässä esitetyt tiedot annetaan "sellaisenaan" ilman minkäänlaista takuuta. Dell Technologies kiistää kaikki suorat tai epäsuorat takuut, mukaan lukien takuut soveltuvuudesta kaupankäynnin kohteeksi, sopivuudesta tiettyyn käyttötarkoitukseen, omistusoikeudesta ja loukkaamattomuudesta. Dell Technologies, sen tytäryhtiöt tai toimittajat eivät missään tilanteessa ole vastuussa mistään vahingoista, jotka johtuvat tässä asiakirjassa mainituista tiedoista tai toimenpiteistä, joihin käyttäjä päättää ryhtyä. Tämä koskee kaikkia suoria, epäsuoria, satunnaisia, välillisiä, liikevoiton menetykseen liittyviä tai erityisluontoisia vahinkoja, vaikka Dell Technologies tai sen tytäryhtiöt tai toimittajat olisivat saaneet tiedon tällaisten vahinkojen mahdollisuudesta. Jotkin osavaltiot eivät salli satunnaisten tai seuraamuksellisten vahinkojen vastuun poistamista tai rajoittamista, joten edellä mainittua rajoitusta sovelletaan vain lain sallimassa laajuudessa.

**Artikkelin ominaisuudet**

**Tuote, johon asia vaikuttaa**

PowerEdge, PowerEdge C4130, PowerEdge C6320, PowerEdge FC430, PowerEdge FC630, PowerEdge FC830, PowerEdge M630, PowerEdge M630 (for PE VRTX), PowerEdge M830, PowerEdge M830 (for PE VRTX), PowerEdge R430, PowerEdge R530, PowerEdge R630Näytä lisää

**Tuote**

Product Security Information

**Edellinen julkaisupäivä**

31 maalis 2022

**Versio**

1

**Artikkelin tyyppi**

Dell Security Advisory

Acquisition will blend autonomous threat hunting with cloud-native security analytics for automating security tasks.

Cloud-native logging and security analytics company Devo Technology has acquired Kognos, a provider of autonomous threat hunting tools.

According to Devo, the deal will help the company provide an "autonomous SOC" tool to automate the threat lifecycle, including detection, triage, investigation, and hunting — boosting efficiency and minimizing burnout among security teams.

"For analysts to have any chance of keeping up with today's adversaries, we need to shift the SOC's focus from weeding through thousands of alerts every day to actionable attack stories — the full sequence of steps taken to carry out an attack and an understanding of its impact," Devo CEO Marc van Zadelhoff said in a statement. "Kognos does exactly this with AI that understands attack scenarios in real-time and anticipates the questions analysts ask of their data. Pairing Kognos with Devo enables analysts to move beyond focusing on just alerts and empowers them to take quick, decisive action against threats."

Financial details of the deal were not disclosed.

Keep up with the latest cybersecurity threats, newly-discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

Subscribe

Tag

#ios