Zeek in the news


At Léargas Security, we’ve long promoted the phrase, “It takes a village.”.

The news from Microsoft yesterday embodies that phrase in the best way possible.

“Organizations can improve their investigation efforts and reduce the time it takes to mitigate network-based threats by having better visibility into the endpoint activity happening at the network layer.

Per Microsoft,
Defender for Endpoint expands capabilities at the network layer
We are pleased to announce that Microsoft Defender for Endpoint has enhanced the way it addresses these attacks with deep packet inspection support through our newest open source integration with Zeek. This feature provides organizations with greater visibility into network signals across all Defender for Endpoint devices, giving security teams richer signals for advanced threat hunting, complete and accurate discovery of IoT devices, and more powerful detection and response capabilities.”

In the world of detection and response, the more actional data a team has, the better chance of success in preventing a breach.

We appreciate Microsoft’s continued willingness to embrace open-sourced projects and help the global cybersecurity community grow.