Skip to navigation Skip to main content Skip to footer

Research Blog

Insights and research from our global cybersecurity team.

Filter content

Reset filters

Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs

Liam Stevenson, Associate Director of Technical Services within NCC Group’s Managed Detection & Response division, shows how to derive significant cost efficiencies in SIEM platform consumption with smart log ingestion utilizing pre-processing data pipelines and modern cloud services. Doing so significantly reduces data volumes to the SIEM without loosing the residual value and accessibility of the underlying data.


Extending a Thinkst Canary to become an interactive honeypot

In this post we explore how to use the extensible nature of Thinkst Canary to build a high interaction honeypot.


Practical Machine Learning for Random (Filename) Detection

There is much hyperbole around machine learning and artificial intelligence in Managed Detection & Response. We detail when to apply and what reasonable results can be achieved on a specific real-world problem.