Knowledge Library

Security Intelligence
For Practitioners.

White papers, case studies, threat research, and free tools — built by SPS analysts from real-world engagements across the Middle East and South Asia.

Research

White Papers

Request Custom Research →
White Paper
State of Cyber Threats in the Middle East: 2025 Annual Threat Intelligence Report
Comprehensive analysis of threat actor activity targeting Gulf Cooperation Council member states. Covers APT group targeting, sector-specific threat trends, and defensive recommendations from SPS SOC telemetry across 14 client environments.
48 pages · Jan 2025 Download →
White Paper
Identity as the New Perimeter: Integrating IAM with Your SOC
Technical guide on closing the identity security gap in enterprise SOC operations. Covers SIEM-to-IAM integration patterns, MYID Self Verify deployment, and closed-loop identity threat response workflows.
32 pages · Nov 2024 Download →
White Paper
Ransomware Resilience: A Practitioner's Defense Guide for South Asian Enterprises
Tactical playbook for defending against modern ransomware operators. Based on SPS incident response engagements. Covers pre-breach hardening, detection engineering, and post-incident recovery architecture.
41 pages · Sep 2024 Download →
White Paper
OT/ICS Security in the Gulf: Securing Critical Infrastructure Against Nation-State Threats
Analysis of threats to operational technology environments in the energy, water, and utilities sectors across GCC countries. Includes IEC 62443 implementation guidance and IT/OT segmentation architecture patterns.
55 pages · Aug 2024 Download →
White Paper
Cloud Misconfiguration: The Hidden Attack Surface in Azure and AWS Deployments
Data from 120+ cloud security assessments revealing the most common and dangerous misconfigurations found in enterprise AWS and Azure environments, with remediation priority guidance and CIS Benchmark mapping.
29 pages · Jul 2024 Download →
White Paper
Building a Tier 2 SOC: Transitioning from Alert Triage to Threat Hunting
Operational guide for security leaders looking to mature their SOC capabilities. Covers people, process, and technology requirements for proactive threat hunting, including tooling recommendations and MITRE ATT&CK coverage mapping.
38 pages · May 2024 Download →

Proof Points

Case Studies

Case Study
Major Regional Bank: SOC Transformation and 94% Alert Noise Reduction
A top-5 bank in the GCC was drowning in SIEM alerts — 40,000 per day, 99.3% false positives. SPS deployed a tuned QRadar environment with custom use cases, reducing actionable alerts to under 2,400 per day while improving true positive detection rate by 340%. Identity threat detection via MYID Self Verify integration blocked 3 account takeover campaigns in the first 90 days.
IBM QRadar MYID Self Verify SOC as a Service
Financial Services · GCC · 2024 Read Case Study →
Case Study
National Utility: OT/ICS VAPT Uncovers Critical SCADA Vulnerabilities Before Attacker Does
A national power generation authority commissioned SPS for their first-ever OT security assessment. Our team discovered an unauthenticated path from the corporate network to PLC management interfaces, a hardcoded vendor backdoor in HMI software, and 7 additional critical vulnerabilities — none visible to their existing IT security tools.
OT/ICS VAPT SCADA Critical Infrastructure
Energy Sector · South Asia · 2024 Read Case Study →
Case Study
Telecom Provider: Cyber Range Training Cuts Incident Response Time by 60%
Pakistan's second-largest mobile operator enrolled 45 SOC analysts in SPS's Cyber Range training program. After three months of structured scenario-based training, mean time to detect dropped from 47 minutes to 18 minutes, and mean time to respond from 4.2 hours to 1.7 hours. Zero major incidents were mishandled in the 6 months following training.
Cyber Range SOC Training Incident Response
Telecommunications · Pakistan · 2024 Read Case Study →
Case Study
E-Commerce Platform: Red Team Exposes Full Account Takeover Path via Forgotten Staging Server
During a 3-week red team engagement for a regional e-commerce leader, SPS discovered a forgotten staging environment exposed to the internet, used it to harvest production admin credentials, and achieved full database access — including 2.3 million customer records — without triggering a single SIEM alert. Entire attack chain documented and remediated.
Red Team Web App Testing Data Exposure
Retail/E-Commerce · UAE · 2023 Read Case Study →

Security Intelligence

From the SPS Blog

01
Threat Intelligence
APT34 (OilRig) Returns: New Backdoor Targeting Gulf Financial Institutions
SPS threat intelligence analysts have identified a new OilRig campaign using a previously undocumented backdoor delivered via spear phishing. We break down the TTPs, IOCs, and detection guidance.
March 18, 2025 · 12 min read
02
SOC Operations
Why Your SOC's False Positive Rate is a Strategic Problem, Not a Technical One
Alert fatigue kills SOCs — not attackers. We examine the organizational and process failures that lead to noise accumulation and share the playbook we use to bring clients below 1% false positive rates.
March 5, 2025 · 9 min read
03
Identity Security
The 4-Minute Response: How MYID Self Verify Closes Identity Offenses Before Analysts Finish Coffee
A walkthrough of the QRadar-to-MYID integration that enables sub-5-minute identity threat response without analyst intervention. Real data from production SOC environments.
Feb 21, 2025 · 7 min read
04
Red Team
Kerberoasting in 2025: Why Active Directory Attacks Still Work Against 80% of Enterprises
Despite years of guidance, most enterprise AD environments remain trivially vulnerable to Kerberoasting and DCSync attacks. Our red team lead explains what defenders keep getting wrong.
Feb 10, 2025 · 15 min read
05
Cloud Security
20 AWS Misconfigurations We Find on Every Cloud Assessment
Data-driven analysis from 120+ AWS security assessments. IMDSv1 abuse, overpermissive instance profiles, public S3 buckets — the same mistakes, the same consequences. With detection and fix guidance.
Jan 28, 2025 · 11 min read
06
Compliance
NCA ECC and SAMA CSF: A Technical Mapping for Security Operations Teams
Detailed technical mapping of Saudi Arabia's NCA Essential Cybersecurity Controls and SAMA Cybersecurity Framework to SIEM use cases, detection rules, and SOC operational procedures.
Jan 14, 2025 · 18 min read

Newsletter

Threat Intel Weekly

Join 4,200+ security professionals receiving our weekly digest of regional threat intelligence, detection engineering content, and SOC operational guidance.

No spam. Unsubscribe any time. Sent every Tuesday.

Popular Topics

Threat Intelligence SOC Operations Red Team DFIR Cloud Security Identity Security Compliance OT/ICS MITRE ATT&CK Active Directory

Free Resources

Free Security Tools and Templates

🔍

SOC Maturity Assessment Tool

Self-assessment questionnaire covering people, process, and technology dimensions of SOC capability. Benchmarked against 200+ SPS-audited environments. Generates scored report with gap analysis.

SOCAssessmentFree
Access Tool →
📋

Incident Response Runbook Templates

10 fully documented incident response runbooks covering ransomware, credential theft, DDoS, insider threat, and more. Used by SPS SOC analysts in production environments.

IR RunbooksTemplatesFree
Download →
🗺️

MITRE ATT&CK Coverage Calculator

Map your existing SIEM detection rules to MITRE ATT&CK techniques and visualize your coverage gaps. Export as heatmap or CSV for reporting to leadership.

MITRE ATT&CKDetectionFree
Access Tool →

Cloud Security Checklist: AWS and Azure

150-point security checklist for AWS and Azure environments. Aligned to CIS Benchmarks v2.0 and covering IAM, networking, compute, storage, and monitoring. Excel and PDF formats.

CloudCIS BenchmarksFree
Download →
🎯

Penetration Test Scoping Worksheet

Professional scoping worksheet used by SPS engagement managers to define scope, rules of engagement, testing windows, and success criteria for VAPT engagements. Saves days of back-and-forth.

VAPTScopingFree
Download →
📊

Security KPI Dashboard Template

PowerBI and Excel templates for tracking 25 core security KPIs — MTTD, MTTR, patch compliance, vulnerability aging, alert volume trends, and more. Ready to present to C-suite.

KPIsDashboardFree
Download →

MYID Self Verify

Free Trial — Identity Security Platform

Experience MYID Self Verify in a controlled lab environment. Real IBM Security Verify integration, real QRadar offense simulation, real identity threat response — no production risk.

Start Free Trial ↗ Learn More ↗