Initially, Security Information and Event Management (SIEM) solutions were readily adopted because of their capability to provide actionable insights into the deep corners of an organization’s network. Legacy SIEM systems helped in understanding when and where security incidents are happening in real-time. Soon enough, these SIEM systems faced an avalanche of false positives, and they required a dedicated team to filter out irrelevant alerts.

Since NIST Cybersecurity Framework is the best solution for better prevention, detection, and response to cybersecurity incidents, various organizations have adopted it to safeguard their IT assets. The 2019 SANS OT/ICS Cybersecurity Survey spells out the NIST CSF as the number one cybersecurity framework in use today. However, it is imperative to consider that how should we comply with NIST CSF in 2020 and beyond? Here is some help!

Does your organization consider working with a MSSP? Don’t make a commitment before reading our article about how to choose the right MSSP for you! Regardless of the reason why you decide to work with an MSSP, you must be very careful and fastidious when selecting a MSSP for your organization. In this article, we will discuss what you need to consider before making a commitment.

The Cyber Kill Chain offers a comprehensive framework as a part of the Intelligence Driven Defense model. In this article, we will discuss what the cyber kill chain is and what its steps are. Cyber intrusions are the worst nightmare of many of us. That is why many cyber security professionals and developers offer unique solutions for the identification and prevention of cyber intrusions activity. Being one of those developers, Lockheed Martin has brought the Cyber Kill Chain into our lives.

CARTA (Continuous Adaptive Risk and Trust Assessment) is a novel and efficient approach to the IT security that aims to offer additional context for the cybersecurity professionals when they are making a decision. Keep reading to learn more! CARTA (Continuous Adaptive Risk and Trust Assessment) was introduced in 2017 by Gartner. Being around for only 3 years, CARTA offers a strategic and efficient approach to the IT security.

If you are in the IT and/or cybersecurity, you must have heard of MITRE ATT&CK framework at least once but do you actually know what it is? Keep reading to learn! The ATT&CK network is developed by the MITRE Corp roughly seven years ago to offer crucial information, support and threat tactics to those who work in cyber security. ATT&CK framework is a living document that grows and gets updated every day.

Secure Shell (abbreviated as SSH) is a network protocol that aims to offer an extra layer of protection. In this article, we will discuss how you can ensure the security of your network using SSH. Keep reading to learn more! With the advancements in technology, many business processes we carry out today heavily relies on the internet, online tools and connected devices.

Log data plays an unparalleled role in the operation and functioning of a SIEM solution. Or in other words, logs are intrinsic for an effective SIEM solution. Without incoming log data from a variety of different sources in your IT infrastructure, a SIEM essentially becomes useless. In our previous posts, we have explored a variety of features of Logsign SIEM concerning dashboards, reports, search queries, alerts, and behavior definitions.

Security Information and Event Management (SIEM) tools play a vital role in helping your organization in discovering threats and analyzing security incidents. Logsign’s internal team continuously makes correlation rules and alerts so that your team’s workload is minimized. In our previous posts, we discussed generating important reports and deriving maximum possible benefits from use cases. In this article, we will be discussing SIEM alerts best practices.

Effective logging of events and activities in an organization’s technical infrastructure exponentially boosts the capabilities of its SIEM solution. In this article, we explore how logs are leveraged in a SIEM solution. First off, log entries can be helpful for multiple purposes such as security, performance analysis, troubleshooting, etc. Considering the size of a modern enterprise’s IT technical infrastructure, monitoring the network alone is not a favorable approach.