Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

December 2021

Elastic Security uncovers BLISTER malware campaign

The Elastic Security team identified a noteworthy cluster of malicious activity after reviewing our threat prevention telemetry. A valid code signing certificate is used to sign malware to help the attackers remain under the radar of the security community. We also discovered a novel malware loader used in the campaign, which we’ve named BLISTER. The majority of the malware samples observed have very low, or no, detections in VirusTotal.

The Log4j2 Vulnerability: What to know, tools to learn more, and how Elastic can help

Welcome to Elastic’s Log4j2 vulnerability information hub. Here we will explain what the specific Log4j2 vulnerability is, why it matters, and what tools and resources Elastic is providing to help negate the opportunity for malware exploits, cyberattacks, and other cybersecurity risks stemming from Log4j2.

DevSecOps trend accelerates: CIOs are changing who is responsible for cybersecurity

CIOs are remaking the IT function — no longer will security and developer teams be siloed. Recent survey data from 451 Research, part of S&P Global Market Intelligence, and published by Elastic shows a major shift in who is using application security tools, suggesting that DevSecOps is not just an idea, but a growing reality for IT decision makers. IT decision-makers allocated application security tools to 48% of development teams in 2020, compared to just 29% in 2015.

Elastic Security: LimitlessXDR. Unbounded Security.

Elastic Security has introduced the industry’s only free and open Limitless XDR solution. Now, native endpoint security comes on every host, automated detections prioritize the biggest risks, and universal data ingestion and centralized analysis accelerate analyst workflows across triage, investigation, escalation, and response. Join our keynote session to learn what unrestricted data ingestion, visibility, and analysis means for analysts, the impacts that key technology and cloud integrations have on security teams, and what the future with Limitless XDR looks like for organizations worldwide.

Elastic Security was recognized as a Customers' Choice in 2021 Gartner Peer Insights 'Voice of Customer': SIEM Report

Elastic has been recognized as a Customers’ Choice in the 2021 Gartner Peer Insights ‘Voice of the Customer’: Security Incident and Event Management (SIEM) report with an overall rating of 4.6 out of 5 based on 51 reviews as on November 25, 2021. The report combines the feedback and experiences of more than 51 Elastic Security customers on Gartner Peer Insights™. Elastic’s Willingness to Recommend score was 98% — the highest of all vendors included in the report.

Why the U.S. Government is scaling their cyber visibility practices with Elastic

Amid a growing network of endpoints to support telework and cloud-based applications, US federal civilian agencies are protecting government resilience and resources with a new Continuous Diagnostics and Mitigation Dashboard (CDM Dashboard) built on the Elastic search platform. At a recent MeriTalk Cyber Central: Defenders Unite event, participants learned about how Elastic, in partnership with ECS, enables security operations center (SOC) teams with cyber visibility at speed and scale.

Elastic Security 7.16: Accelerate SecOps with the most powerful Elastic Security yet

In Elastic Security 7.16, multiple new out-of-the-box data integrations for Elastic Agent streamline data ingestion and normalization, powering security operations. The release also introduces full production support for several existing data integrations. Version 7.16 introduces an expanded set of malicious behavior protections, addressing methods related to initial access, privilege escalation, and defense evasion.

Detecting and blocking unknown KnownDlls

This is the second in a two-part series discussing a still-unpatched userland Windows privilege escalation. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver. Part 1 of this blog series showed how to block these attacks via ACL hardening. If you haven’t already, please read the first part of this series, because it lays an important foundation for this article. Interested readers can also check out the excellent Unknown Known DLLs...