April 2023

Elastic Security in the open: Empowering security teams with prebuilt protections

Apr 28, 2023 By Kseniia Ignatovych, In Elastic

Elastic Security now comes with 1,100+ prebuilt detection rules for Elastic Security users to set up and get their detections and security monitoring going as soon as possible. Of these 1,100+ rules, more than 760 are SIEM detection rules considering multiple log-sources — with the rest running on endpoints utilizing Elastic Security for Endpoint.

Read Post

Elastic

Read more about Elastic Security in the open: Empowering security teams with prebuilt protections

Micro Lesson: Cloud SIEM Global Intelligence for Security Insights

Apr 28, 2023 By Sumo Logic In Sumo Logic

Learn about Sumo Logic's Global Intelligence for Security Insights system, which "crowdsources" cybersecurity information from customers around the globe to provide accurate confidence scores for security insights.

View Video

Sumo Logic

Read more about Micro Lesson: Cloud SIEM Global Intelligence for Security Insights

CS Brown Bag 4 25 Observability

Apr 26, 2023 By Sumo Logic In Sumo Logic

Brown Bag Session focused on security delivered by Pawel Dukat - April 25, 2023.

View Video

Sumo Logic

Read more about CS Brown Bag 4 25 Observability

Building a cybersecurity plan for the State and Local Cybersecurity Grant Program (SLCGP)

Apr 24, 2023 By Sean Torassa In Elastic

For state and tribal governments thinking about applying for — or that have already applied for — funding from the US federal State and Local Cybersecurity Grant Program (SLCGP) or Tribal Cybersecurity Grant Program (TCGP), you likely already know that building out a comprehensive cybersecurity plan is a required element in the process. If you’ve already submitted your application for fiscal year 2022 funding, you have until the end of September 2023 to submit your cybersecurity plan.

Read Post

Elastic

Read more about Building a cybersecurity plan for the State and Local Cybersecurity Grant Program (SLCGP)

People or AI?

Apr 24, 2023 By Jon Garside In Devo

Security teams are faced with relentless cyberattacks, and they cannot engineer defenses fast enough. SOC teams face limited visibility, insufficient context, and the inability to identify the threats that matter. Analysts are even more burned out, switching from tool to tool, frantically trying to make sense of what they are seeing.

Read Post

Devo

Read more about People or AI?

Enhance SOC workflows with Elastic Security and Recorded Future threat intelligence

Apr 21, 2023 By Marvin Ngoma In Elastic

Security teams today need to analyze vast amounts of data from various sources, including endpoints, cloud, applications, and user activity, just to mention a few. At the same time, adversary activity is also on the rise and the threat landscape is becoming more and more complex every day. Further exacerbating the situation, security teams are strapped for resources and unable to analyze the enormous amounts of data and security alerts they receive in real time.

Read Post

Elastic

Read more about Enhance SOC workflows with Elastic Security and Recorded Future threat intelligence

US National Security Deep Dive Pillars 2 and 3: Dismantle Threats and Shape Market Forces

Apr 21, 2023 By John Allison In Devo

Last time we looked at The US National Security Strategy Pillar 1: Defend Critical Infrastructure. Today, we are looking at Pillar 2: Disrupt and Dismantle Threat Actors and Pillar 3: Shape Market Forces to Drive Security Resilience. Preventing the attacks in Pillar 1 would not be necessary if the attackers were taken off the board.

Read Post

Devo

Read more about US National Security Deep Dive Pillars 2 and 3: Dismantle Threats and Shape Market Forces

How using Cloud SIEM dashboards and metrics for daily standups improves SOC efficiency

Apr 20, 2023 By Sumo Logic In Sumo Logic

When we talk about emerging technologies and digitization, we often forget that while innovators work to bring the best solutions to market, cybersecurity gurus are concurrently working to identify loopholes and vulnerabilities in these new systems. Gone are the days when cyber attacks were monthly news; instead, they happen almost daily.

Read Post

Sumo Logic

Read more about How using Cloud SIEM dashboards and metrics for daily standups improves SOC efficiency

Beyond the build: Why runtime security is critical for container protection

Apr 19, 2023 By Daniel Rohan In Elastic

Containers and microservices have changed the game: They allow organizations to ship apps faster and make better use of hardware. They encourage modular software design. And containers help teams embrace the cloud-native paradigms of scalability, mobility, and resilience. It’s safe to say that containers have shaken things up.

Read Post

Elastic

Read more about Beyond the build: Why runtime security is critical for container protection

Threat Hunting vs Incident Response for Cyber Resilience

Apr 18, 2023 By The Graylog Team In Graylog

Protecting data and protecting business continuity are both similar and different. In a data driven world, your mission as a security analyst is to prevent threat actors from gaining unauthorized access to sensitive data and systems. Simultaneously, you also need to investigate incidents rapidly, ensuring that critical services experience as little downtime as possible.

Read Post

Graylog

Read more about Threat Hunting vs Incident Response for Cyber Resilience

Automate common security tasks and stay ahead of threats with Datadog Workflows and Cloud SIEM

Apr 18, 2023 By Nicholas Thomson In Datadog

Detecting and remediating security threats is a constantly evolving concern for modern DevSecOps and security operations center (SOC) teams. Moreover, manually investigating and responding to vulnerabilities and threats is time-consuming, laborious, and knowledge-intensive.

Read Post

Datadog

Read more about Automate common security tasks and stay ahead of threats with Datadog Workflows and Cloud SIEM

Brown Bag Apr 18, 2023 - Security - Entity Groups

Apr 18, 2023 By Sumo Logic In Sumo Logic

How to Get Results faster in Sumo Cloud SIEM using Entity Groups presented by Laszlo Salamon.

View Video

Sumo Logic

Read more about Brown Bag Apr 18, 2023 - Security - Entity Groups

US National Cybersecurity Strategy Deep Dive: Defend Critical Infrastructure

Apr 12, 2023 By John Allison In Devo

This is the first post in a series on the pillars outlined in the new US National Cybersecurity Strategy. I review each pillar in turn, and then discuss how services such as Devo can help address the challenges outlined in that pillar.

Read Post

Devo

Read more about US National Cybersecurity Strategy Deep Dive: Defend Critical Infrastructure

geeks+gurus: Get real about cyber resilience

Apr 11, 2023 By Sumo Logic In Sumo Logic

Join our geeks+gurus of Sumo Logic for an interactive conversation on the current state of cybersecurity, Demonstrating value is vital. In this 25-minute conversation, Bob Layton and Chas Clawson will Get Real about Cyber Resilience. With uncertainty around a potential recession and IT budgets flattening, security teams are learning how to do more with less. Cyber attacks are becoming more complex and destructive, however, more pressure is being put on security leaders to be more efficient with their spending and to make the case for these critical investments.

View Video

Sumo Logic

Read more about geeks+gurus: Get real about cyber resilience

Threat Detection and Response: 5 Log Management Best Practices

Apr 10, 2023 By The Graylog Team In Graylog

In a world where attackers can move fast, security teams need to move faster. According to SANS research from 2022, adversaries can perform intrusion actions within a five-hour window. While analysts need the Millennium Falcon of security technologies that enable threat detection and response in under twelve parsecs, increasingly complex IT environments make the 1-10-60 Framework feel unachievable.

Read Post

Graylog

Read more about Threat Detection and Response: 5 Log Management Best Practices

Demystifying Elastic Security for Cloud and its capabilities

Apr 5, 2023 By Sneha Sachidananda In Elastic

It's no surprise that organizations are moving to the cloud to innovate — to meet the growing demands of their customers and digital transformation. Organizations want to build applications that are fast and scalable. They want to make use of the latest cloud-native capabilities like containers, orchestrators, microservices, APIs, and declarative infrastructure. However, this also means security in the cloud cannot be an afterthought.

Read Post

Elastic

Read more about Demystifying Elastic Security for Cloud and its capabilities

What is XDR? Is the security impact real or hyped?

Apr 4, 2023 By Dave Frampton In Sumo Logic

With so many overlapping and self-serving definitions of XDR (Extended Detection and Response), embracing the innovations in technology first require that we parse the alphabet soup. We agree with several industry analysts covering the space that XDR is a vendor push with no real customer demand, but the problem spaces within XDR are of significant customer interest. Consensus has emerged on a few XDR elements such as: cloud-native/SaaS, improved detection, and improved response.

Read Post

Sumo Logic

Read more about What is XDR? Is the security impact real or hyped?

Rogue AI is Your New Insider Threat

Apr 4, 2023 By Kayla Williams In Devo

When ChatGPT debuted in November 2022, it ushered in new points of view and sentiments around AI adoption. Workers from nearly every industry started to reimagine how they could accomplish daily tasks and execute their work — and the cybersecurity industry was no exception. Like shadow IT, new rogue AI tools — meaning AI tools that employees are adopting unbeknownst to the organization they work for — can pose security risks to your organization.

Read Post

Devo

Read more about Rogue AI is Your New Insider Threat

Banks are leveraging modern cloud security tools to mitigate human error

Apr 4, 2023 By Brandon Mavleos In Elastic

The efficiency, security, and scalability of cloud operations are driving financial institutions’ adoption of the technology faster than ever before. The ability to meet customers where they want to transact, personalize solutions, and leverage new data and analytics solutions (including AI) on-demand is driving this growth. In fact, according to Accenture, the banking industry's workloads in the cloud more than doubled from 2021 to 2022.

Read Post

Elastic

Read more about Banks are leveraging modern cloud security tools to mitigate human error

Elastic Expands Cloud Security Capabilities for AWS

Apr 3, 2023 By Elastic In Elastic

Launching CSPM, container workload security, and cloud vulnerability management to modernize cloud security operations.

Read Post

Elastic

Read more about Elastic Expands Cloud Security Capabilities for AWS

Elastic Global Threat Report Breakdown: Credential Access

Apr 3, 2023 By Devon Kerr In Elastic

In the second part of our breaking down the Elastic Global Threat Report series, we’re focusing on the credential access tactic, which was the third-most common category of behavior we observed. Roughly 10% of all techniques we saw involved one form of credential theft or another and dissecting this class of behaviors is helpful both to improve our understanding of threats and to better understand enterprise risks.

Read Post

Elastic

Read more about Elastic Global Threat Report Breakdown: Credential Access

Detecting the 3CX Supply Chain Attack with Graylog and Sigma Rules

Apr 3, 2023 By The Graylog Team In Graylog

According to reporting by several cybersecurity publications the 3CX Desktop Application has been exploited in a supply chain attack. The 3CX client is a popular VOIP and messaging application used by over 600,000 companies. From the article on Bleeping computer This supply chain attack, dubbed ‘SmoothOperator’ by SentinelOne, starts when the MSI installer is downloaded from 3CX’s website or an update is pushed to an already installed desktop application.

Read Post

Graylog

Read more about Detecting the 3CX Supply Chain Attack with Graylog and Sigma Rules

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2023

Elastic Security in the open: Empowering security teams with prebuilt protections

Micro Lesson: Cloud SIEM Global Intelligence for Security Insights

CS Brown Bag 4 25 Observability

Building a cybersecurity plan for the State and Local Cybersecurity Grant Program (SLCGP)

People or AI?

Enhance SOC workflows with Elastic Security and Recorded Future threat intelligence

US National Security Deep Dive Pillars 2 and 3: Dismantle Threats and Shape Market Forces

How using Cloud SIEM dashboards and metrics for daily standups improves SOC efficiency

Beyond the build: Why runtime security is critical for container protection

Threat Hunting vs Incident Response for Cyber Resilience

Automate common security tasks and stay ahead of threats with Datadog Workflows and Cloud SIEM

Brown Bag Apr 18, 2023 - Security - Entity Groups

US National Cybersecurity Strategy Deep Dive: Defend Critical Infrastructure

geeks+gurus: Get real about cyber resilience

Threat Detection and Response: 5 Log Management Best Practices

Demystifying Elastic Security for Cloud and its capabilities

What is XDR? Is the security impact real or hyped?

Rogue AI is Your New Insider Threat

Banks are leveraging modern cloud security tools to mitigate human error

Elastic Expands Cloud Security Capabilities for AWS

Elastic Global Threat Report Breakdown: Credential Access

Detecting the 3CX Supply Chain Attack with Graylog and Sigma Rules

Monthly Archive

Follow Us