Despite implementing cybersecurity administrative and technical risk mitigation control, companies still experience cybersecurity incidents and data breaches. Not every security incident ends with data exfiltration. An organization that can contain the attacker early in the kill chain can prevent data loss and reduce the incident’s impact.

Elastic is pleased to announce that we have recently achieved the AWS Security Independent Software Vendor (ISV) Competency Partner status with specialization in Threat and Detection Response (SIEM, SOAR, and XDR). This recognition highlights our commitment to providing you, our customers, with advanced security capabilities that can help you protect your sensitive data and applications in the cloud.

Security information and event management (SIEM) tools do a huge amount of security heavy lifting. A central record of millions of events, security operation centres (SOCs) rely on SIEMs for everything from compliance to threat detection and response. But as anyone who has ever worked in a SOC will testify, SIEMs have blindspots and problems—lots of them (Read our Head of Technology, Brad Freeman’s account of using a SIEM).

More and more organizations are abandoning the outdated waterfall development methodology for more practical and efficient Agile development practices. As this movement has occurred, development teams are moving faster than ever by employing Continuous Integration (CI) and Continuous Deployment (CD) practices that are serving to shorten development cycles and get new features into production faster. This does, however, come with greater security risk in some respects.

As the volume and complexity of cyber threats continue to increase, security analysts face mounting pressure to protect their organizations from attack with maximum efficiency. Elastic Security 8.8 introduces features designed to help analysts digest, prioritize, and quickly respond to security incidents. These features include the following: Elastic Security 8.8 is available on Elastic Cloud — the only hosted Elasticsearch offering to include all of the new features in this latest release.

Generative AI models have a long history in artificial intelligence (AI). It all started back in the 1950s with Hidden Markov Models and Gaussian Mixture Models, and it really evolved with the advent of Deep Learning. In the past five years alone, we have gone from models with several millions of parameters to the latest being GPT-4, estimated to have over 100 trillion parameters.

Every year, Australians lose over $6 billion due to financial fraud and cybercrime , so it is great to see the collaboration between banks in Australia to fight fraudsters head-on with the help of the Fraud Reporting Exchange (FRX ). The FRX is a trusted, secure, single platform providing timely and efficient means of reporting and actioning fraudulent (including scam) activities between banks.

Doral, Florida UTMStack, a leading innovator in cybersecurity solutions, has announced a significant breakthrough in the field of cybersecurity – an Artificial Intelligence (AI) system that performs the job of a security analyst, promising to transform cybersecurity practices forever.

The cybersecurity industry is extremely dynamic and always finds a way to accommodate the latest and best technologies available into its systems. There are two major reasons: one, because cyberattacks are constantly evolving and organizations need to have the cutting edge technologies in place to detect sophisticated attacks; and two, because of the complexity of the network architecture of many organizations.

The Biden Administration’s recent moves to promote “responsible innovation” in artificial intelligence may not fully satiate the appetites of AI enthusiasts or defuse the fears of AI skeptics. But the moves do appear to at least start to form a long-awaited framework for the ongoing development of one of the more controversial technologies impacting people’s daily lives. The May 4 announcement included three pieces of news.

As cloud technology continues to be a cornerstone of modern businesses and organizations, securing cloud environments has become more crucial than ever. Enter cloud security posture management (CSPM), a proactive approach to ensuring the security of cloud infrastructures. With CSPM, organizations can continuously monitor, assess, and remediate potential vulnerabilities and misconfigurations in their cloud environments. But when choosing a CSPM solution, is open source the way to go?

David Bowie once sang, “ch-ch-ch-changes, turn and face the strange.” While the changes to ISO 27000-series may look strange, they’re primarily a configuration and modernization of the same standard you already know. The standard’s format looks entirely different, but most of your current controls will remain the same.

In today’s digital landscape, businesses face a multitude of regulatory requirements designed to safeguard sensitive data and protect individuals’ privacy. Compliance with regulations such as HIPAA, GLBA, CMMC, PCI, and others has become paramount, making it essential for organizations to have robust log management solutions in place.

I often see “EDR” used as a synonym for “industry-leading endpoint security solution.” There are times when this is accurate, but there are also times when I believe that this generalization stymies discourse around current capability gaps in the endpoint security ecosystem. In this blog post, I want to share my personal taxonomy for endpoint security products — albeit one that perhaps confusingly reuses existing terminology.

2022 was a year of dramatic expansion for The Devo Platform. The enhancements of behavior analytics, workflow automation, and AI-driven threat detection have transformed the Devo Platform into a cloud-native, SIEM, UEBA, and SOAR solution. This gives security teams the visibility, high performance, and advanced analytics they need to respond quickly to threats and protect the business.

The CISO role has evolved in recent years. CISO’s don’t come just from technical and security backgrounds anymore. Each organization has their own distinct vision for how to solve their security needs whether they are customer, regulatory, or industry driven. I started out my career as an external auditor, with the goal of becoming a CFO.

Welcome to our technical blog, where we’ll be diving into the world of Graylog and how you can secure your Graylog Server with Transport Layer Security (TLS). As an admin or a tech-savvy user, you know the importance of protecting your Graylog Server and the logs it manages from unauthorized access.

Kubernetes, and containerization in general, has a wealth of benefits for many teams operating cloud-native applications. From a threat detection standpoint, however, it is often difficult for newcomers to this space to gain the relevant hands-on experience without trampling over production environments. The Sumo Logic team has previously authored articles on Kubernetes DevSecOps vulnerabilities and best practices as well as Kubernetes logging and monitoring.

In life, you get a lot of different alerts. Your bank may send emails or texts about normal account activities, like privacy notices, product updates, or account statements. It also sends alerts when someone fraudulently makes a purchase with your credit card. You can ignore most of the normal messages, but you need to pay attention to the fraud alerts. Security is the same way.

Over the past twenty years, security information and event management (SIEM) platforms have been one of the key solutions for cybersecurity management, as they help security teams centralize attack and threat detection activities. The cybersecurity industry is now shifting towards a new type of solution known as extended detection and response (XDR). As the two technologies are similar and have overlapping capabilities, many people still don’t know how they differ.

Achieving and maintaining Cybersecurity Maturity Model Certification (CMMC) compliance is a critical requirement for organizations operating within the defense industrial base. As a comprehensive SIEM solution, UTMStack offers advanced features and capabilities that not only streamline the compliance process but also inspire confidence in security and protection.

Security information and event management (SIEM) systems are crucial to cyber security, providing a solution for collecting and analyzing alerts from all manner of security tools, network infrastructure, and applications. But simply having a SIEM is not enough because to be truly effective, it must be properly configured, managed, and monitored 24x7.

Security engineering teams spend hours every week tuning their security information and event management (SIEM) systems to ensure that they are effective at detecting security threats and minimizing false positives. Such “tuning tax” is common as customers add new SIEM rules to cope with rapidly changing threat landscape and attacker tactics and as their attack surface evolves through automated changes to their application and infrastructure stacks.

Industrial control systems (ICS) have historically been isolated and less interconnected. Isolation was one of the things that kept these systems more secure behind air gaps, at the cost of lost coordination and collaboration. This is rapidly changing with the rise of Industry 4.0 with increased interconnectivity and integration of smart technologies like Industrial IoT (IIoT) and cloud computing in modern industrial processes.

The first three pillars of the National Cyber Security Strategy focused on activities that could be accomplished in the near term–perhaps within a few years. The last two pillars start looking at some challenges that we need to address now.