Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

April 2024

sumologic

Inside the war room: Best practices learned from the Sumo Logic security incident

Apr 30, 2024 By Zoe Hawkins In Sumo Logic
In November 2023, Sumo Logic experienced a security incident. While no one wants to be a victim of a cyberattack, and we certainly learned a lot about things that we can do better in the future, our team was lauded by customers and media alike for how we handled the situation underscoring the importance of a good incident response plan. One of the core values at Sumo Logic is that we’re in it with our customers. But more broadly speaking, we’re in it with the InfoSec community.
Read Post
senseon

Why There's No Such Thing As a Low-Cost SIEM

Apr 29, 2024 By Isabel Carter In SenseOn
Staff time, log processing, and legacy issues can turn free, open-source or low-cost SIEMs into one of your organisation's most expensive investments. You're not alone if you're baulking at the idea of paying upwards of tens of thousands of pounds for a new or renewed SIEM licence. Many security decision-makers feel the same way. One survey showed that almost half (40%) of existing SIEM users feel like they are overpaying for their SIEM.
Read Post
senseon

What Goes Into the Cost of a SIEM?

Apr 29, 2024 By Isabel Carter In SenseOn
As we've covered before, SIEMs are an expensive tool. The average enterprise-level SIEM deployment costs over £15 million a year, and operating a small, 100 to 1000-seat SIEM will still run up bills of over £10k monthly. SIEMs create spiralling costs that eat security budgets. Without a skilled team operating them, they can also make organisations less secure despite receiving more information about their digital estates. But where do these SIEM costs come from?
Read Post
elastic

Elastic Security evolves into the first and only AI-driven security analytics solution

Apr 26, 2024 By Mike Nichols In Elastic
In our previous installation, we discussed the history of security information and event management (SIEM) solutions — from collection to organizational detections and finally to response and orchestration. Now, we are firmly in the SIEM 3.0 revolution and focused on applying generative AI to every applicable process in the security operations center with tremendous success.
Read Post
teramind

Using SIEM Integrations for Robust Cybersecurity

Apr 25, 2024 By Taran Soodan In Teramind
The average cost of a cyberattack in the United States is 9.5 million. With over 60% of businesses going bankrupt after experiencing a severe data breach, robust security measures to safeguard organizations’ digital assets and operations are urgently needed. A powerful tool gaining significant traction in addressing these challenges is Security Information and Event Management (SIEM).
Read Post
teramind

UEBA & SIEM: How They Differ & Work Together

Apr 23, 2024 By Taran Soodan In Teramind
Are your cybersecurity tools working together effectively? UEBA (User Entity Behavior Analytics) and SIEM (Security Information and Event Management) are two of the most potent cybersecurity solutions in modern organizations, but they serve very different purposes. UEBA identifies risky behaviors, while SIEM collects and analyzes security data across your network.
Read Post
sumologic

How AI will impact cybersecurity: the beginning of fifth-gen SIEM

Apr 16, 2024 By Christopher Beier In Sumo Logic
The power of artificial intelligence (AI) and machine learning (ML) is a double-edged sword — empowering cybercriminals and cybersecurity professionals alike. AI, particularly generative AI’s ability to automate tasks, extract information from vast amounts of data, and generate communications and media indistinguishable from the real thing, can all be used to enhance cyberattacks and campaigns.
Read Post
elastic

Zero Trust requires unified data

Apr 15, 2024 By Woody Walton, In Elastic
It’s vital to have a common understanding and shared context for complex technical topics. The previously adopted perimeter model of security has become outdated and inadequate. Zero Trust (ZT) is the current security model being designed and deployed across the US federal government. It’s important to point out that ZT is not a security solution itself. Instead, it’s a security methodology and framework that assumes threats exist both inside and outside of an environment.
Read Post
CrowdStrike

CrowdStrike Falcon Next-Gen SIEM Unveils Advanced Detection of Ransomware Targeting VMware ESXi Environments

Apr 15, 2024 By Christopher Miller In CrowdStrike
CrowdStrike Falcon Next-Gen SIEM, the definitive AI-native platform for detecting, investigating and hunting down threats, enables advanced detection of ransomware targeting VMware ESXi environments. CrowdStrike has observed numerous eCrime actors exploiting ESXi infrastructure to encrypt virtual machine volumes from the hypervisor to deploy ransomware in organizations. Access to ESXi infrastructure typically takes place as part of lateral movement.
Read Post

Top 5 Myths About API Security and What To Do Instead

Apr 15, 2024 By Graylog In Graylog
Discover the top five myths about API security and learn the effective strategies for protecting your digital assets. Understand why attacks are common, the limitations of perimeter security, and the importance of a zero trust model in this comprehensive overview. Uncover the realities of API security, from the prevalence of attacks to the challenges of relying on perimeter defenses. Learn why a zero trust approach and better developer engagement are key to robust API protection.
View Video
graylog

Three Ways To Remove Complexity in TDIR

Apr 11, 2024 By The Graylog Team In Graylog
Gartner identified security technology convergence as one of the key trends both in 2022 and 2023 as a necessity to remove complexity in the industry. Especially for Threat Detection and Incident Response (TDIR), simplification continues to resonate with cyber teams overwhelmed by too many tools and the continuous cutting and pasting from one tool to another.
Read Post

Graylog V6 and SOC Prime: Cyber Defense with MITRE Framework Webinar

Apr 11, 2024 By Graylog In Graylog
Insights from Graylog and SOC Prime Join us for an exclusive session where we unveil the integrations between Graylog, a comprehensive log management solution, and SIEM, and SOC Prime’s Platform for collective cyber defense. Discover how integrating these solutions transforms your approach to security, providing a robust foundation for crisis management and resilience against cyber threats.
View Video

Elastic Security | AI Assistant Demo

Apr 11, 2024 By Elastic In Elastic
Elastic AI Assistant can provide real-time, personalized alert insights — empowering security teams to stay one step ahead in the ever-evolving threat landscape. With the power of large language models (LLMs), the AI Assistant can process multiple alerts simultaneously, offering an unprecedented level of insight and customization. You can interact with your data by asking complex questions and receiving context-aware responses tailored to your needs. Watch this demo from James Spiteri, Director of Product Management at Elastic to see what's new in the Elastic AI Assistant in Elastic Security 8.12.
View Video
graylog

The Ultimate Guide to Sigma Rules

Apr 9, 2024 By Jeff Darrington In Graylog
In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.
Read Post
elastic

Tracing history: The generative AI revolution in SIEM

Apr 9, 2024 By Mike Nichols, In Elastic
The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.
Read Post
elastic

5 reasons why observability and security work well together

Apr 8, 2024 By Jennifer Ellard, In Elastic
Site reliability engineers (SREs) and security analysts — despite having very different roles — share a lot of the same goals. They both employ proactive monitoring and incident response strategies to identify and address potential issues before they become service impacting. They also both prioritize organizational stability and resilience, aiming to minimize downtime and disruptions.
Read Post

AT&T DDoS Defense Portal Email Alert Video

Apr 8, 2024 By LevelBlue In LevelBlue
In this video, you'll learn about AT&T DDoS Defense Service Alert Emails. We'll also give you an overview of the investigation process. For any high severity alerts, which are caused by traffic exceeding thresholds in protected zones, the DDoS Defense Service sends an alert email to your contacts. At the same time, a ticket is created for the AT&T Threat Management Team to investigate the alert.
View Video
devo

Does Your SIEM Offer Enough Flexibility? Questions to Ask

Apr 2, 2024 By Devo In Devo
When evaluating a SIEM, two key factors stand out: flexibility in data handling and open architecture. These two elements significantly enhance a platform’s efficiency and adaptability in managing cybersecurity threats. Whether you’re evaluating your current SIEM or looking for a more modern solution, here are five questions to ask to gauge its flexibility.
Read Post
sumologic

Responding to CVE-2024-3094 - Supply chain compromise of XZ Utils

Apr 1, 2024 By Anton Ovrutsky In Sumo Logic
It seems as though responders cannot catch a break when it comes to 0-day vulnerabilities and supply chain compromise avenues. On March 29th, 2024, the Cybersecurity & Infrastructure Security Agency published an alert regarding a supply chain compromise of the XZ Utils package. At time of writing, there is no information regarding exploitation of the vulnerability and follow-on post-compromise activity.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.