Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

May 2024

elastic

Reducing false positives with automated SIEM investigations from Elastic and Tines

May 31, 2024 By Aaron Jewitt In Elastic
One of the biggest SIEM management problems SOC teams face is that they are often overwhelmed by false positives, leading to analyst fatigue and visibility gaps. In addition to that, one of the toughest challenges in security is detecting when SaaS access tokens are compromised without adding to the false positive problem. At Elastic, the InfoSec team tackles both of these issues by automating SIEM alert investigations with tools like Tines.
Read Post
Sponsored Post
eventsentry

EventSentry 5.1.1.104: Security, Security, Security!

May 30, 2024 By ingmar.koecher In EventSentry
Everybody wants to have a more secure network – and everybody has various tools at their disposal to at least improve the security of their network. But which tool is the best for the job, and where do you start? The answer to this question is somewhat easier (and more structured) for organizations that have to adhere to compliance frameworks (ISO, CMMC, PCI, SOC, …), but a little harder for business that have no such requirements.
Read Post
elastic

Elastic Security shines in Malware Protection Test by AV-Comparatives

May 30, 2024 By Jamie Hynds, In Elastic
Real-world malware 100% protection with zero false positives Elastic Security has achieved remarkable results in the recent AV-Comparatives Malware Protection Test, with a protection rate of 100% and no false positives against real-world malware samples. This independent assessment underscores our commitment to providing world-class malware protection, with zero false positives and zero user impact.
Read Post
Torq

Escape SIEM LockIn Unleash a Multi-SIEM Strategy with Hyperautomation

May 30, 2024 By Torq In Torq
If you are a cybersecurity professional, it’s hard to ignore the recent shift in the SIEM landscape unless you’ve been living under a rock… or more likely, under the crushing weight of terabytes worth of disconnected SIEM logs. Let’s catch everyone up to speed anyway.
Read Post
sumologic

What's going on? The power of normalization in Cloud SIEM

May 30, 2024 By Anton Ovrutsky In Sumo Logic
Many of us in the information security sphere have sat in front of a console and furiously executed various queries while either mumbling internally or externally, with varying levels of stress and frustration: what is going on? When investigating a particular system, an odd event, or a declared incident, we are all attempting to answer this question in one way or another. Detections, documented threat hunts and security operations procedures do not manifest out of thin air.
Read Post
graylog

Threat Detection and Incident Response with MITRE ATT&CK and Sigma Rules

May 29, 2024 By Jeff Darrington In Graylog
Being a security analyst tracking down threats can feel like being the Wile E. Coyote to an attacker’s Road Runner. You’re fast, but they’re faster. You set up alerts, but they still manage to get past your defenses. You’re monitoring systems, but they’re still able to hide their criminal activities.
Read Post
graylog

Understanding Broken Function Level Authorization

May 28, 2024 By The Graylog Team In Graylog
Application Programming Interfaces (APIs) allow your applications to talk to one another, like an application-to-application iMessage or Signal. If you’ve ever texted a message to the wrong group chat, you’ve created a situation that mimics what broken function level authentication does between users and applications.
Read Post
graylog

Monitoring for PCI DSS 4.0 Compliance

May 23, 2024 By The Graylog Team In Graylog
Any company that processes payments knows the pain of an audit under the Payment Card Industry Data Security Standard (PCI DSS). Although the original PCI DSS had gone through various updates, the Payment Card Industry Security Standards Council (PCI SSC) took feedback from the global payments industry to address evolving security needs.
Read Post
devo

Navigating the Cyber Landscape Today: 5 Tips for CISOs by CISOs

May 22, 2024 By Devo In Devo
The stakes are higher than ever for CISOs. Just one breach can be catastrophic for an organization, and new rules and regulations add even more pressure. We surveyed 200 CISOs on the current landscape, and asked a handful of them for advice on how to overcome today’s challenges. Here are some of the key recommendations for CISOs who are navigating today’s cyber landscape.
Read Post
CrowdStrike

Unlocking SOC Superpowers: How Next-Gen SIEM Transforms Your Team

May 22, 2024 By Kasey Cross In CrowdStrike
CrowdStrike Falcon Next-Gen SIEM transcends the limitations of legacy SIEMs so you can detect and stop breaches faster than ever. It accomplishes this feat in part by upleveling every member of your SOC. Falcon Next-Gen SIEM helps security engineers streamline deployment by providing a growing set of data connectors and the key data they need already in the CrowdStrike Falcon platform. Security analysts, empowered with generative AI and automation, can navigate complex investigations.
Read Post
sumologic

Was RSA Conference AI-washed or is AI in cybersecurity real?

May 21, 2024 By Manny Lopez In Sumo Logic
RSA Conference, held annually in San Francisco in the spring, defines itself as an information security event that connects industry leaders and highly relevant information. 50,000 people attended in 2024, and of course, the Sumo Logic team was there to offer insights and to learn from others at the conference. During a LinkedIn Live from the show, Sumo Logic VP of Product Marketing Michael Cucchi talked about the show floor being noisy and repetitive.
Read Post
sumologic

How to navigate the rapid changes and consolidation in the SIEM and security analytics market

May 17, 2024 By Chas Clawson In Sumo Logic
The security solutions landscape is evolving at a breakneck pace, with significant acquisitions reshaping the market. Notably, Palo Alto Networks has acquired IBM's QRadar product line, and Exabeam and LogRhythm have announced their merger. These moves echo Cisco's previous acquisition of Splunk, highlighting a trend where major players like AWS, Microsoft, Cisco, Palo Alto Networks, and CrowdStrike are consolidating their positions in the SIEM and security analytics space.
Read Post
elastic

Rolling your own Detections as Code with Elastic Security

May 14, 2024 By Mika Ayenson, In Elastic
From its beginning, the Elastic detection-rules repo not only contained Elastic’s prebuilt detection rules, but also additional tooling for detection rule management — like a suite of tests, CLI commands, and automation scripts used by the Elastic Threat Research and Detection Engineering (TRaDE) team.
Read Post
splunk

Splunk Named a Leader in the Gartner Magic Quadrant for SIEM

May 14, 2024 By Olivia Henderson In Splunk
Splunk has been named a Leader in the 2024 Gartner Magic Quadrant for Security Information and Event Management (SIEM), which is the tenth consecutive time for Splunk in the Leaders Quadrant. We are incredibly honored to receive this recognition and are grateful to our customers and partner community for making this recognition possible.
Read Post
sumologic

A Challenger in the 2024 Gartner Magic Quadrant for Security Information and Event Management

May 13, 2024 By Christopher Beier In Sumo Logic
In the high-stakes world of cybersecurity, complacency can spell disaster. At Sumo Logic, we don’t just adapt to the evolving threat landscape; we redefine it. Sumo Logic was recognized as a Challenger in the 2024 Gartner Magic Quadrant for Security Information and Event Management. This recent positioning reflects our Ability to Execute and Completeness of Vision. We believe this isn't just a recognition. Challenge accepted! In 2021 and 2022, Sumo Logic was recognized as a Visionary.
Read Post

o9 Solutions: Optimizing Security Operations with Elastic

May 13, 2024 By Elastic In Elastic
O9 Solutions leverages Elastic for both Observability and Security Operations Center (SOC) purposes. Initially employed for performance monitoring, Elastic's integration with O9's security stack has provided comprehensive visibility into potential threats and anomalies within their environment. This integration extends across various platforms such as Google, AWS, Active Directory, WEF, and HDR, enabling correlation and consolidated dashboard views for decision-making.
View Video
devo

Deciphering the SIEM Puzzle: How to Choose the Ideal Solution

May 13, 2024 By Devo In Devo
Register for the Webinar Large-scale cyber breaches continue to dominate headlines, amplifying the damaging ramifications of failing to secure your organization. Even with a substantial investment in your SOC, outcomes continue to fall short of promises. Breaches lead to massive data leaks, steep financial losses, and tarnished reputations, underscoring the urgent need for effective SIEM technology.
Read Post
graylog

What is the MITRE ATT&CK framework?

May 9, 2024 By Jeff Darrington In Graylog
As a kid, treasure hunts were fun. Someone gave you clues and a map so you could hunt down whatever hidden item they left for you. However, as a security analyst, your incident investigations often have clues but lack a map. An alert fires. You search through your vast collection of log data. You hope to find the next clue while trying to figure out the attacker’s next steps.
Read Post

AI-driven Security Analytics: Attack Discovery Demo

May 9, 2024 By Elastic In Elastic
Powered by the Elastic Search AI platform, Attack Discovery triages hundreds of alerts down to a few attacks that matter. Elastic’s AI-driven security analytics is built on the Search AI platform, which includes RAG powered by the industry's foremost search technology. The traditional SIEM will be replaced by an AI-driven security analytics solution for the modern SOC. Additional Resources.
View Video

Falcon NG-SIEM Streamline The SOC: Demo Drill Down

May 9, 2024 By CrowdStrike In CrowdStrike
When adversaries infiltrate your organiztion you can leverage AI to speed up the investigation time and how you can leverage automation to respond to attacks. Watch to learn how NG-SIEM allows you to streamline your SOC. CrowdStrike Falcon Next-Gen SIEM: Consolidate security operations with the world’s most complete AI-native SOC platform.
View Video

Falcon NG-SIEM AI Assisted Investigation: Demo Drill Down

May 9, 2024 By CrowdStrike In CrowdStrike
With today's adversaries moving faster than ever, you need an AI-Native platform to stay one step ahead. Watch to learn how Falcon NG-SIEM platform simplifies investigations and uncovers adversaries with ease. CrowdStrike Falcon Next-Gen SIEM: Consolidate security operations with the world’s most complete AI-native SOC platform.
View Video
elastic

Elastic integrates Anthropic's Claude 3 models to enhance AI-driven security analytics

May 8, 2024 By Dhrumil Patel, In Elastic
For security analysts navigating an increasingly complex threat landscape, the ability to quickly identify and respond to attacks is critical. Security information and event management (SIEM) tools have been integral to helping security teams quickly respond to attacks. Now, in the era of generative AI, Elastic is changing the game by delivering AI-driven security analytics to replace SIEM and modernize the SOC.
Read Post

Many sources, one truth: Applying DevSecOps best practices

May 7, 2024 By Sumo Logic In Sumo Logic
It’s no secret threat actors, and cloud attacks have evolved, yet traditional security responses have languished, much to the detriment of many organizations. In this session, Cas Clawson, Field CTO for Security at Sumo Logic, will explore cloud threat detection challenges and how to do it better using a real-world incident response example, leveraging a single source of truth, breaking down team silos, and utilizing the best practices with DevSecOps.
View Video

Implications of AI in a modern defense strategy

May 7, 2024 By Sumo Logic In Sumo Logic
In today's rapidly evolving landscape of cybersecurity, the integration of artificial intelligence (AI) presents both unprecedented opportunities and complex challenges. Understanding the implications of AI in modern defense strategies is paramount for organizations seeking to safeguard their digital assets against emerging threats. In this Q&A, Chas Clawson, Sumo Logic's Field CTO, Security, shares insights on defending against AI-enabled adversaries and how to integrate AI-driven technologies into security strategies and frameworks.
View Video
Corelight

Next-Generation SIEM: Corelight is the Data of Choice

May 7, 2024 By Todd Wingler In Corelight
For years, the mantra for achieving visibility into potential threats has been the trio of EDR, NDR, and SIEM. These components form the foundation of a robust security posture, with EDR and NDR offering the depth and breadth needed to monitor activities across endpoints and networks.
Read Post
graylog

From the Desk Of the VP of Product - Delivering on the Promises of SIEM

May 7, 2024 By The Graylog Product Team In Graylog
I’m thrilled to share some incredibly exciting news – Graylog’s v6.0 is officially here! It’s been quite the journey getting to this point, filled with late nights, endless cups of coffee, and an unwavering commitment from our amazing team. As we unveil this latest version, I can’t help but reflect on how far SIEM technology has come over the past two decades. Gone are the days when Intellitactics and NetForensics reigned supreme.
Read Post
elastic

Elastic and AWS deliver on AI-driven security analytics

May 6, 2024 By Dhrumil Patel, In Elastic
Amazon Bedrock and Elastic’s Attack Discovery automate security analyst workflows As cyber threats grow increasingly sophisticated, the need for highly effective security measures becomes imperative. Traditional SIEMs aren’t equipped to address threats fast enough because they rely on too many manual and labor-intensive tasks. AI-driven security analytics from Elastic’s Search AI platform solves these challenges.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.