Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

September 2024

veriato

Is IAM, SIEM, and DLP Enough to Combat Insider Risk?

Sep 30, 2024 By Veriato Team In Veriato
Despite significant investments in cybersecurity tools like Identity and Access Management (IAM), Security Information and Event Management (SIEM), and Data Loss Prevention (DLP), insider risks continue to grow. Why? These tools primarily focus on actions, logs, and event recognition rather than taking a deep, sophisticated approach to understanding human behavior over time. Insider threats—whether from negligence, malicious intent, or compromised users—are notoriously difficult to detect.
Read Post
elastic

Faster threat detection, stronger security: The Kibana advantage

Sep 30, 2024 By Jordyn Short, In Elastic
In the world of security, every second counts. A shorter mean time to detect (MTTD) translates to less damage, increased customer trust, and a greater likelihood of securing cybersecurity support. An important factor in achieving this rapid response is the power of an intuitive and user-friendly interface.
Read Post

This Month in Datadog: New Cloud SIEM Content Packs, Anthropic integration, Metrics Volume, and more

Sep 30, 2024 By Datadog In Datadog
Datadog is constantly elevating the approach to cloud monitoring and security. This Month in Datadog updates you on our newest product features, announcements, resources, and events. This month, we put the Spotlight on new Cloud SIEM Content Packs..
View Video
datadog

Monitor Slack audit logs with Datadog Cloud SIEM

Sep 27, 2024 By Vera Chan In Datadog
Millions of enterprise users rely on Slack every day as their primary tool for instant communications and information sharing. Because of its central role in operations, Slack inevitably handles sensitive data and critical business information—which also makes it a high-value target for attackers. For this reason, it’s critically important for security teams to detect and respond to security threats against Slack.
Read Post
graylog

What is NIST 800-53?

Sep 27, 2024 By Jeff Darrington In Graylog
Imagine compliance is like a driving application. You know your location and you plug in the destination address, then it shows you the route’s overview. If you want a more specific map, you can zoom in a bit and get more details. Similarly, the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) and it’s most recent revision provide the overview roadmap for your compliance journey.
Read Post
sumologic

Being forced to migrate from IBM QRadar to PAN XSIAM? Know the pitfalls

Sep 26, 2024 By Vaishnavi Shyamkrishnan In Sumo Logic
Palo Alto Networks acquired IBM QRadar SaaS assets, leaving several organizations in limbo and uncertain about the future of their security information and event management (SIEM). Security teams grapple with a complex and potentially disruptive transition as Palo Alto Networks pushes and even mandates migration to its relatively new XSIAM platform.
Read Post
devo

Navigating the SIEM Consolidation: Key Questions

Sep 25, 2024 By Devo In Devo
The SIEM market is in flux. Mergers, acquisitions, and vendors leaving the space are creating uncertainty for organizations that rely on SIEMs as the cornerstone of their security operations. If your organization is feeling the ripple effects of this consolidation, it’s time for a SIEM checkup. This means critically examining your current SIEM stack and vendor relationship to ensure they’re still serving your evolving security needs.
Read Post
graylog

Logs in a SIEM: The Liquid Gold of Cybersecurity

Sep 25, 2024 By Jeff Darrington In Graylog
Devices, applications, and systems logs are needed to detect, analyze, and mitigate cybersecurity threats. Logs in a SIEM are like gold; they are both valuable. Gold is part of the economy, and logs are part of the IT ecosystem and are the foundation for cybersecurity. Here’s why they compare to liquid gold!
Read Post
elastic

Encryption at rest in Elastic Cloud: Bring your own key with Google Cloud

Sep 25, 2024 By Jonathan Simon, In Elastic
Now that we’ve introduced Elastic Cloud encryption at rest and walked you through setting it up in AWS and Azure, it’s time to get you set up in Google Cloud. In this final blog of the series, we will explain how encryption at rest works with Google Cloud Key Management Service (KMS) and then show you how to apply a Google Cloud KMS key to an Elastic Cloud Hosted deployment for encrypting data and snapshots at rest.
Read Post

Falcon Next-Gen SIEM - Detection Posture Management & Workflow Automation Enhancements

Sep 24, 2024 By CrowdStrike In CrowdStrike
Crowdstrike's new detection posture management dashboard lets you visualize your detection posture like never before. Once you understand your current posture, the Falcon Platform empowers you to streamline prescriptive countermeasures in your workflows with the latest releases in Falcon Fusion. Our content library contains an ever growing collection of applications, actions, triggers, and playbooks that help you break down silos between teams and technologies. These innovations make it even more efficient for you and your team to respond faster than the adversaries, and ultimately stop the breach.
View Video
sumologic

Safeguarding your future: enhancing cybersecurity while defending your budget

Sep 19, 2024 By JT Rakitan In Sumo Logic
As budget cycles increasingly force teams to tighten their belts, proving the value of vital technology is key. It’s not enough to showcase how the security operations center (SOC) is improving security posture and defending against threats, you also need to highlight how this boosts ROI. As highlighted in an IDC webinar and white paper, organizations using Sumo Logic have experienced an exceptional return on investment and a rapid payback period.
Read Post
CrowdStrike

CrowdStrike Next-Gen SIEM Innovations Slash Response Time and Simplify SIEM Migrations

Sep 18, 2024 By Kasey Cross In CrowdStrike
Are your legacy technologies slowing down your security operations? You’re not alone. Seventy percent of critical incidents take over 12 hours to resolve. Legacy SIEMs burden security teams with endless manual processes and agonizingly slow search speeds, delaying investigation and response while increasing the risk of a breach. The future of security requires next-gen SIEM technology built for scale and speed, powered by automation and AI.
Read Post
elastic

Elastic named a Leader in IDC MarketScape: Worldwide SIEM for Enterprise 2024

Sep 18, 2024 By Mark Settle In Elastic
Elastic has been recognized as a Leader in the IDC MarketScape for Worldwide SIEM for Enterprise 2024 Vendor Assessment. Elastic Security modernizes threat detection, investigation, and response with AI-driven security analytics — the future of SIEM. It is the tool of choice for SOC teams because it eliminates blind spots, boosts practitioner productivity, and accelerates SecOps workflows.
Read Post
devo

Insider Threats: The Danger Within

Sep 17, 2024 By Devo In Devo
Cyberattacks by hacking groups using ransomware and other tactics dominate the headlines, but the risks posed by individuals within an organization can be just as, if not more, damaging. CISA defines an insider threat as the possibility that authorized personnel will use their access, either intentionally or unintentionally, to harm an organization’s mission, resources, information, systems, or other assets.
Read Post
splunk

Splunk Named a Leader in the 2024 IDC MarketScape for SIEM for Enterprise

Sep 17, 2024 By Olivia Henderson In Splunk
The 2024 recognition momentum for Splunk continues! Splunk is ranked #1 for the fourth year in a row in the IDC Worldwide Security Information and Event Management Market Shares, 2023: The Leaders in SIEM City (doc # US52525024, September 2024) report. Splunk has also been named a Leader in the IDC MarketScape: Worldwide SIEM for Enterprise 2024 Vendor Assessment (doc #US49029922, September 2024).
Read Post
datadog

What's new in Cloud SIEM Content Packs: September 2024

Sep 12, 2024 By Vera Chan In Datadog
Implementing a security incident and event management (SIEM) system can be complex and often requires considerable expertise. Teams need to configure a variety of data sources and ensure their SIEM can scale with growing data volumes. In addition, users need time to learn the system, which can delay value realization. And SIEMs also need continuous maintenance to ensure threat intelligence, detection rules, and integrations are up to date.
Read Post
sumologic

Critical triggers to reassess your SIEM: when and why to evaluate

Sep 12, 2024 By Christopher Beier In Sumo Logic
You wouldn’t drive a car that hasn’t been serviced in a decade. So why are you still trusting a legacy SIEM solution? The world of cybersecurity is in a constant state of flux, and your security information and event management (SIEM) needs to keep up. If you’re not regularly reassessing it, you might as well roll out the red carpet for hackers. Let’s discuss when and why you should seriously consider giving your SIEM a much-needed check-up.
Read Post
graylog

Optimizing SIEM TCO: Smart Data Management Strategies

Sep 10, 2024 By Seth Goldhammer In Graylog
Let’s talk about a less discussed but critical aspect of Security Information and Event Management (SIEM) – data management. While the primary goals of SIEM include threat detection, regulatory compliance, and swift response, the backbone of these systems is log message ingestion and storage. The amount of machine data generated from various systems, applications, and security tools is staggering. Storing and processing this data can be costly and inefficient.
Read Post
devo

Critical Infrastructure Under Siege: Safeguarding Essential Services

Sep 5, 2024 By Devo In Devo
Our world is more digitally connected than ever, including the critical infrastructure systems we rely on: power grids, water treatment plants, transportation networks, communication systems, emergency services, and hospitals. A successful attack on critical infrastructure can have dire consequences, ranging from widespread power outages and contaminated water supplies to economic downturns and societal disruption. Some of those consequences have come to fruition in recent years.
Read Post
elastic

Is your SIEM ready for the AI era? Essential insights and preparations

Sep 4, 2024 By Mark Settle In Elastic
A head-spinning series of acquisitions and mergers is transforming the security information and event management (SIEM) market. Behind this market shakeup is the ongoing technological shift from traditional, manually intensive SIEM solutions to AI-driven security analytics. Legacy systems — characterized by manual processes for log management, investigation, and response — no longer effectively address today’s fast-evolving cyber threats.
Read Post
obrela

What is SIEM in cyber security? Definition & Meaning.

Sep 3, 2024 By Obrela In Obrela
Security Information and Event Management (SIEM) is a critical tool in modern cybersecurity, combining Security Information Management (SIM) and Security Event Management (SEM) to provide real-time monitoring, threat detection and incident response. Obrela’s SIEM solutions collect and analyse security data from various sources to provide a comprehensive view of the security landscape.
Read Post

Copyright © 2024 OpsMatters™. All rights reserved.