It’s hard to go a day without some headline touting how generative AI is transforming the future of work. And this sentiment certainly rings true in the security industry as security operations centers (SOCs) continue to mature their security posture with automation so that they can protect their enterprise and customer data. But how are leaders and teams feeling about the progress of AI adoption and how the tools are being used?

LimaCharlie offers many of the capabilities of a security information and event management (SIEM) solution, although it is not a SIEM. In this article, we’ll talk about LimaCharlie vs traditional SIEMs—and explain how our platform can be used to reduce or replace SIEM usage and help cybersecurity teams save money.

Migrating to a new security information and event management (SIEM) solution can feel like a daunting task, like moving to a new house. Over the years, a lot gets accumulated and sometimes is forgotten until found in a corner. This blog identifies steps you can take to reduce the pain typically associated with a migration, tools that can help along the way, and questions you should ask during each phase of a migration.

A lot has changed since Sumo Logic last gave our two cents on how to secure Office 365. In the meantime, Office 365 has become Microsoft 365 (M365), and Sumo has continued evolving and expanding its security offering. Today’s threat actor is adept at compromising M365 accounts through various methods. Stealing credentials through phishing email campaigns and brute-force attacks has become commonplace.

As digital transformation expands the threat landscape, compliance mandates adapt to meet new challenges. In 2020, the European Commission announced its decision to accelerate its revision of the Directive on Security of Network and Information Systems (NIS2). When carrying out its impact assessment, the Commission realized that it needed to update the NIS Directive in response to new risks.

In computing, an audit log is a record of an event. An event is any significant action that impacts the hardware or software of a computer – anything from a mouse click to a program error. Besides documenting which resources were accessed and what for, an audit file system will also include the source and destination addresses, the timestamp, and the user ID information.

With the rapid expansion in both scale and variety of technologies in modern business systems, there comes a need to further secure those technologies to prevent nefarious actors from causing havoc. The expanding data landscape creates a much larger attack surface for bad actors to exploit, and as a result leaves many organizations at risk from theft, fraud or other undesirable behavior.

Event correlation tools are a fundamental instrument in your toolbox to detect threats from all sources across your organization in real time. A wise use of the right event correlation techniques through log management and analysis is the cornerstone of any reliable security information and event management (SIEM) strategy – a strategy that focuses on prevention rather than reaction.

Vulnerability management (VM) is a challenging task. Of the three pillars of people, process, and technology, it is the latter that we have the most control over and that can make the greatest impact. We recognize that technology alone is not sufficient and must be accompanied by strong processes and skilled personnel. However, the right technology can greatly facilitate and improve the effectiveness of our vulnerability management efforts.

The Sumo Logic Threat Labs team previously outlined the risks associated with unprotected cloud credentials found on Windows endpoints. This article builds on that work by providing detection and hunting guidance in the context of endpoints that run the Linux operating system. Although workloads that support business functionality are increasingly moving to the cloud, these workloads are often managed through an endpoint that is often found on premises.