Devo recently announced that it has entered into a strategic collaboration agreement with Amazon Web Services (AWS). This is a significant milestone for Devo and great news for our mutual customers with AWS. We caught up with Tony Le, cloud partnerships director, to take a deeper dive into what this means and how the collaboration will benefit our users in the long run.

Amazon Security Lake allows customers to build security data lakes from integrated cloud and on-premises data sources as well as from their private applications. Directing your security telemetry into a unified data lake makes it easier to manage, analyze, and route security-log and event data to third-party SIEM solutions that leverage that telemetry.

As organizations are rapidly moving to the cloud to leverage the cloud advantage, services are also moving to the cloud, including cybersecurity solutions such as SIEM. In fact, SIEM as a Service is rapidly gaining momentum as an alternative to traditional, on-premises SIEM solutions. In its 10 Questions to Answer Before Adopting a SaaS SIEM report, Gartner had predicted that by 2023, 80% of SIEM solutions will have capabilities that are delivered via the cloud.

Investigating the origin of activity in cloud-native infrastructure—and understanding which activity is a potential threat—can be a challenging, time-consuming task for organizations. Cloud environments are complex by nature, comprising thousands of ephemeral, interconnected resources that generate large volumes of alerts, logs, metrics, and other data at any given time.

Fileless threats are on the rise. These threats occur when cybercriminals use pre-existing software in victims’ systems to carry out attacks, instead of using a malicious attachment or file. More often than not, a criminal’s favorite tool for a fileless attack is PowerShell.

LogSentinel’s operational security platform ( SIEM, XDR & SOAR) continuously optimizes the models of specialized threat systems and has created eight layers of anti-threat weapons. Based on the characteristics of user behavior and traffic analysis, the series of local anti-threat modules form an iron wall to prevent telecommunication and network threats and protect the safety of users’ communications and property.

The first Elastic Global Threat Report was published earlier this week. In it, you will learn about trends observed by our threat researchers, our predictions for what’s coming next, and some of our recommendations to operate securely in the face of today’s and tomorrow’s threats. If you haven’t read it yet, go check it out. As a technical leader in Elastic Security, I'd like to reveal a small amount about what goes into reports like this one and why it’s significant.

I remember where I was sitting when I read Mandiant’s first M-Trends report on the advanced persistent threat in 2010. I was a technical director at the National Security Agency in the office of Tailored Access Operations (TAO). At that time, my job was to build computer network exploitation (CNE) tools to collect foreign intelligence.

When we hear the term “Credential Access” our detection engineer thoughts typically turn to the Windows LSASS Process and tools like Mimikatz. Recently, however, researchers have drawn our attention to Microsoft Office processes. These processes also store credential material, in the form of access tokens.

Staying up-to-date on the current state of security and understanding the implications of today’s growing threat landscape is critical to my role as CISO at Elastic. Part of this includes closely following the latest security threat reports, highlighting trends, and offering valuable insights into methods bad actors use to compromise environments.