Elastic Security has long been open — with open source roots, open development, and the release of our SIEM in 2019. In 2020, we further embraced the openness of Elastic and released our open detection-rules repo to collaborate with our users and be transparent about how we protect customers. That repo is focused on our SIEM and Security Analytics use cases and did not yet include Elastic Endpoint Security artifacts.

Remote workforce models don’t look like they’re going anywhere anytime soon. While your employees need to collaborate, you need to make sure that you mitigate data breach risks. You worked diligently over the last few years to put the right access controls in place. The problem? Data breaches aren’t always threat actors and are not always malicious.

On July 27, 2022, Microsoft Threat Intelligence Center (MSTIC) disclosed a private-sector offensive actor (PSOA) that is using 0-day exploits in targeted attacks against European and Central American victims. MSTIC and others are tracking this activity group as KNOTWEED. PSOAs sell hacking tools, malware, exploits, and services. KNOTWEED is produced by the PSOA named DSIRF.

Security analysts and administrators need every advantage to keep up with prioritizing and investigating alerts. A SIEM (security information and event management) solution helps uncover threats, but it takes a lot of time assigning and updating tags, criticality, and signal suppression. Sometimes users opt to skip the step altogether, especially if there are a lot of entities to add or update at once. Other times, they introduce errors during this manual step.

I am very pleased and proud to share the big news that Devo is now an AWS Security Competency Partner. This is a significant milestone for Devo and it’s important for our current and future customers and partners. This designation validates that Devo has successfully met AWS’s technical and quality requirements for providing customers with a deep level of expertise in threat detection and response.

With today’s expanding attack surfaces and the growing sophistication of adversaries, exploding volumes of data are negatively affecting SOC teams’ success. According to the 2021 Devo SOC Performance Report, 67% of respondents said their lack of visibility into the attack surface makes working in the SOC painful.

The German IT Security Act 2.0 (IT-SiG 2.0) has been in force since May 2021. Due to this new law, significantly more German companies have been classified as operators of critical infrastructures (KRITIS) than ever. This is a major cause of headaches for many managers. In addition, IT departments are starting to ask themselves: "Are we now regarded as KRITIS"? And if so, "What do we have to take into consideration?"

RHONDOS is proud to have established a strategic partnership with Devo, the only cloud-native logging and security analytics platform. RHONDOS is bringing PowerConnect for SAP to Devo, and together we will provide mutual customers with an all-in-one solution so they can confidently address the question of what to do with SAP data.

Cybercrime can look different for every organization, and consequences could vary. The dangers of cyberattacks don’t limit only to hackers stealing personal or company information — they can also be expensive. The cost of recovering from a cyber-attack can be costly or put organizations out of business. In the middle of 2022 cybersecurity concerns are still the number one priority in most organizations. We’ve gathered the top 6 cybersecurity trends in mid-2022.

So, you’ve done your homework. You’ve clearly defined business requirements, and you think you want to implement a Security Information and Event Management (SIEM) solution into your organization. Cloud migration and remote work have changed the way threat actors attack, and it feels like every day you read about a new methodology. While a lot of companies added a SIEM to their cybersecurity technology stack, you’re not sure whether you can afford one.