Hello, security enthusiasts! This is part seven (can you believe it?) of the Elastic SIEM for home and small business blog series. If you haven’t read the first six blogs in the series, you may want to before going any further. In the prerequisite blogs we created our Elasticsearch Service deployment (part 1), secured access to our cluster by restricting privileges for users and Beats (part 2), then we created an ingest pipeline for GeoIP data and reviewed our Beats configurations (part 3).

As the cloud continues to expand with no end in sight, it’s only wise to invest in it. Infrastructure-as-a-Service, Platform-as-a-Service and Software-as-a-Service bring significant cost savings (personnel and ownership), improved performance, better reliability, freedom to scale and - above all - significant security benefits. It’s no wonder that so many businesses have already adopted all three of these models.

In advance of the RSA Conference 2020, we wanted to get a pulse of attendees’ perceptions on a few topics, specifically challenges facing modern SOCs (security operations centers) and the value they are getting from technologies such as analytics, automation, and their SIEM tools. To get this, we fielded a series of questions to the Twitter-verse and received nearly 17,000 votes! After going through the results, we found a few interesting things…

The tongue-in-cheek named malware detection tool, Yet Another Recursive Acronym (YARA) is described as “the pattern-matching Swiss Army knife for malware researchers (and everyone else)”. The Sumo Logic Cloud SIEM Enterprise platform is one of the first SIEM solutions to incorporate it as a built-in feature. This gives blue teamers an additional layer of detection built into the SIEM.

SaaS adoption is continuously on the rise and so is the number of companies migrating their email services to Microsoft Office365. It’s the most popular SaaS service and while over 90% of enterprises use it, only less than a quarter of them have already migrated to the cloud-based suite. Nonetheless, this number is growing steadily, as cloud adoption rates are increasing.

The amount of APTs, ransomware and phishing attacks have been growing steadily for the last few years. As a result, cyber security professionals have been looking for better methods to protect organizations. In this article, we will discuss one of those newly popularized methods: cyber security ontology.

The need for a mature cybersecurity process in today’s corporate environment is becoming ever more critical. As hackers are becoming more and more sophisticated, so our management and defense systems should also be strengthened accordingly. While there are many components that make up a solid security program within an organization, today, we will shed a light on one essential of these components, which is a vulnerability management maturity model.

Integration is one of the most critical features that every security product should have. But, unfortunately, this is not a case when it comes to too many traditional security tools. The organizations that were using SIEM with having integration capability remained secure to a large extent. For example, an effective SIEM can inject Threat Intelligence Feeds (TIF) from multiple different sources.

NERC is a non-profit organization that sets industry standards, educates and trains industry personnel and provides guidelines for grids. You can find the details on NERC and NERC reliability standards in our article. What is NERC? NERC refers to the North American Electric Reliability Corporation. It is a non-profit organization whose main aim is to provide necessary regulations that reduce the risks regarding reliability and security.

We enable our customers to monitor, troubleshoot and resolve operational issues and security threats to their cloud or hybrid environments with our machine data analytics suite. Our users already know that Sumo Logic can help them dramatically improve the security and economy of their organization.