In the cloud, securing identities and workloads is both paramount and complex. Inventories of AWS customer security breaches help us learn from publicly disclosed incidents—but until now, not much concrete data has been shared around the usage of security mechanisms that could have helped prevent these incidents. For this report, we examined real-world data from a sample of more than 600 organizations and thousands of AWS accounts that use the Datadog Cloud Security Platform.

Which cybersecurity framework is the best one to use for an organization? This is one of the most frequently asked questions when embarking on the cybersecurity journey. Often, the answer falls quite unsatisfyingly along the explanatory lines about how there is no one-size-fits-all solution, and how there are advantages and disadvantages to each.

It seems like every other day; we hear about another company that has been hacked and its customers’ personal data compromised. In the wake of these incidents, it’s more important than ever for businesses to take steps to protect themselves from cyber-attacks. One way to do this is by implementing a network monitoring and security monitoring solution.

Aaron Cooper is the Security Operations Manager at TripActions with 20+ years of experience working in a variety of enterprise infrastructures. He specializes in managing and designing secure network environments to meet the needs of financial and corporate customers, managing security operations centers, and designing and implementing highly secure and available data networks while maintaining HIPAA, SOX, and PCI compliance.

Ours truly is the great age of digital technology. Indeed, few of us can get through an ordinary day without engaging with some kind of digital device, whether we’re using them to communicate, research, work, bank, or even monitor our health. In many cases, the digital devices we use to make it through the day aren’t sitting on our desks and tethered to an electrical outlet.

The tectonic plates of network security are in motion. A wrenching transference from on-premises to cloud-centric data security systems is gaining steam. Security teams are engaged in pushing cybersecurity out to the far edges of a highly interconnected, widely dispersed digital environment; and at the same time, they must find smarter ways to dramatically improve cyber hygiene.

Social engineering is the psychological manipulation used to get others to do things or reveal private information. Between 70% and 90% of data breaches involve social engineering. Social engineering is currently one of the largest cybersecurity dangers facing both small and large enterprises. These “human hacking” techniques are commonly used in cybercrime to trick unwary users into disclosing information, dispersing malware infections or granting access to restricted systems.

The year 2021 had the dubious distinction of being the most prolific for ransomware on record, and the onslaught didn’t stop in 2022. It’s now estimated that every 14 seconds, a business falls victim to a ransomware attack. Ransomware attacks aren’t just happening more often.

There is an exploitation method that can automatically forward emails CC’d to external addresses via an Outlook Desktop rule, even when this action is prevented on the corporate Exchange server. This can be a serious data exfiltration risk allowing post-exploitation persistence in a previously breached account. The legitimate email account owner is highly likely to be unaware of the creation of this rule.

Organizations face a growing threat from cybercriminals while struggling to find qualified security professionals who can protect their infrastructure and sensitive data. This blog will explore the concept of a Security Operations Center (SOC) and the role of SOC analysts in securing your organization. We will also discuss how your organization can leverage automation to improve SOC effectiveness and fill in the gaps when you cannot support a full staff of security professionals.