So you’ve set up a Security Orchestration, Automation and Response (SOAR) platform. You’re now ready to detect, respond to and remediate whichever threats cyberspace throws at you, right? Well, not necessarily. In order to deliver their maximum value, SOAR tools should be combined with playbooks, which can be used to drive SOAR systems and ensure that SOARs remediate threats as quickly as possible — in some cases, without even waiting on humans to respond.

Three-quarters of U.S. CEOs in PwC’s 24th Annual Global CEO Survey said they are “extremely concerned” about cyber threats. They want to understand roadblocks, cyber insurance coverages, and budget allocation, among other critical topics. CISOs prefer the language of technology, and boards prefer the language of finance.

Editor’s note: This is Part 2 of a five-part cloud security series that will cover protecting an organization’s network perimeter, endpoints, application code, sensitive data, and service and user accounts from threats.

In this post, we’ll quickly cover the highlights of what you need to know about California’s Data Breach Notification Statute.

Cryptomining attacks are becoming more notable in-line with the rise of blockchain and cryptocurrencies, so detecting cryptomining has become a high priority. Security researchers have found data breaches related to various cryptominer binaries running within victims’ infrastructures. The default openness of Kubernetes clusters and the availability of the extensive compute power required for mining makes Kubernetes clusters a perfect target for cryptomining attacks.

In October 2022, a novel ransomware named Prestige was found targeting logistics and transportation sectors in Ukraine and Poland. According to Microsoft, victims affected by Prestige overlap with previous victims targeted by HermeticWiper, spotted in February 2022. The research also shows that the attackers deployed the ransomware within an hour between all victims, abusing highly privileged domain credentials to deploy the payload.

The first Elastic Global Threat Report was published earlier this week. In it, you will learn about trends observed by our threat researchers, our predictions for what’s coming next, and some of our recommendations to operate securely in the face of today’s and tomorrow’s threats. If you haven’t read it yet, go check it out. As a technical leader in Elastic Security, I'd like to reveal a small amount about what goes into reports like this one and why it’s significant.

Internal reconnaissance is one of the first steps an attacker will take once they have compromised a user or computer account in your network. Using various tools or scripts, they enumerate and collect information that will help them identify what assets they should try to compromise next to get what they want. For example, BloodHound will map out attack paths that can enable an adversary to escalate their privileges from ordinary user to admin.