What you’re doing isn’t working. Despite best efforts, the scale of cybersecurity data is outpacing the ability of security information and event management (SIEM) solutions to identify and stay ahead of digital threats. Incremental improvements can’t keep pace with the scale of data contained in cloud solutions and the scope of data created by new tools, like generative AI. The result? It’s time for transformation—and time for SIEM to act like a security data platform.

Real-time feedback on risky behavior stops sensitive data exfiltration and educates employees on security best practices, based on research from Cyberhaven Labs analyzing data on warning and blocking policy implementations.

The National Institute of Standards and Technology’s widely used Cybersecurity Framework (NIST CSF) provides organizations with a common language that allows staff at all levels—and at all points in a supply chain—to develop a shared understanding of their cybersecurity capability.

‍ ‍ ‍One of the most simultaneously exciting and challenging aspects of working in the cybersecurity industry is that the risk landscape and management practices never stop evolving. Additional data is continuously being gathered, and new frameworks are constantly developed to help organizations better assess, measure, and secure themselves against threat actors poised to exploit system weaknesses.

Before Crowdstrike caused the world to melt down for a few days, the talk of the security town was a recent OpenSSH vulnerability (CVE-2024-6387). Dubbed by its celebrity name regreSSHion, it is a Remote Code Execution vulnerability in some versions of OpenSSH discovered by the Qualys Threat Research Unit on July 1, 2024. Specifically, versions of OpenSSH compiled against the glibc library, which is to say “probably most of them”, were impacted.

Microsoft Sentinel customers, get ready to streamline your security monitoring and investigation workflows with the official 1Password integration for Microsoft Sentinel.

Ransomware has evolved significantly since its inception. Initially, these attacks were relatively simple: malware would encrypt a victim's files, and the attacker would demand a ransom for the decryption key. However, as cybersecurity measures improved, so did ransomware gangs' tactics. Modern ransomware attacks often involve sophisticated techniques such as data exfiltration, where attackers steal sensitive information before encrypting it.

SQL injection (SQLi) is one of the most severe security vulnerabilities in web applications. It occurs when an attacker is able to manipulate the SQL queries executed by an application by injecting malicious SQL code into user input fields. SQLi can lead to unauthorized access to sensitive data, data corruption, or even complete control over the database server.

APIs are increasingly becoming the target of choice for attackers. According to the key findings stated in the 2024 Gartner Market Guide for API Protection, "APIs — especially shadow and dormant ones — are causing data breaches among organizations that, on average, exceed the magnitude of other breaches.

As the cloud becomes increasingly integral to modern businesses, cloud data protection (CDP) gains importance. From safeguarding against data loss due to accidental deletion or system failures to protecting against cyber threats like ransomware, CDP is the foundation of a resilient cloud strategy. The cloud brings its own set of challenges, from the dynamic nature of containerized workloads to the complexity of multi-cloud environments.