Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SIEM

The latest News and Information on Security Incident and Event Management.

Building a Modern SOC: Architecture, Challenges, and Success Stories

What does it take to create a truly modern Security Operations Center (SOC)? In this session, we’ll dive into the essential components and architecture that define a cutting-edge SOC, exploring the challenges that organizations face during the modernization process. Through real-world examples, we’ll showcase how forward-thinking clients are successfully navigating these challenges and transforming their SOCs into modern security powerhouses.

Managed Detection and Response | 24/7 MDR Solutions by LevelBlue

Protect your business with LevelBlue's Managed Detection and Response (MDR) services. Our experts provide 24/7 monitoring and real-time threat detection powered by the award-winning LevelBlue USM Anywhere platform. Stay ahead of evolving threats with advanced SIEM capabilities, curated threat intelligence, and seamless BlueApp integrations. Let us help you manage risk and safeguard your operations.

Managed Network Security Solutions | 24/7 Cybersecurity Expertise by LevelBlue

It’s not a matter of if your organization will face a cyber-attack – it’s when. Partner with LevelBlue to modernize your network and protect your business. Our experts provide 24/7 network security management and monitoring, helping you secure your attack surface with cutting-edge solutions like DDoS defense and SASE integration. Our Services Include: Why Choose LevelBlue? 24/7 Monitoring & Support Tailored Network Security Solutions Expert Risk Management.

Baking a SIEM: A Recipe for Graylog Open to Security and Beyond

Aspire Bakeries' Graylog journey began in mid-2017 when we realized the current method of log review/collection on each device wasn’t working for us in Operations and we needed better way of working. Over the years we have grown our Graylog implementation from a single Graylog Open 2.0 VM for Operations Teams to a multi-node cluster handling 100MM+ messages per day and the center of our SOC.

API Security: 200 is Not Always Okay, and How to Cope with This

While a 200 OK status often signals success, its appearance can be deceiving, especially when it cloaks significant threats within API interactions. This session expands on the critical role of APIs as part of the broader attack surface essential for robust Threat Detection, Identification, and Response (TDIR) programs. We’ll explore intricate case studies where seemingly successful responses harbored risks that bypass traditional monitoring. Learn how to enhance your SIEM capabilities by effectively detecting anomalies in API traffic, ensuring that every layer of interaction is scrutinized—not just the surface.

Sumo Logic Mo Copilot: AI assistant for faster incident response and simplified troubleshooting

AI is transforming industries at an unprecedented pace. From generative AI tools revolutionizing creative work to AI assistants reshaping enterprise workflows, one thing is clear: this technology is no longer a nice-to-have; it’s a must-have. But what about DevSecOps - the teams tasked with safeguarding our modern apps and infrastructure and ensuring their reliability?

From Hidden to Exposed: Advanced Graylog Alerts for Malicious Activity

Think you've implemented every security measure possible? Think again. While you may have addressed many common attack vectors from both threat actors and Red Team engagements, there's always more to uncover. This session is designed to push your defenses to the next level by diving deep into the often-overlooked tactics that can significantly enhance your security posture.

Demystifying Kubernetes for Security Analytics: Enhancing TDIR for Cloud Deployments

Kubernetes has revolutionized cloud applications, enabling them to function as microservices distributed across global clusters, significantly enhancing fault tolerance, high availability, and cost efficiency. However, with this great power comes the critical responsibility of maintaining security and observability. Despite its many strengths, Kubernetes lacks a built-in centralized log store, relying instead on third-party plugins for this essential functionality.

Navigating the Cybersecurity Risks of Illicit Streaming Devices

Illicit streaming devices have become an unnoticed yet significant threat in many households and corporate environments. These devices, often advertised with wild promises of free access to premium content, have a dark side that many users might not be aware of. They operate much like the “black boxes” of the 1990s, offering access to pay-per-view events and premium channels at suspiciously low costs.

Do You Need IDS and IPS?

Imagine, for a moment, that your IT environment is the Death Star. You know the rebels will try to rescue Princess Leia. If you’re Darth Vader, you need systems that detect Luke and Chewbacca when they gain unauthorized access and systems that prevent them from accessing the Death Star. As a security analyst, you have varied technologies that detect and prevent malicious actors from gaining unauthorized access to your networks.