Security | Threat Detection | Cyberattacks | DevSecOps | Compliance


The latest News and Information on Security Incident and Event Management.

How AI will impact cybersecurity: the beginning of fifth-gen SIEM

The power of artificial intelligence (AI) and machine learning (ML) is a double-edged sword — empowering cybercriminals and cybersecurity professionals alike. AI, particularly generative AI’s ability to automate tasks, extract information from vast amounts of data, and generate communications and media indistinguishable from the real thing, can all be used to enhance cyberattacks and campaigns.

Zero Trust requires unified data

It’s vital to have a common understanding and shared context for complex technical topics. The previously adopted perimeter model of security has become outdated and inadequate. Zero Trust (ZT) is the current security model being designed and deployed across the US federal government. It’s important to point out that ZT is not a security solution itself. Instead, it’s a security methodology and framework that assumes threats exist both inside and outside of an environment.

CrowdStrike Falcon Next-Gen SIEM Unveils Advanced Detection of Ransomware Targeting VMware ESXi Environments

CrowdStrike Falcon Next-Gen SIEM, the definitive AI-native platform for detecting, investigating and hunting down threats, enables advanced detection of ransomware targeting VMware ESXi environments. CrowdStrike has observed numerous eCrime actors exploiting ESXi infrastructure to encrypt virtual machine volumes from the hypervisor to deploy ransomware in organizations. Access to ESXi infrastructure typically takes place as part of lateral movement.

Top 5 Myths About API Security and What To Do Instead

Discover the top five myths about API security and learn the effective strategies for protecting your digital assets. Understand why attacks are common, the limitations of perimeter security, and the importance of a zero trust model in this comprehensive overview. Uncover the realities of API security, from the prevalence of attacks to the challenges of relying on perimeter defenses. Learn why a zero trust approach and better developer engagement are key to robust API protection.

Graylog V6 and SOC Prime: Cyber Defense with MITRE Framework Webinar

Insights from Graylog and SOC Prime Join us for an exclusive session where we unveil the integrations between Graylog, a comprehensive log management solution, and SIEM, and SOC Prime’s Platform for collective cyber defense. Discover how integrating these solutions transforms your approach to security, providing a robust foundation for crisis management and resilience against cyber threats.

Elastic Security | AI Assistant Demo

Elastic AI Assistant can provide real-time, personalized alert insights — empowering security teams to stay one step ahead in the ever-evolving threat landscape. With the power of large language models (LLMs), the AI Assistant can process multiple alerts simultaneously, offering an unprecedented level of insight and customization. You can interact with your data by asking complex questions and receiving context-aware responses tailored to your needs. Watch this demo from James Spiteri, Director of Product Management at Elastic to see what's new in the Elastic AI Assistant in Elastic Security 8.12.

The Ultimate Guide to Sigma Rules

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.

Tracing history: The generative AI revolution in SIEM

The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.

5 reasons why observability and security work well together

Site reliability engineers (SREs) and security analysts — despite having very different roles — share a lot of the same goals. They both employ proactive monitoring and incident response strategies to identify and address potential issues before they become service impacting. They also both prioritize organizational stability and resilience, aiming to minimize downtime and disruptions.

AT&T DDoS Defense Portal Email Alert Video

In this video, you'll learn about AT&T DDoS Defense Service Alert Emails. We'll also give you an overview of the investigation process. For any high severity alerts, which are caused by traffic exceeding thresholds in protected zones, the DDoS Defense Service sends an alert email to your contacts. At the same time, a ticket is created for the AT&T Threat Management Team to investigate the alert.