Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SIEM

The latest News and Information on Security Incident and Event Management.

How to build a home IT security lab: Episode 1

Hello all and welcome to the first episode of a new blog series focused on how to prevent WordPress site hacks. In this first post of the series, I will provide videos and articles that will comprise a set of tutorials to show you the ins and outs of building a home lab that will give you the flexibility to test, hack, or learn just about anything in IT.

Monitoring Box Security with USM Anywhere

We’re proud to announce a new USM Anywhere App for Box! We use the Box Events API to track and detect detailed activity on Box. This new addition to the set of USM Apps arrives to provide an extra security layer to cloud storage services that many enterprises are outsourcing to Box. Beyond monitoring and data collection, USM offers early detection of critical events and alerting, thanks to event correlation and business intelligence.

Adversary simulation with USM Anywhere

In our previous blog, we analyzed how it is possible to map malware threats using the MITRE ATT&CK™ framework. In this blog, we will test the USM Anywhere platform against red team techniques and adversary simulations. We performed this analysis as part of our continuous efforts to improve the platform’s detection effectiveness.

How to Use Data to Identify Trends, Attack Profiles, And Possible Threats?

Data is a raw material, which is often unstructured, extracted in massive quantity, and requires processing before calling it an information and actionable intelligence. A good example is the Indicators of Compromise (IoCs). A big list of domain names or IP addresses can be ingested into the SIEM system to identify whether this list contains any malicious IP or not.

Security Information and Event Management (SIEM) Architecture

In information warfare, the need to develop SIEM architecture has become a crucial factor due to the existence of ever-growing cyber threats and their creators – cyber pests. The SIEM (Security Information and Event Management) presents a broad range of products or services for the purpose of managing security information and security events simultaneously.

Sponsored Post

EventSentry v4.0 - Introducing ADMonitor

Since Active Directory is the foundation of all Windows networks, monitoring Active Directory needs to be part of any comprehensive security strategy. Up to version 3.5, EventSentry utilized Windows auditing and the security event log to provide reports on: User Account Changes, Group Changes and Computer Account Changes.

What's better: On-site SIEM or MSSP SIEM?

If an organization properly implements a SIEM solution, it efficiently draws attention towards warning signs as well as suspicious activity within the network. With the ever-evolving cyber space, continuous security monitoring has become exceedingly important. The benefits of SIEM also extend to understanding business and technology environments, monitoring availability and performance, issue diagnosis, and creation of a report on network activities.

SIEM: What Is It, and Why Does Your Business Need It?

Security information and event management (SIEM) technology is transforming the way IT teams identify cyber threats, collect and analyze threat data and respond to security incidents. But what does that all mean? To better understand SIEM, let's take a look at SIEM technology, how it works and its benefits.