SIEM

The latest News and Information on Security Incident and Event Management.

Elastic Security 7.16: Accelerate SecOps with the most powerful Elastic Security yet

Dec 7, 2021 By Mark Settle In Elastic

In Elastic Security 7.16, multiple new out-of-the-box data integrations for Elastic Agent streamline data ingestion and normalization, powering security operations. The release also introduces full production support for several existing data integrations. Version 7.16 introduces an expanded set of malicious behavior protections, addressing methods related to initial access, privilege escalation, and defense evasion.

Read Post

Elastic

Read more about Elastic Security 7.16: Accelerate SecOps with the most powerful Elastic Security yet

Detecting and blocking unknown KnownDlls

Dec 3, 2021 By Gabriel Landau In Elastic

This is the second in a two-part series discussing a still-unpatched userland Windows privilege escalation. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver. Part 1 of this blog series showed how to block these attacks via ACL hardening. If you haven’t already, please read the first part of this series, because it lays an important foundation for this article. Interested readers can also check out the excellent Unknown Known DLLs...

Read Post

Elastic

Read more about Detecting and blocking unknown KnownDlls

LogSentinel XDR - A Unified Security Monitoring Platform

Nov 29, 2021 By Bozhidar Bozhanov In LogSentinel

XDR (eXtended Detection and Response) is a new Gartner category, which, we’ve argued before, is SIEM++, or what next-gen SIEM should have been. This is why we are packaging our latest feature updates into an XDR offering that should greatly improve the detection and response capabilities of any organization, especially mid-market organizations, which gain the most benefit from integrated, easy-to-use platforms. LogSentinel XDR is a unified security monitoring and response platform.

Read Post

LogSentinel

Read more about LogSentinel XDR - A Unified Security Monitoring Platform

Announcing new Sumo Logic AWS security Quick Start integrations

Nov 29, 2021 By Sumo Logic In Sumo Logic

We’re excited to announce updates to Sumo Logic AWS Quick Start Integrations that enable customers to automate the integration of AWS Security Reference Architecture within Sumo Logic Cloud SIEM powered by AWS. The new integrations automate the collection, ingestion, and analysis of applications, infrastructure, security, and IoT data to derive actionable insights for security engineering teams.

Read Post

Sumo Logic

Read more about Announcing new Sumo Logic AWS security Quick Start integrations

Why is LogSentinel a Great Fit to Any MSSP?

Nov 22, 2021 By Denitsa Stefanova In LogSentinel

On the shifting threat landscape, security investments are growing, the complexity of security solutions continues to increase, hence the need for managed security service providers (MSSPs) will continue to grow proportionally.

Read Post

LogSentinel

Read more about Why is LogSentinel a Great Fit to Any MSSP?

LogSentinel SIEM for MSSPS: Key MDR / MSSP Benefits

Nov 18, 2021 By LogSentinel In LogSentinel

Managed security service providers (#MSSP's) are tasked with providing efficient #cybersecurity monitoring and response service without most of their revenue going away for licensing. LogSentinel SIEM is a tool that’s built with MSSPs in mind – we have predictable and affordable pricing and offer deployment and management flexibility. In this video, we will discover the key benefits of using LogSentinel SIEM if you are an MSSP/MDR provider.

View Video

LogSentinel

Read more about LogSentinel SIEM for MSSPS: Key MDR / MSSP Benefits

Case Study: Outsider Attacks - Before and After LogSentinel SIEM

Nov 15, 2021 By LogSentinel In LogSentinel

Cyber attackers are relentless, but your security doesn’t have to be. Hackers can wreak havoc on your company. One way they do this is by attacking your IT infrastructure and look for vulnerabilities. The good news is, you don't have to spend a fortune to solve your security problems. LogSentinel SIEM is the first line of defense for organizations worldwide, helping businesses avoid security breaches before they happen.

View Video

LogSentinel

Read more about Case Study: Outsider Attacks - Before and After LogSentinel SIEM

Case Study: Insider Attacks Before and After LogSentinel SIEM

Nov 11, 2021 By LogSentinel In LogSentinel

Insider attacks were the #1 vulnerability type in 2018 according to Verizon's 2018 Data Breach Investigation Report. Here, we explore how these insider attacks could have been prevented with the right security monitoring tools.

View Video

LogSentinel

Read more about Case Study: Insider Attacks Before and After LogSentinel SIEM

How to Detect Office 365 Anomalies Using SIEM

Nov 9, 2021 By Denitsa Stefanova In LogSentinel

Microsoft Office 365 (also known as Microsoft 365 or Office 365) is a cloud-based service that enables online collaboration and real-time data sharing via Microsoft solutions such as SharePoint, MS Teams, and OneDrive. Microsoft Office 365 brings together familiar Microsoft Office desktop applications together with business-class email, shared calendars, instant messaging, video conferencing, and file sharing, making it an integral part for many in times of pandemic.

Read Post

LogSentinel

Read more about How to Detect Office 365 Anomalies Using SIEM

LogSentinel SIEM Workshop: Dashboard, Threat Detection, Integrations

Nov 9, 2021 By LogSentinel In LogSentinel

What is it like to use LogSentinel #SIEM? Here's a #demo that shows what LogSentinel SIEM can do, from how to set up an alert, what the dashboard looks like, how to triage threats in real-time, and so much more!

View Video