Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

Getting started with adding a new security data source in your Elastic SIEM: Part 1

What I love about our free and open Elastic SIEM is how easy it is to add new data sources. I’ve learned how to do this firsthand, and thought it’d be helpful to share my experience getting started. Last October, I joined Elastic Security when Elastic and Endgame combined forces. Working with our awesome security community, I’ve had the opportunity to add new data sources for our users to complement our growing catalog of integrations.

Why Does Your Business Need Digital Forensic Tools?

While the real world of forensics is much different from your favorite primetime drama, it’s becoming an increasingly important field for the digital sphere. Cybercriminals leave a trace just like real-world offenders, so it’s important to use digital forensic tools that can identify, address, and resolve potentially fraudulent or harmful activities. Keep reading to learn more about digital forensics, and the tools your company needs to stay protected.

Splunk Attack Range Now With Caldera and Kali Linux

The Splunk Security Research Team has been working on new improvements and additions to the Splunk Attack Range, a tool that allows security researchers and analysts to quickly deploy environments locally and in the cloud in order to replicate attacks based on attack simulation engines. This deployment attempts to replicate environments at scale, including Windows, workstation/server, domain controller, Kali Linux, Splunk server and Splunk Phantom server.

Teramind Named in the Gartner 2020 "How to Choose Between Enterprise DLP and Integrated DLP Approaches" Report

The Report Sheds Light on Data Loss Prevention Challenges and Identifies the Use Cases for Integrated DLP vs. Enterprise DLP Solutions. A recent report published by Gartner titled “How to Choose Between Enterprise DLP and Integrated DLP Approaches” (Gartner subscription required) found that “the data loss prevention market includes products with DLP capabilities integrated in security products or SaaS applications, as well as cohesive enterprise DLP suites.

How to Comply with GDPR

When it comes to organizations incorporated and operating out of the United States, General Data Protection Regulation (GDPR) compliance can be confusing. Many people struggle to understand what exactly is the GDPR and whether it applies to all organizations. On May 25, 2018, the European Union (EU) via the European Parliament, signed into law the GDPR, to an enhance Directive 95/46/EC.

Security Log Monitoring and DNS Request Analysis

Monitoring all DNS requests in your network, including those that were blocked by (e.g., by a firewall) is a great way to increase visibility, enforce compliance and detect threats. A common problem with collecting DNS logs is that DNS server logs are notoriously hard to parse. Also, parsing only the logs of your DNS servers leaves a blind spot when it comes to usage of, or the attempt to use, an external DNS server like Google's 8.8.8.8.

Remote workers making mobile management and security first priority

In recent years, many businesses had already begun planning for a gradual shift towards an increasingly remote workforce, yet fewer had implemented a mobile-first strategy, and some were still formulating strategies. At a gradual pace, IT administrators could handle a small percentage of remote workers and saw the management features of device enrollment programs and network security measures as enough to manage a few remote devices and cyber risks.

May Open Source Security Vulnerabilities Snapshot

May is here, and with it our May’s open source security snapshot, our monthly overview of the new open source security vulnerabilities published in April, to see what’s new in the ever-evolving open source security ecosystem. In order to give you all the low-down on emerging or ongoing trends, our hardworking research team analyzed all of the new open source security vulnerabilities added to the WhiteSource database.

FINRA: Phishing Emails Targeting Financial Companies

On Monday, May 4th, **FINRA (Financial Industry Regulatory Authority), issued a warning to financial companies stating that a new email phishing campaign was doing the rounds. According to the regulator, the campaign is ongoing, widespread, and made to look as though the emails are coming from FINRA itself.

Remote Admin Tools (RATs): The Swiss Army Knives of Cybercrime

The cybercrime threatscape is constantly changing as hackers adapt and repurpose the use of many different types of tools and attack vectors, and a recent report by Kaspersky Lab indicates that the use of remote administration tools (RATs) has increased during 2018. RATs are commonly developed as legitimate software suites with bundled functionalities to support system administrators and other power users.