Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

%term

When Metrics and Logs are Unified, Good Business Ensues

If you’re reading this, you likely know what a log is, and what a metric is. But sometimes there are questions on their differences, whether you really need both, and if you should use dedicated solutions to manage each type. The answers? Yes, you need both; yes, they should be unified. Logs and metrics, aka machine data, are complementary.

Five Things You should Know About Enterprise Visibility

Data breaches happen daily, many of which go undetected for months and even years. In this environment, having visibility into assets across the enterprise is paramount. This critical security need is termed “enterprise visibility” and has become a household name across the industry. The concept can take on a variety of meanings depending on the stakeholder you may be dealing with across the enterprise.

Post-incident review and the big data problem

Across the board, security teams of every industry, organization size, and maturity level share at least one goal: they need to manage risk. Managing risk is not the same as solving the problem of cybersecurity once and for all, because there is simply no way to solve the problem once and for all. Attackers are constantly adapting, developing new and advanced attacks, and discovering new vulnerabilities.

10 Best SIEM Use Cases (Part 2)

SIEM security that is equipped with Artificial Intelligence (AI) and user behavior analytics can deal with internal threats. AI capabilities in SIEM help security professionals to automate tasks that are otherwise manual and repetitive. Doing so can also help to swiftly detect threats and suspicious activities in network traffic and event logs.

Understand GCP Organization resource hierarchies with Forseti Visualizer

Google Cloud Platform (GCP) includes a powerful resource hierarchy that establishes who owns a specific resource, and through which you can apply access controls and organizational policies. But understanding the GCP resource hierarchy can be hard. For example, what does a GCP Organization “look” like? What networks exist within it? Do specific resources violate established security policies? To which service accounts and groups visualizing do you have access?

NCSC Active Cyber Defence Report 2019: Evidence Based Vulnerability Management

On 16 July 2019, UK’s National Cyber Security Centre (NCSC) released the second annual report of the Active Cyber Defence (ACD) program. The report seeks to show the effects that the program has on the security of the UK public sector and the wider UK cyber ecosystem.

To SIEM or not to SIEM?

Not investing in Security Incident and Event Management solutions means you’re missing out on significant business benefits. SIEM detects and responds to security incidents in real time, which reduces the risk of noncompliance. It also helps realize greater value across all underlying security technology and systems. Reporting with SIEM is more comprehensive and less time-intensive, helping to reduce capital and operational costs through consolidation.

How Will Brexit Affect Cybersecurity for UK Organizations?

As a vendor, Tripwire gets asked a lot of questions from customers and potential clients about how developments in the wider world might affect digital security. One of those forces that’s on everyone’s mind is Brexit. Representatives from some of our potential customers as well as our existing clients are asking us what to focus on and what to do. Specifically, they’re wondering how Brexit will affect their digital security efforts in general.