Howdy folks, it’s your friendly neighborhood transformational detection engineering evangelist Haylee Mills here. Maybe you’ve already been introduced to risk-based alerting, or maybe you’ve seen one of my many talks on the subject: Even if you haven’t, I’m super excited to share a brand new version of my step-by-step guide to success with the risk-based alerting framework!

Securing the cloud has become increasingly complex as organizations adopt hybrid and multi-cloud resources to meet their demanding business requirements. It’s also more crucial than ever: From 2022 to 2023, CrowdStrike identified a 75% increase in cloud intrusions.

In this cloud, DevOps and AI era, security teams grapple with the growing challenge of shadow secrets and vault sprawl. As organizations scale, secrets management increasingly fragments. For example, Microsoft recommends using one Azure Key Vault, per application, per environment per region. Without centralized visibility, security policies and rotation control, vault sprawl leads to heightened security risk and compliance challenges.

We’re excited to announce that AWS CLI is now a runtime option for Run Script in the cloud! This new feature allows you to execute an AWS CLI command directly from the storyboard to interact with AWS services in your AWS account.

In a recent cybersecurity alert, the infamous Iranian hacking group APT33 (also known as Peach Sandstorm and Refined Kitten) has unleashed a new form of malware named "Tickler" to compromise the networks of various organizations across critical sectors in the United States and the United Arab Emirates. This latest campaign, observed between April and July 2024, has primarily targeted government, defense, satellite, and oil and gas industries.

In today’s business environment, cost reduction is a top priority for many organizations. Companies are increasingly adopting technologies that automate tasks and enhance efficiencies to achieve cost savings. However, minimizing risk should also be a key objective for every business.

Spyware is a type of malware that can be installed on your device without your knowledge. The main goal of spyware is to spy on you and gather your private information, like passwords or credit card information. Despite spyware being elusive and undetectable at times, you can tell if there is spyware on your laptop by recognizing common signs. Some of these signs include unwanted pop-up ads, slower performance, shorter battery life and redirections on your browser.

You can tell if your Facebook account has been hacked if you receive login attempt notifications, notice your account’s personal information has been changed, see an increase in suspicious messages or have trouble logging in to your account. Since Facebook accounts hold a large amount of private information, you need to recover your account quickly if it’s been hacked.

Tool sprawl is an expensive aspect of technical debt. IDC recently found that 43% of organizations doing business in the Americas have 500 or more software applications in their portfolios today (Application Services — Worldwide Regions, 2023, IDC #US50490416, April 2023). In the area of monitoring and observability tools alone, 50% of companies reported having between 11 and 40 tools.

In today's rapidly evolving digital landscape, organizations must be prepared for the inevitable occurrence of cybersecurity incidents. Incident response testing is a critical component of a robust cybersecurity strategy, ensuring an organization can swiftly and effectively respond to incidents when they occur.