For state and tribal governments thinking about applying for — or that have already applied for — funding from the US federal State and Local Cybersecurity Grant Program (SLCGP) or Tribal Cybersecurity Grant Program (TCGP), you likely already know that building out a comprehensive cybersecurity plan is a required element in the process. If you’ve already submitted your application for fiscal year 2022 funding, you have until the end of September 2023 to submit your cybersecurity plan.

Security teams today need to analyze vast amounts of data from various sources, including endpoints, cloud, applications, and user activity, just to mention a few. At the same time, adversary activity is also on the rise and the threat landscape is becoming more and more complex every day. Further exacerbating the situation, security teams are strapped for resources and unable to analyze the enormous amounts of data and security alerts they receive in real time.

Containers and microservices have changed the game: They allow organizations to ship apps faster and make better use of hardware. They encourage modular software design. And containers help teams embrace the cloud-native paradigms of scalability, mobility, and resilience. It’s safe to say that containers have shaken things up.

It's no surprise that organizations are moving to the cloud to innovate — to meet the growing demands of their customers and digital transformation. Organizations want to build applications that are fast and scalable. They want to make use of the latest cloud-native capabilities like containers, orchestrators, microservices, APIs, and declarative infrastructure. However, this also means security in the cloud cannot be an afterthought.

The efficiency, security, and scalability of cloud operations are driving financial institutions’ adoption of the technology faster than ever before. The ability to meet customers where they want to transact, personalize solutions, and leverage new data and analytics solutions (including AI) on-demand is driving this growth. In fact, according to Accenture, the banking industry's workloads in the cloud more than doubled from 2021 to 2022.

In the second part of our breaking down the Elastic Global Threat Report series, we’re focusing on the credential access tactic, which was the third-most common category of behavior we observed. Roughly 10% of all techniques we saw involved one form of credential theft or another and dissecting this class of behaviors is helpful both to improve our understanding of threats and to better understand enterprise risks.

Elastic Security 8.7 helps security practitioners eliminate alert fatigue, reduce MTTR, and better secure cloud environments through integrated SIEM, cloud security, and endpoint security. This release includes the following new features that bring efficacy and efficiency to the modern security operations center (SOC): Security operations centers use SIEM, EDR, and cloud security solutions to detect malicious activity by analyzing their security-related events and information. . .

Migrating to a new security information and event management (SIEM) solution can feel like a daunting task, like moving to a new house. Over the years, a lot gets accumulated and sometimes is forgotten until found in a corner. This blog identifies steps you can take to reduce the pain typically associated with a migration, tools that can help along the way, and questions you should ask during each phase of a migration.

Vulnerability management (VM) is a challenging task. Of the three pillars of people, process, and technology, it is the latter that we have the most control over and that can make the greatest impact. We recognize that technology alone is not sufficient and must be accompanied by strong processes and skilled personnel. However, the right technology can greatly facilitate and improve the effectiveness of our vulnerability management efforts.