Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

Fine-tuning Cloud SIEM detections through machine learning

Security engineering teams spend hours every week tuning their security information and event management (SIEM) systems to ensure that they are effective at detecting security threats and minimizing false positives. Such “tuning tax” is common as customers add new SIEM rules to cope with rapidly changing threat landscape and attacker tactics and as their attack surface evolves through automated changes to their application and infrastructure stacks.

Industrial control systems security with Elastic Security and Zeek

Industrial control systems (ICS) have historically been isolated and less interconnected. Isolation was one of the things that kept these systems more secure behind air gaps, at the cost of lost coordination and collaboration. This is rapidly changing with the rise of Industry 4.0 with increased interconnectivity and integration of smart technologies like Industrial IoT (IIoT) and cloud computing in modern industrial processes.

National Cybersecurity Deep Dive: Invest in a Resilient Future and Forge International Partnerships

The first three pillars of the National Cyber Security Strategy focused on activities that could be accomplished in the near term–perhaps within a few years. The last two pillars start looking at some challenges that we need to address now.

Elastic Security in the open: Empowering security teams with prebuilt protections

Elastic Security now comes with 1,100+ prebuilt detection rules for Elastic Security users to set up and get their detections and security monitoring going as soon as possible. Of these 1,100+ rules, more than 760 are SIEM detection rules considering multiple log-sources — with the rest running on endpoints utilizing Elastic Security for Endpoint.

Building a cybersecurity plan for the State and Local Cybersecurity Grant Program (SLCGP)

For state and tribal governments thinking about applying for — or that have already applied for — funding from the US federal State and Local Cybersecurity Grant Program (SLCGP) or Tribal Cybersecurity Grant Program (TCGP), you likely already know that building out a comprehensive cybersecurity plan is a required element in the process. If you’ve already submitted your application for fiscal year 2022 funding, you have until the end of September 2023 to submit your cybersecurity plan.

Enhance SOC workflows with Elastic Security and Recorded Future threat intelligence

Security teams today need to analyze vast amounts of data from various sources, including endpoints, cloud, applications, and user activity, just to mention a few. At the same time, adversary activity is also on the rise and the threat landscape is becoming more and more complex every day. Further exacerbating the situation, security teams are strapped for resources and unable to analyze the enormous amounts of data and security alerts they receive in real time.

US National Security Deep Dive Pillars 2 and 3: Dismantle Threats and Shape Market Forces

Last time we looked at The US National Security Strategy Pillar 1: Defend Critical Infrastructure. Today, we are looking at Pillar 2: Disrupt and Dismantle Threat Actors and Pillar 3: Shape Market Forces to Drive Security Resilience. Preventing the attacks in Pillar 1 would not be necessary if the attackers were taken off the board.

How using Cloud SIEM dashboards and metrics for daily standups improves SOC efficiency

When we talk about emerging technologies and digitization, we often forget that while innovators work to bring the best solutions to market, cybersecurity gurus are concurrently working to identify loopholes and vulnerabilities in these new systems. Gone are the days when cyber attacks were monthly news; instead, they happen almost daily.

Beyond the build: Why runtime security is critical for container protection

Containers and microservices have changed the game: They allow organizations to ship apps faster and make better use of hardware. They encourage modular software design. And containers help teams embrace the cloud-native paradigms of scalability, mobility, and resilience. It’s safe to say that containers have shaken things up.