At the global level, there is enough demand for security information and event management services to generate more than $4 billion every single year. Over the next several years, experts, predict that this industry will continue to grow at a rate of more than 5% each year.

Proactive event notification is one of the most valuable components of centralized log management and SIEM. It allows us to identify problems, misconfigurations, and potential security risks at an early stage. One of the ways we can improve event notification within Graylog is through the use of Lookup Tables.

Our SOC Performance Report found that it takes an average of seven months to fill open SOC positions, and 55% of those doing the hiring are struggling to find qualified staff. As a result, SOC resources are strained, putting the team at risk for fatigue and burnout, which can cause them to miss critical alerts. Research has shown this is a widespread issue, too, as most SOCs waste an average of 10,000 hours annually validating unreliable and incorrect alerts.

Cyber attacks are becoming more frequent, targeted, and complex. When it comes to sophisticated attacks, one of the most commonly seen tactics is Lateral Movement. During lateral movement, many attackers try impersonating a legitimate user by abusing admin tools (e.g., SMB, SAMBA, FTP, WMI, WinRM, and PowerShell Remoting) to move laterally from system to system in search of sensitive information.

If your company is like many others, it probably invested heavily in the Microsoft ecosystem. Microsoft has been around since the 1980s, focusing primarily on business technologies. It has a reputation for compatibility which gives you more purchasing options across devices and accessories. Unfortunately, this reach across corporate IT environments means that malicious actors target everything associated with Microsoft.

How to Create an IP Search Activeboard How to Add More Data How to Create a User Search Activeboard Having the ability to easily visualize and analyze security data is key to being able to quickly spot and thwart bad actors. Devo provides an easy way to do this with Devo Activeboards, an intuitive, interactive way to visualize data being ingested into the Devo Platform. Activeboards can be used to assist analysts in incident response (IR) or threat hunting activities. How?

As the US Department of Defense’s (DoD’s) Software Modernization Strategy is put into place, agility, cloud adoption, and the software-factory methodology are top of mind. But according to a new study from the Hudson Institute, the DoD’s current approach to software and software updates isn’t fast enough to keep pace with modern warfare.

In 2022, generative AI has gone mainstream, but what many don’t know is that generative models can also have a dark side, they have given rise to a new breed of cyber attacks. These attacks exploit the defining property of generative models—their ability to generate plausible new examples of some type of data, to synthesize passwords or fingerprints to break authentication, to masquerade malware as harmless software to avoid detection, and much more.

Open source security tools are no longer experimental or only used by hobbyists. They protect some of the largest global enterprises and critical digital infrastructure. This evolution occurred more rapidly than anyone imagined or predicted.

For today’s remote workforce, security professionals need technical security awareness education distinct from the rest of the company’s “don’t click a phishing link” training. Security analysts know how to recognize phishing emails and set secure passwords. However, where does that leave them when it comes to security awareness?