Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

I'm a former nation-state exploiter - here's why I know Open Security is our best defense

No single organization is prepared to stop an attack from a nation-state Not so long ago, I woke up every morning focused on one thing: finding and exploiting vulnerabilities. During my 10 years working for the U.S. National Security Agency (NSA), my single objective was to identify and exploit networks to collect foreign intelligence. I was fortunate to work alongside the world’s best professional vulnerability and exploit developers. My time serving my government was formative and humbling.

Graylog Security Anomaly Detection: Metrics Ease the Workload

Everything that makes employees’ lives easier, makes yours harder. Detecting insider threats — both employees and cybercriminals pretending to be employees — has never been more difficult or more important. The cloud technologies that make everyone else more efficient make security less efficient. They’re noisy. They send a lot of alerts. You’re tired. You’re overworked. You’re overloaded.

Why MSPs need to Reconsider SIEM for Office 365 Security

In 2005, a new market emerged when Gartner coined the term "SIEM" OR Security and Information Event Management. Back then, it was a legacy system aggregating event data produced by security devices, systems, network infrastructures and applications. However, it lacked monitoring functionality and was limited to vertical scalability.

Driving quantified success with Elastic Security

Insights from the 2022 Results That Matter study “88% of boards regard cybersecurity as a business risk rather than solely a technical IT problem.”1 Regardless of geography, industry, sector, or use cases, most would agree that reducing risk is a top priority for their organization. Whether it’s decreasing phishing scams, ransomware, and malware attacks or reducing the risk of customer churn due to breaches, security is everyone’s concern.

Introducing Devo Connect, Your New Online Community

For many people, cybersecurity is merely a necessary business function. But that’s not how our customers see it. For you, cybersecurity is an ever-escalating arms race involving sophisticated operators and uncounted moving parts where a single mistake can cause an avalanche of problems. Cybersecurity isn’t just your job, it’s your life. You are on the front lines, responsible for protecting your organization in a high-pressure environment every day.

The power of XDR - Stay ahead of the curve - Presentation

At this year’s InfoSec conference hosted by Computer 2000, LogSentinel presented – “The power of XDR-stay ahead of the curve” Asen Kehayov CEO and Nikolay Raychev CTO presented in depth the XDR trend in cybersecurity and how LogSentinel SIEM accommodates conceptual architecture and improves the industry vision of XDR.

Continued leadership in open and transparent security

Elastic Security has long been open — with open source roots, open development, and the release of our SIEM in 2019. In 2020, we further embraced the openness of Elastic and released our open detection-rules repo to collaborate with our users and be transparent about how we protect customers. That repo is focused on our SIEM and Security Analytics use cases and did not yet include Elastic Endpoint Security artifacts.

Centralized Log Management for Data Exfiltration

Remote workforce models don’t look like they’re going anywhere anytime soon. While your employees need to collaborate, you need to make sure that you mitigate data breach risks. You worked diligently over the last few years to put the right access controls in place. The problem? Data breaches aren’t always threat actors and are not always malicious.

KNOTWEED Assessment Summary

On July 27, 2022, Microsoft Threat Intelligence Center (MSTIC) disclosed a private-sector offensive actor (PSOA) that is using 0-day exploits in targeted attacks against European and Central American victims. MSTIC and others are tracking this activity group as KNOTWEED. PSOAs sell hacking tools, malware, exploits, and services. KNOTWEED is produced by the PSOA named DSIRF.

Use new Cloud SIEM Entity Groups to make threat response more efficient

Security analysts and administrators need every advantage to keep up with prioritizing and investigating alerts. A SIEM (security information and event management) solution helps uncover threats, but it takes a lot of time assigning and updating tags, criticality, and signal suppression. Sometimes users opt to skip the step altogether, especially if there are a lot of entities to add or update at once. Other times, they introduce errors during this manual step.