Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Latest News

The Linux process and session model as part of security alerting and monitoring

The Linux process model, available within Elastic, allows users to write very targeted alerting rules and gain deeper insight into exactly what is happening on their Linux servers and desktops. In this blog, we will provide background on the Linux process model, a key aspect of how Linux workloads are represented.

Weaponizing paranoia: developing a threat detection strategy

Nowadays, it’s mostly a foregone conclusion that companies need a security program and centralized log aggregation and correlation platform. Unfortunately, the conversation all too often turns toward tactics for data collection and detection of specific threat actors or common vulnerabilities and exposures (CVEs).
Sponsored Post

Are disconnected RDP sessions ticking time bombs in your network?

I think we’ve all been there before – you log on to a server remotely via RDP, and do the needful – but don’t immediately log off. But then you get distracted by a phone call, an email, a chat, or a good old-fashioned physical interaction with another human being. So when it comes time clock out for the night, you shut down your computer or log off. Or maybe you’ve been working on a laptop and your VPN got interrupted.

Cyber Security Tips for the Easter Holidays

The shortage of staff creates an urgency for organizations to have cyber security plans. For example, in 2021, the planned Kaseya ransomware attack happened on the 4th of July. Russian hackers knew there would be a staff shortage in the US. They used the company’s software to infiltrate the victims’ systems, using a zero-day vulnerability. As a result, the attack caused significant financial loss to 50 direct customers, and between 800 and 1,500 businesses down the chain.

Why you need both SIEM and SOAR to improve SOC efficiencies and increase effectiveness

Security professionals involved in the IT and cybersecurity industry for the last 10+ years have most likely come across the terms SIEM and recently SOAR, but there is still much confusion about what the specific use cases and purposes are. So, are these tools the same thing? Do security teams need one, the other, or both within their security operation center (SOC) infrastructure?

Protect your AWS workloads using Elastic Security

It’s no secret that cloud service providers like AWS, Google Cloud, and Azure give teams incredible power and flexibility when it comes to delivering great solutions and user experiences to a global customer base. Leveraging the power of one or more clouds is often seen as a critical competency for an organization to succeed.

Automated Vulnerability Scan To Protect Your Business

A vulnerability scan is an automated process that identifies vulnerabilities (security holes) in any software, operating system, or network that bad actors can exploit. In essence, it’s an integral component of vulnerability management focused on protecting businesses from breaches and the exposure of sensitive data.

Multi-tenant Cloud Architecture

Today organizations have been able to recognize over the years the benefits of implementing a Cloud-based SIEM Service in terms of scalability, cost, and security. However, before operating in the cloud, you should know what architecture you need to adopt to protect your business and your customers’ data. Intending to help you implement a cost-effective SaaS SIEM Service, we share the advantages of multi-tenant over a single-tenant cloud architecture.

Elastic Protects Against Ransomware and Linux Threats in MITRE Engenuity Round 4 Eval

That’s right all, it’s time for the latest MITRE Engenuity ATT&CK® evaluation. As we have come to expect each year, Elastic — along with other security vendors — are evaluated by MITRE Engenuity, a tech foundation that brings MITRE research to the public. The evaluation focuses on emulating techniques from the MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework to assess vendor protection capabilities.