Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SIEM

The latest News and Information on Security Incident and Event Management.

CrowdStrike Falcon Next-Gen SIEM's First Year Transforming the SOC

There are rare moments when technology doesn’t just improve — it leaps forward, leaving behind everything we once thought was enough. The launch of CrowdStrike Falcon Next-Gen SIEM was one of those moments. It’s a game-changer that alters the way security teams think, operate and stop breaches.

Detect malicious activity in Google Workspace apps with Datadog Cloud SIEM

Google Workspace is a popular productivity suite, and its broad collection of apps (such as Gmail, Drive, Calendar, and Docs) can give attackers a central point of entry for accessing sensitive and valuable data if they compromise an account. Learning how to identify malicious activity in your Workspace environment enables you to stop threats before they become more serious. In this post, we’ll look at a few ways attackers gain access to and take advantage of Google Workspace.

Add more context to Cloud SIEM detections and investigations with Datadog Reference Tables

A primary goal for security teams is identifying specific threats to their environment, but they often face the daunting task of reviewing vast amounts of log data and alerts. Even with well-crafted detection rules, sifting through irrelevant data to pinpoint essential details for an investigation can be a significant challenge. This not only prolongs investigation times but also increases the risk of overlooking critical information.

Seamless API Threat Detection and Response: Integrating Salt Security and CrowdStrike NG-SIEM

APIs are essential for modern digital business operations, enabling smooth connectivity and data exchange between applications. However, the growing dependence on APIs has unintentionally widened the attack surface, making strong API security a vital concern for organizations. Traditional security measures often prove inadequate in effectively safeguarding this changing landscape.

Elastic Security is a top performer in the latest AV-Comparatives Business Test

Delivering exceptional performance and protection in rigorous evaluations Elastic Security has achieved remarkable results in the recent AV-Comparatives Business Security Test. This independent assessment underscores our commitment to providing world-class malware protection.

Early Identification of Comprised Systems: Hybrid Threat Detection with the Magic of DNS

In today’s rapidly evolving threat landscape, the ability to detect and neutralize threats before they inflict damage is critical. This session will showcase how combining multiple log collection strategies can supercharge your threat detection capabilities. By merging traditional DNS logs from your domain controllers with DNS alerts from Cisco Umbrella, you'll gain unprecedented insight into compromised systems at the earliest stages of an attack.

To Log or Not to Log, That WAS the Question: Rethinking Data Management with Graylog

Organizations have grappled with the cost-benefit tradeoff of log management and Security Information and Event Management (SIEM) for decades. Do you capture every log at the risk of overwhelming storage, infrastructure, and license costs, or limit your collection and gamble on what’s truly important? The high costs imposed by traditional vendors have dictated Sophie’s choice, forcing enterprises into a game of compromise that risks the entire organization’s security.

Strategies for Building a Strong SOC Team and Developing Analysts

Building a strong SOC doesn’t happen overnight. It requires strategic planning, smart hiring, and a long-term vision. This is especially true when it comes to the bedrock of any successful SOC: its analysts. SOC managers play a crucial role in building, mentoring, and developing analysts to ensure the SOC is resilient and effective. If you’re a SOC manager, here are some strategies for building a strong SOC team.

Unique approaches to MITRE ATT&CK-make the most of its potential

Cybersecurity frameworks often feel as exciting as tax codes and instruction manuals, useful but not exactly captivating. Yet, the MITRE ATT&CK framework has managed to capture the attention of security professionals worldwide by mapping out adversary tactics, techniques, and procedures (TTPs). Many organizations don’t operationalize MITRE ATT&CK’s potential fully, using the framework in predictable ways. But it doesn’t have to be that way.

Telemetry: What It Is and How it Enables Security

If you have ever built a LEGO set, then you have a general idea of how telemetry works. Telemetry starts with individual data points, just like your LEGO build starts with a box of bricks. In complex IT environments, your security telemetry is spread across different technologies and monitoring tools, just like in a large build your LEGO bricks come separated into smaller, individually numbered bags. In both cases, the individual bricks or data points aren’t special.