Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A lot has changed since Sumo Logic last gave our two cents on how to secure Office 365. In the meantime, Office 365 has become Microsoft 365 (M365), and Sumo has continued evolving and expanding its security offering. Today’s threat actor is adept at compromising M365 accounts through various methods. Stealing credentials through phishing email campaigns and brute-force attacks has become commonplace.

As digital transformation expands the threat landscape, compliance mandates adapt to meet new challenges. In 2020, the European Commission announced its decision to accelerate its revision of the Directive on Security of Network and Information Systems (NIS2). When carrying out its impact assessment, the Commission realized that it needed to update the NIS Directive in response to new risks.

In computing, an audit log is a record of an event. An event is any significant action that impacts the hardware or software of a computer – anything from a mouse click to a program error. Besides documenting which resources were accessed and what for, an audit file system will also include the source and destination addresses, the timestamp, and the user ID information.

With the rapid expansion in both scale and variety of technologies in modern business systems, there comes a need to further secure those technologies to prevent nefarious actors from causing havoc. The expanding data landscape creates a much larger attack surface for bad actors to exploit, and as a result leaves many organizations at risk from theft, fraud or other undesirable behavior.

Event correlation tools are a fundamental instrument in your toolbox to detect threats from all sources across your organization in real time. A wise use of the right event correlation techniques through log management and analysis is the cornerstone of any reliable security information and event management (SIEM) strategy – a strategy that focuses on prevention rather than reaction.

Vulnerability management (VM) is a challenging task. Of the three pillars of people, process, and technology, it is the latter that we have the most control over and that can make the greatest impact. We recognize that technology alone is not sufficient and must be accompanied by strong processes and skilled personnel. However, the right technology can greatly facilitate and improve the effectiveness of our vulnerability management efforts.

The Sumo Logic Threat Labs team previously outlined the risks associated with unprotected cloud credentials found on Windows endpoints. This article builds on that work by providing detection and hunting guidance in the context of endpoints that run the Linux operating system. Although workloads that support business functionality are increasingly moving to the cloud, these workloads are often managed through an endpoint that is often found on premises.

The decision to buy a Security Information and Event Management (SIEM) product or outsource to a Managed Detection and Response (MDR) service depends on a number of factors, including the size of your organization, the complexity of your IT infrastructure, and your overall security needs.

Free and open access is one of the core principles upon which Elastic was originally built and continues to operate. Our products are free to use, and much of our code is accessible in public source code repositories. In recent years, this commitment to transparency and availability has extended to our security offerings.