Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Today, connected vehicles are proliferating, smart cities are translating from vision to reality, and cloud-based connectivity services are increasing. Advanced connectivity solutions like 5G, cloud-based services and automations, and personalized experiences are redefining in-vehicle experiences. In addition, the growth of an intelligent Edge, smart infrastructure, and the Internet of Things are pushing the boundaries of the connected car.

The Linux process model, available within Elastic, allows users to write very targeted alerting rules and gain deeper insight into exactly what is happening on their Linux servers and desktops. In this blog, we will provide background on the Linux process model, a key aspect of how Linux workloads are represented.

Nowadays, it’s mostly a foregone conclusion that companies need a security program and centralized log aggregation and correlation platform. Unfortunately, the conversation all too often turns toward tactics for data collection and detection of specific threat actors or common vulnerabilities and exposures (CVEs).

I think we’ve all been there before – you log on to a server remotely via RDP, and do the needful – but don’t immediately log off. But then you get distracted by a phone call, an email, a chat, or a good old-fashioned physical interaction with another human being. So when it comes time clock out for the night, you shut down your computer or log off. Or maybe you’ve been working on a laptop and your VPN got interrupted.

Security professionals involved in the IT and cybersecurity industry for the last 10+ years have most likely come across the terms SIEM and recently SOAR, but there is still much confusion about what the specific use cases and purposes are. So, are these tools the same thing? Do security teams need one, the other, or both within their security operation center (SOC) infrastructure?

It’s no secret that cloud service providers like AWS, Google Cloud, and Azure give teams incredible power and flexibility when it comes to delivering great solutions and user experiences to a global customer base. Leveraging the power of one or more clouds is often seen as a critical competency for an organization to succeed.

A vulnerability scan is an automated process that identifies vulnerabilities (security holes) in any software, operating system, or network that bad actors can exploit. In essence, it’s an integral component of vulnerability management focused on protecting businesses from breaches and the exposure of sensitive data.

Today organizations have been able to recognize over the years the benefits of implementing a Cloud-based SIEM Service in terms of scalability, cost, and security. However, before operating in the cloud, you should know what architecture you need to adopt to protect your business and your customers’ data. Intending to help you implement a cost-effective SaaS SIEM Service, we share the advantages of multi-tenant over a single-tenant cloud architecture.

If you haven't heard the gospel of risk-based alerting (RBA) in a SIEM context, by the end of this sermon you'll see why you’ll want it running in your environment yesterday, whether you're an analyst, an engineer, or in leadership.