Microlesson: Cloud SIEM Entities
Learn what Cloud SIEM Entities are and how they're used to generate Insights.
Security | Threat Detection | Cyberattacks | DevSecOps | Compliance
The Latest Cybersecurity News & Insights From Around The World
The latest News and Information on Security Incident and Event Management.
Detecting Exploitation of CVE-2021-44228 (log4j2) with Elastic Security
To understand how Elastic is currently assessing internal risk of this vulnerability in our products please see the advisory here.
Elastic Security was recognized as a Customers' Choice in 2021 Gartner Peer Insights 'Voice of Customer': SIEM Report
Elastic has been recognized as a Customers’ Choice in the 2021 Gartner Peer Insights ‘Voice of the Customer’: Security Incident and Event Management (SIEM) report with an overall rating of 4.6 out of 5 based on 51 reviews as on November 25, 2021. The report combines the feedback and experiences of more than 51 Elastic Security customers on Gartner Peer Insights™. Elastic’s Willingness to Recommend score was 98% — the highest of all vendors included in the report.
Cloud SIEM Live Demo - Mumbai
Cloud-scale analytics and automation for SecOps professionals.
Accelerate security operations today and tomorrow with automation and AI
While we are a long way from implementing Skynet, using machine learning combined with automation to make real-time decisions is here. In a recent talk at Sumo Logic Illuminate, Dave Frampton, General Manager of Cloud SIEM and Security Analytics, discusses the future of security with Vijaya Kaza, Head of Engineering and Data Science for Trust & Safety and Chief Security Officer at Airbnb. Kaza describes how automation, machine learning and AI can strengthen a company's overall security posture.
Elastic Security 7.16: Accelerate SecOps with the most powerful Elastic Security yet
In Elastic Security 7.16, multiple new out-of-the-box data integrations for Elastic Agent streamline data ingestion and normalization, powering security operations. The release also introduces full production support for several existing data integrations. Version 7.16 introduces an expanded set of malicious behavior protections, addressing methods related to initial access, privilege escalation, and defense evasion.
Detecting and blocking unknown KnownDlls
This is the second in a two-part series discussing a still-unpatched userland Windows privilege escalation. The exploit enables attackers to perform highly privileged actions that typically require a kernel driver. Part 1 of this blog series showed how to block these attacks via ACL hardening. If you haven’t already, please read the first part of this series, because it lays an important foundation for this article. Interested readers can also check out the excellent Unknown Known DLLs...
Announcing new Sumo Logic AWS security Quick Start integrations
We’re excited to announce updates to Sumo Logic AWS Quick Start Integrations that enable customers to automate the integration of AWS Security Reference Architecture within Sumo Logic Cloud SIEM powered by AWS. The new integrations automate the collection, ingestion, and analysis of applications, infrastructure, security, and IoT data to derive actionable insights for security engineering teams.
Microlesson: Threat Investigation with Context Actions in Cloud SIEM
Learn how to use the Context Actions button to deepen your investigation in Cloud SIEM.
Microlesson: Forward data from Sumo Logic to Cloud SIEM
Learn how to forward the data you're already collecting in Sumo Logic to use in Cloud SIEM's Insight generation.