%term

The latest News and Information on Security Incident and Event Management.

Fortifying Your Inbox: Advanced Email Security with Check Point & LevelBlue

Nov 27, 2025 By LevelBlue In LevelBlue

As email-based cyberattacks surge, security teams are struggling to stay ahead of increasingly sophisticated phishing, Business Email Compromise (BEC), and AI-driven social engineering. With attackers exploiting platforms like Microsoft 365, Google Workspace, OneDrive, and SharePoint, organizations face growing pressure to strengthen protection, visibility, and compliance.

View Video

LevelBlue

Read more about Fortifying Your Inbox: Advanced Email Security with Check Point & LevelBlue

MCP ROI in a New Era of AI Orchestrated Threats

Nov 26, 2025 By The Graylog Team In Graylog

Security leaders spent most of the past year testing AI driven security automation. Many discovered that the promise of fully autonomous SOC operations collided with the reality of hallucinations, opaque recommendations, and inconsistent outcomes. McKinsey research now shows that more than 80 percent of organizations have not realized meaningful results from gen AI programs.

Read Post

Graylog

Read more about MCP ROI in a New Era of AI Orchestrated Threats

Rehydrate archived logs in any SIEM or logging vendor with Observability Pipelines

Nov 26, 2025 By Zara Boddula In Datadog

Security and observability teams generate terabytes of log data every day—from firewalls, identity systems, and cloud infrastructure, in addition to application and access logs. To control SIEM costs and meet long-term retention requirements, many organizations archive a significant portion of this data in cost-optimized object storage such as Amazon S3, Google Cloud Storage, and Azure Blob Storage.

Read Post

Datadog

Read more about Rehydrate archived logs in any SIEM or logging vendor with Observability Pipelines

Detecting SHA1-Hulud: the logs must flow

Nov 26, 2025 By Daniel Kaiser In Sumo Logic

Sha1-Hulud has burrowed back into our lives, spreading rapidly and causing more destruction than ever. Named after the famous worm from the Dune franchise, this attack is also impacting global organizations. Since its first widescale spread on September 16, 2025, this worm has demonstrated its ability to propagate rapidly with high impact using the following techniques: This variant includes some new behavior, including.

Read Post

Sumo Logic

Read more about Detecting SHA1-Hulud: the logs must flow

5 Signs You've Outgrown Your Open-Source SIEM

Nov 25, 2025 By Jeff Darrington In Graylog

The evolution of your security stack is similar to the different phases of buying cars. In the beginning, you just need enough to transport a few items, maybe yourself and a few friends. The inexpensive two-door hatchback is perfect. However, as your family grows, whether with small humans or pets, you increasingly need more space and more capacity, leading to purchasing a four-door sedan or, even, a mini-van.

Read Post

Graylog

Read more about 5 Signs You've Outgrown Your Open-Source SIEM

Ep 19: The atomic habits of cybersecurity professionals

Nov 25, 2025 By Sumo Logic, Inc. In Sumo Logic

In this Masters of Data episode, we welcome back Zoe Hawkins and Roland Palmer to discuss building better security practices through small, incremental improvements personally and professionally. We emphasize regularly auditing security policies to avoid unnecessary friction that forces workarounds, treating security as sociology rather than just technology. We cover practical approaches like habit-stacking, weekly business reviews, staying informed about threats through intentional news consumption, and developing cognitive humility with security prompts.

View Video

Sumo Logic

Read more about Ep 19: The atomic habits of cybersecurity professionals

Mastering Dojo AI: How Agentic Intelligence Transforms SecOps - Customer Brown Bag - Nov 20th, 2025

Nov 21, 2025 By Sumo Logic, Inc. In Sumo Logic

Join us as Chas and Christopher review Sumo Logic's Dojo AI, our multi-agent platform designed to power proactive security and modern incident response.

View Video

Sumo Logic

Read more about Mastering Dojo AI: How Agentic Intelligence Transforms SecOps - Customer Brown Bag - Nov 20th, 2025

How to Use Data Lakes to Reduce SIEM Costs and Strengthen Investigations

Nov 21, 2025 By The Graylog Team In Graylog

Most teams think of data lakes as cold storage. A long-term archive. A place to keep logs “just in case” while budgets tighten and ingest volumes rise. Functional, sure. But limited. The traditional data lake keeps everything, helps occasionally, and rarely fits the way analysts work. Graylog approaches the data lake differently. In Graylog 7.0, the data lake is not a warehouse. It is a pressure release valve for teams overwhelmed by storage cost, investigation delays, and cloud data sprawl.

Read Post

Graylog

Read more about How to Use Data Lakes to Reduce SIEM Costs and Strengthen Investigations

You can't secure what you can't see: Why AgentCore logs matter

Nov 20, 2025 By David Girvin In Sumo Logic

AI agents are finally moving past cute demos and into actual production workflows. With AWS AgentCore, teams can build agents that write tickets, call APIs, deploy infrastructure, invoke external tools, and make changes faster than any human operator ever could. That’s powerful, but it also introduces a brand-new operational and security surface. And here’s the uncomfortable truth: most organizations have no idea what their agents are actually doing. Agentic AI isn’t magic.

Read Post

Sumo Logic

Read more about You can't secure what you can't see: Why AgentCore logs matter

Why your security analytics needs proactive threat hunting

Nov 19, 2025 By Christopher Beier and Janet Alexander In Sumo Logic

Even the mightiest and most prestigious companies and enterprises are not exempt from the sophisticated threats posed by cyber attackers. Your security team needs robust security measures for network security, endpoint security, threat detection, anomaly detection, data protection, security monitoring, application security and information security.

Read Post