Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

SIEM

The latest News and Information on Security Incident and Event Management.

UEBA & SIEM: How They Differ & Work Together

Are your cybersecurity tools working together effectively? UEBA (User Entity Behavior Analytics) and SIEM (Security Information and Event Management) are two of the most potent cybersecurity solutions in modern organizations, but they serve very different purposes. UEBA identifies risky behaviors, while SIEM collects and analyzes security data across your network.

How AI will impact cybersecurity: the beginning of fifth-gen SIEM

The power of artificial intelligence (AI) and machine learning (ML) is a double-edged sword — empowering cybercriminals and cybersecurity professionals alike. AI, particularly generative AI’s ability to automate tasks, extract information from vast amounts of data, and generate communications and media indistinguishable from the real thing, can all be used to enhance cyberattacks and campaigns.

CrowdStrike Falcon Next-Gen SIEM Unveils Advanced Detection of Ransomware Targeting VMware ESXi Environments

CrowdStrike Falcon Next-Gen SIEM, the definitive AI-native platform for detecting, investigating and hunting down threats, enables advanced detection of ransomware targeting VMware ESXi environments. CrowdStrike has observed numerous eCrime actors exploiting ESXi infrastructure to encrypt virtual machine volumes from the hypervisor to deploy ransomware in organizations. Access to ESXi infrastructure typically takes place as part of lateral movement.

Top 5 Myths About API Security and What To Do Instead

Discover the top five myths about API security and learn the effective strategies for protecting your digital assets. Understand why attacks are common, the limitations of perimeter security, and the importance of a zero trust model in this comprehensive overview. Uncover the realities of API security, from the prevalence of attacks to the challenges of relying on perimeter defenses. Learn why a zero trust approach and better developer engagement are key to robust API protection.

Zero Trust requires unified data

It’s vital to have a common understanding and shared context for complex technical topics. The previously adopted perimeter model of security has become outdated and inadequate. Zero Trust (ZT) is the current security model being designed and deployed across the US federal government. It’s important to point out that ZT is not a security solution itself. Instead, it’s a security methodology and framework that assumes threats exist both inside and outside of an environment.

Graylog V6 and SOC Prime: Cyber Defense with MITRE Framework Webinar

Insights from Graylog and SOC Prime Join us for an exclusive session where we unveil the integrations between Graylog, a comprehensive log management solution, and SIEM, and SOC Prime’s Platform for collective cyber defense. Discover how integrating these solutions transforms your approach to security, providing a robust foundation for crisis management and resilience against cyber threats.

Elastic Security | AI Assistant Demo

Elastic AI Assistant can provide real-time, personalized alert insights — empowering security teams to stay one step ahead in the ever-evolving threat landscape. With the power of large language models (LLMs), the AI Assistant can process multiple alerts simultaneously, offering an unprecedented level of insight and customization. You can interact with your data by asking complex questions and receiving context-aware responses tailored to your needs. Watch this demo from James Spiteri, Director of Product Management at Elastic to see what's new in the Elastic AI Assistant in Elastic Security 8.12.

Three Ways To Remove Complexity in TDIR

Gartner identified security technology convergence as one of the key trends both in 2022 and 2023 as a necessity to remove complexity in the industry. Especially for Threat Detection and Incident Response (TDIR), simplification continues to resonate with cyber teams overwhelmed by too many tools and the continuous cutting and pasting from one tool to another.

The Ultimate Guide to Sigma Rules

In cybersecurity as in sports, teamwork makes the dream work. In a world where security analysts can feel constantly bombarded by threat actors, banding together to share information and strategies is increasingly important. Over the last few years, security operations center (SOC) analysts started sharing open source Sigma rules to create and share detections that help them level the playing field.

Tracing history: The generative AI revolution in SIEM

The cybersecurity domain mirrors the physical space, with the security operations center (SOC) acting as your digital police department. Cybersecurity analysts are like the police, working to deter cybercriminals from attempting attacks on their organization or stopping them in their tracks if they try it. When an attack occurs, incident responders, akin to digital detectives, piece together clues from many different sources to determine the order and details of events before building a remediation plan.